admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-11-04 01:00:34 +00:00
parent 995b5c55a6
commit 1fdd49ab27
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
27 changed files with 1135 additions and 1116 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

135
2021/36xxx/CVE-2021-36906.json
View File

@ -1,45 +1,12 @@
{
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-10-21T19:01:00.000Z",
"ID": "CVE-2021-36906",
"STATE": "PUBLIC",
"TITLE": "WordPress Quiz And Survey Master plugin <= 7.3.6 - Multiple Insecure direct object references (IDOR) vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Quiz And Survey Master (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 7.3.6",
"version_value": "7.3.6"
}
]
}
}
]
},
"vendor_name": "ExpressTech"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Vlad Vector (Patchstack)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2021-36906",
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -48,25 +15,6 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
@ -79,27 +27,78 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ExpressTech",
"product": {
"product_data": [
{
"product_name": "Quiz And Survey Master (WordPress plugin)",
"version": {
"version_data": [
{
"version_value": "<= 7.3.6",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/quiz-master-next/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/quiz-master-next/#developers"
"url": "https://wordpress.org/plugins/quiz-master-next/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/quiz-master-next/#developers"
},
{
"name": "https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-7-3-6-multiple-insecure-direct-object-references-idor-vulnerabilities?_s_id=cve",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-7-3-6-multiple-insecure-direct-object-references-idor-vulnerabilities?_s_id=cve"
"url": "https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-7-3-6-multiple-insecure-direct-object-references-idor-vulnerabilities?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-7-3-6-multiple-insecure-direct-object-references-idor-vulnerabilities?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "eng",
"lang": "en",
"value": "Update to 7.3.7 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
"credits": [
{
"lang": "en",
"value": "Vulnerability discovered by Vlad Vector (Patchstack)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW"
}
]
}
}

67
2021/39xxx/CVE-2021-39077.json
View File

@ -1,34 +1,19 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-39077",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "IBM Security Guardium",
"version": {
"version_data": [
{
"version_value": "\"10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4\""
}
]
}
}
]
}
}
]
}
"description": {
"description_data": [
{
"lang": "eng",
"value": "\"IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587.\""
}
]
},
"problemtype": {
"problemtype_data": [
@ -42,20 +27,36 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "IBM Security Guardium",
"version": {
"version_data": [
{
"version_value": "\"10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4\"",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6831647",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/6831647",
"url": "https://www.ibm.com/support/pages/node/6831647"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "\"IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587.\""
"name": "https://www.ibm.com/support/pages/node/6831647"
}
]
}

67
2022/22xxx/CVE-2022-22425.json
View File

@ -1,34 +1,19 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-22425",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "IBM InfoSphere Information Server",
"version": {
"version_data": [
{
"version_value": "11.7"
}
]
}
}
]
}
}
]
}
"description": {
"description_data": [
{
"lang": "eng",
"value": "\"IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 223598.\""
}
]
},
"problemtype": {
"problemtype_data": [
@ -42,20 +27,36 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "IBM InfoSphere Information Server",
"version": {
"version_data": [
{
"version_value": "11.7",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6829953",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/6829953",
"url": "https://www.ibm.com/support/pages/node/6829953"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "\"IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 223598.\""
"name": "https://www.ibm.com/support/pages/node/6829953"
}
]
}

67
2022/22xxx/CVE-2022-22442.json
View File

@ -1,34 +1,19 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-22442",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "IBM InfoSphere Information Server",
"version": {
"version_data": [
{
"version_value": "11.7"
}
]
}
}
]
}
}
]
}
"description": {
"description_data": [
{
"lang": "eng",
"value": "\"IBM InfoSphere Information Server 11.7 could allow an authenticated user to access information restricted to users with elevated privileges due to improper access controls. IBM X-Force ID: 224427.\""
}
]
},
"problemtype": {
"problemtype_data": [
@ -42,20 +27,36 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "IBM InfoSphere Information Server",
"version": {
"version_data": [
{
"version_value": "11.7",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6829325",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/6829325",
"url": "https://www.ibm.com/support/pages/node/6829325"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "\"IBM InfoSphere Information Server 11.7 could allow an authenticated user to access information restricted to users with elevated privileges due to improper access controls. IBM X-Force ID: 224427.\""
"name": "https://www.ibm.com/support/pages/node/6829325"
}
]
}

