admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-12-28 00:00:41 +00:00
parent 1b93067716
commit 1f1b91a078
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
8 changed files with 372 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2021/40xxx/CVE-2021-40393.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1404",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1404"
},
{
"refsource": "DEBIAN",
"name": "DSA-5306",
"url": "https://www.debian.org/security/2022/dsa-5306"
}
]
},

5
2021/40xxx/CVE-2021-40394.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1404",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1404"
},
{
"refsource": "DEBIAN",
"name": "DSA-5306",
"url": "https://www.debian.org/security/2022/dsa-5306"
}
]
},

5
2021/40xxx/CVE-2021-40401.json
View File

@ -53,6 +53,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2022-4a3ef86baa",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUM5GIUZJ7AVHVCXDZW6ZVCAPV2ISN47/"
},
{
"refsource": "DEBIAN",
"name": "DSA-5306",
"url": "https://www.debian.org/security/2022/dsa-5306"
}
]
},

5
2021/40xxx/CVE-2021-40403.json
View File

@ -53,6 +53,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2022-e819bd191f",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PTGBC37N2FV7NKOWFVCFMPAFYEPHSB7C/"
},
{
"refsource": "DEBIAN",
"name": "DSA-5306",
"url": "https://www.debian.org/security/2022/dsa-5306"
}
]
},

90
2022/23xxx/CVE-2022-23544.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-23544",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.0 are subject to a Server-Side Request Forgery that leads to Cross-Site Scripting. A Server-Side request forgery in `IssueProxyResourceService::getMdImageByUrl` allows an attacker to access internal resources, as well as executing JavaScript code in the context of Metersphere's origin by a victim of a reflected XSS. This vulnerability has been fixed in v2.5.0. There are no known workarounds."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918: Server-Side Request Forgery (SSRF)",
"cweId": "CWE-918"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "metersphere",
"product": {
"product_data": [
{
"product_name": "metersphere",
"version": {
"version_data": [
{
"version_value": "< 2.5.0",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/metersphere/metersphere/security/advisories/GHSA-vrv6-cg45-rmjj",
"refsource": "MISC",
"name": "https://github.com/metersphere/metersphere/security/advisories/GHSA-vrv6-cg45-rmjj"
},
{
"url": "https://github.com/metersphere/metersphere/commit/d0f95b50737c941b29d507a4cc3545f2dc6ab121",
"refsource": "MISC",
"name": "https://github.com/metersphere/metersphere/commit/d0f95b50737c941b29d507a4cc3545f2dc6ab121"
}
]
},
"source": {
"advisory": "GHSA-vrv6-cg45-rmjj",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}

99
2022/41xxx/CVE-2022-41966.json
View File

@ -1,17 +1,108 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-41966",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code implementation for collections and maps to force recursive hash calculation causing a stack overflow. This issue is patched in version 1.4.20 which handles the stack overflow and raises an InputManipulationException instead. A potential workaround for users who only use HashMap or HashSet and whose XML refers these only as default map or set, is to change the default implementation of java.util.Map and java.util per the code example in the referenced advisory. However, this implies that your application does not care about the implementation of the map and all elements are comparable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')",
"cweId": "CWE-120"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-502: Deserialization of Untrusted Data",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "x-stream",
"product": {
"product_data": [
{
"product_name": "xstream",
"version": {
"version_data": [
{
"version_value": "< 1.4.20",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv",
"refsource": "MISC",
"name": "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv"
},
{
"url": "https://x-stream.github.io/CVE-2022-41966.html",
"refsource": "MISC",
"name": "https://x-stream.github.io/CVE-2022-41966.html"
}
]
},
"source": {
"advisory": "GHSA-j563-grx4-pjpv",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
]
}

81
2022/41xxx/CVE-2022-41967.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-41967",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Dragonfly is a Java runtime dependency management library. Dragonfly v0.3.0-SNAPSHOT does not configure DocumentBuilderFactory to prevent XML external entity (XXE) attacks. This issue is patched in 0.3.1-SNAPSHOT. As a workaround, since Dragonfly only parses XML `SNAPSHOT` versions are being resolved, this vulnerability may be avoided by not trying to resolve `SNAPSHOT` versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611: Improper Restriction of XML External Entity Reference",
"cweId": "CWE-611"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HyperaDev",
"product": {
"product_data": [
{
"product_name": "Dragonfly",
"version": {
"version_data": [
{
"version_value": ">= 0.3.0-SNAPSHOT, < 0.3.1-SNAPSHOT",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/HyperaDev/Dragonfly/security/advisories/GHSA-6x3m-96qp-mmxv",
"refsource": "MISC",
"name": "https://github.com/HyperaDev/Dragonfly/security/advisories/GHSA-6x3m-96qp-mmxv"
},
{
"url": "https://github.com/HyperaDev/Dragonfly/commit/9661375e1135127ca6cdb5712e978bec33cc06b3",
"refsource": "MISC",
"name": "https://github.com/HyperaDev/Dragonfly/commit/9661375e1135127ca6cdb5712e978bec33cc06b3"
}
]
},
"source": {
"advisory": "GHSA-6x3m-96qp-mmxv",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
}
]
}

94
2022/4xxx/CVE-2022-4773.json Normal file
View File

@ -0,0 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-4773",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in cloudsync. Affected by this vulnerability is the function getItem of the file src/main/java/cloudsync/connector/LocalFilesystemConnector.java. The manipulation leads to path traversal. It is possible to launch the attack on the local host. The name of the patch is 3ad796833398af257c28e0ebeade68518e0e612a. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216919. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
},
{
"lang": "deu",
"value": "** UNSUPPPORTED WHEN ASSIGNED **In cloudsync wurde eine problematische Schwachstelle entdeckt. Hierbei betrifft es die Funktion getItem der Datei src/main/java/cloudsync/connector/LocalFilesystemConnector.java. Durch Beeinflussen mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Der Patch wird als 3ad796833398af257c28e0ebeade68518e0e612a bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Path Traversal",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "cloudsync",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.216919",
"refsource": "MISC",
"name": "https://vuldb.com/?id.216919"
},
{
"url": "https://vuldb.com/?ctiid.216919",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.216919"
},
{
"url": "https://github.com/HolgerHees/cloudsync/commit/3ad796833398af257c28e0ebeade68518e0e612a",
"refsource": "MISC",
"name": "https://github.com/HolgerHees/cloudsync/commit/3ad796833398af257c28e0ebeade68518e0e612a"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 2.5,
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 2.5,
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "LOW"
}
]
}
}