138
2022/25xxx/CVE-2022-25952.json
View File

@ -1,45 +1,12 @@
{
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-10-31T20:37:00.000Z",
"ID": "CVE-2022-25952",
"STATE": "PUBLIC",
"TITLE": "WordPress Content Egg plugin <= 5.4.0 - Cross-Site Request Forgery (CSRF) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Content Egg (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 5.4.0",
"version_value": "<= 5.4.0"
}
]
}
}
]
},
"vendor_name": "Keywordrush"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Muhammad Daffa (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-25952",
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -48,58 +15,91 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Keywordrush",
"product": {
"product_data": [
{
"product_name": "Content Egg (WordPress plugin)",
"version": {
"version_data": [
{
"version_value": "<= 5.4.0",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://patchstack.com/database/vulnerability/content-egg/wordpress-content-egg-plugin-5-4-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/content-egg/wordpress-content-egg-plugin-5-4-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
"url": "https://patchstack.com/database/vulnerability/content-egg/wordpress-content-egg-plugin-5-4-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/content-egg/wordpress-content-egg-plugin-5-4-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
},
{
"name": "https://wordpress.org/plugins/content-egg/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/content-egg/#developers"
"url": "https://wordpress.org/plugins/content-egg/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/content-egg/#developers"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "eng",
"lang": "en",
"value": "Update to 5.5.0 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
"credits": [
{
"lang": "en",
"value": "Vulnerability discovered by Muhammad Daffa (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
}
]
}
}

67
2022/34xxx/CVE-2022-34339.json
View File

@ -1,34 +1,19 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34339",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "IBM Cognos Analytics ",
"version": {
"version_data": [
{
"version_value": "\"11.2.1, 11.2.0, 11.1.7\""
}
]
}
}
]
}
}
]
}
"description": {
"description_data": [
{
"lang": "eng",
"value": "\"IBM Cognos Analytics 11.2.1, 11.2.0, 11.1.7 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 229963.\""
}
]
},
"problemtype": {
"problemtype_data": [
@ -42,20 +27,36 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "IBM Cognos Analytics ",
"version": {
"version_data": [
{
"version_value": "\"11.2.1, 11.2.0, 11.1.7\"",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6828527",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/6828527",
"url": "https://www.ibm.com/support/pages/node/6828527"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "\"IBM Cognos Analytics 11.2.1, 11.2.0, 11.1.7 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 229963.\""
"name": "https://www.ibm.com/support/pages/node/6828527"
}
]
}

67
2022/35xxx/CVE-2022-35279.json
View File

@ -1,34 +1,19 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-35279",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "IBM Business Automation Workflow",
"version": {
"version_data": [
{
"version_value": "\"18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, and 22.0.1\""
}
]
}
}
]
}
}
]
}
"description": {
"description_data": [
{
"lang": "eng",
"value": "\"IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, and 22.0.1 could disclose sensitive version information to authenticated users which could be used in further attacks against the system. IBM X-Force ID: 230537.\""
}
]
},
"problemtype": {
"problemtype_data": [
@ -42,20 +27,36 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "IBM Business Automation Workflow",
"version": {
"version_data": [
{
"version_value": "\"18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, and 22.0.1\"",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6829847",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/6829847",
"url": "https://www.ibm.com/support/pages/node/6829847"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "\"IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, and 22.0.1 could disclose sensitive version information to authenticated users which could be used in further attacks against the system. IBM X-Force ID: 230537.\""
"name": "https://www.ibm.com/support/pages/node/6829847"
}
]
}

138
2022/36xxx/CVE-2022-36404.json
View File

@ -1,45 +1,12 @@
{
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-10-20T17:55:00.000Z",
"ID": "CVE-2022-36404",
"STATE": "PUBLIC",
"TITLE": "WordPress Simple SEO plugin <= 1.8.12 - Broken Access Control vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Simple SEO (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 1.8.12",
"version_value": "<= 1.8.12"
}
]
}
}
]
},
"vendor_name": "David Cole"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Mika (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-36404",
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -48,58 +15,91 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
"value": "CWE-264 Permissions, Privileges, and Access Controls",
"cweId": "CWE-264"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "David Cole",
"product": {
"product_data": [
{
"product_name": "Simple SEO (WordPress plugin)",
"version": {
"version_data": [
{
"version_value": "<= 1.8.12",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://patchstack.com/database/vulnerability/cds-simple-seo/wordpress-simple-seo-plugin-1-8-12-authenticated-sitemap-deletion-creation-vulnerability?_s_id=cve",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/cds-simple-seo/wordpress-simple-seo-plugin-1-8-12-authenticated-sitemap-deletion-creation-vulnerability?_s_id=cve"
"url": "https://patchstack.com/database/vulnerability/cds-simple-seo/wordpress-simple-seo-plugin-1-8-12-authenticated-sitemap-deletion-creation-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/cds-simple-seo/wordpress-simple-seo-plugin-1-8-12-authenticated-sitemap-deletion-creation-vulnerability?_s_id=cve"
},
{
"name": "https://wordpress.org/plugins/cds-simple-seo/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/cds-simple-seo/#developers"
"url": "https://wordpress.org/plugins/cds-simple-seo/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/cds-simple-seo/#developers"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "eng",
"lang": "en",
"value": "Update to 1.8.13 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
"credits": [
{
"lang": "en",
"value": "Vulnerability discovered by Mika (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
}
]
}
}

138
2022/36xxx/CVE-2022-36428.json
View File

@ -1,45 +1,12 @@
{
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-10-13T17:19:00.000Z",
"ID": "CVE-2022-36428",
"STATE": "PUBLIC",
"TITLE": "WordPress Rock Convert plugin <= 2.11.0 - Auth. Cross-Site Scripting (XSS) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rock Convert (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 2.11.0",
"version_value": "2.11.0"
}
]
}
}
]
},
"vendor_name": "Stage"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Mika (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-36428",
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -48,58 +15,91 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
"value": "CWE-79 Cross-site Scripting (XSS)",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Stage",
"product": {
"product_data": [
{
"product_name": "Rock Convert (WordPress plugin)",
"version": {
"version_data": [
{
"version_value": "<= 2.11.0",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://patchstack.com/database/vulnerability/rock-convert/wordpress-rock-convert-plugin-2-11-0-auth-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/rock-convert/wordpress-rock-convert-plugin-2-11-0-auth-cross-site-scripting-xss-vulnerability?_s_id=cve"
"url": "https://patchstack.com/database/vulnerability/rock-convert/wordpress-rock-convert-plugin-2-11-0-auth-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/rock-convert/wordpress-rock-convert-plugin-2-11-0-auth-cross-site-scripting-xss-vulnerability?_s_id=cve"
},
{
"name": "https://wordpress.org/plugins/rock-convert/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/rock-convert/"
"url": "https://wordpress.org/plugins/rock-convert/",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/rock-convert/"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "eng",
"lang": "en",
"value": "Update to 3.0.0 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
"credits": [
{
"lang": "en",
"value": "Vulnerability discovered by Mika (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
}
]
}
}

55
2022/37xxx/CVE-2022-37680.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37680",
"ASSIGNER": "cve@mitre.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,6 +27,30 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "?"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{

55
2022/37xxx/CVE-2022-37681.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37681",
"ASSIGNER": "cve@mitre.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,6 +27,30 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "?"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{

61
2022/38xxx/CVE-2022-38168.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-38168",
"ASSIGNER": "cve@mitre.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** UNSUPPORTED WHEN ASSIGNED ** Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated attackers to bypass the login page, access sensitive information, and reset user passwords via URL modification."
"value": "** UNSUPPPORTED WHEN ASSIGNED **Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated attackers to bypass the login page, access sensitive information, and reset user passwords via URL modification."
}
]
},
@ -50,12 +27,36 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "?"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://medium.com/@rob_nes/avaya-scopia-pathfinder-broken-access-control-ac792e995bae",
"url": "https://medium.com/%40rob_nes/avaya-scopia-pathfinder-broken-access-control-ac792e995bae",
"refsource": "MISC",
"name": "https://medium.com/@rob_nes/avaya-scopia-pathfinder-broken-access-control-ac792e995bae"
"name": "https://medium.com/%40rob_nes/avaya-scopia-pathfinder-broken-access-control-ac792e995bae"
}
]
}

67
2022/38xxx/CVE-2022-38710.json
View File

@ -1,34 +1,19 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-38710",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "IBM Robotic Process Automation",
"version": {
"version_data": [
{
"version_value": "\"21.0.1 and 21.0.2\""
}
]
}
}
]
}
}
]
}
"description": {
"description_data": [
{
"lang": "eng",
"value": "\"IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 234292.\""
}
]
},
"problemtype": {
"problemtype_data": [
@ -42,20 +27,36 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "IBM Robotic Process Automation",
"version": {
"version_data": [
{
"version_value": "\"21.0.1 and 21.0.2\"",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6831681",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/6831681",
"url": "https://www.ibm.com/support/pages/node/6831681"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "\"IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 234292.\""
"name": "https://www.ibm.com/support/pages/node/6831681"
}
]
}

67
2022/38xxx/CVE-2022-38712.json
View File

@ -1,34 +1,19 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-38712",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "IBM WebSphere Application Server",
"version": {
"version_data": [
{
"version_value": "\"7.0, 8.0, 8.5, and 9.0\""
}
]
}
}
]
}
}
]
}
"description": {
"description_data": [
{
"lang": "eng",
"value": "\"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations. IBM X-Force ID: 234762.\""
}
]
},
"problemtype": {
"problemtype_data": [
@ -42,20 +27,36 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "IBM WebSphere Application Server",
"version": {
"version_data": [
{
"version_value": "\"7.0, 8.0, 8.5, and 9.0\"",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6829907",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/6829907",
"url": "https://www.ibm.com/support/pages/node/6829907"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "\"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations. IBM X-Force ID: 234762.\""
"name": "https://www.ibm.com/support/pages/node/6829907"
}
]
}

138
2022/40xxx/CVE-2022-40131.json
View File

@ -1,45 +1,12 @@
{
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-10-13T17:23:00.000Z",
"ID": "CVE-2022-40131",
"STATE": "PUBLIC",
"TITLE": "WordPress Page View Count plugin <= 2.5.5 - Cross-Site Request Forgery (CSRF) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Page View Count (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 2.5.5",
"version_value": "2.5.5"
}
]
}
}
]
},
"vendor_name": "a3rev Software"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Mika (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-40131",
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -48,58 +15,91 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "a3rev Software",
"product": {
"product_data": [
{
"product_name": "Page View Count (WordPress plugin)",
"version": {
"version_data": [
{
"version_value": "<= 2.5.5",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://patchstack.com/database/vulnerability/page-views-count/wordpress-page-view-count-plugin-2-5-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/page-views-count/wordpress-page-view-count-plugin-2-5-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
"url": "https://patchstack.com/database/vulnerability/page-views-count/wordpress-page-view-count-plugin-2-5-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/page-views-count/wordpress-page-view-count-plugin-2-5-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
},
{
"name": "https://wordpress.org/plugins/page-views-count/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/page-views-count/#developers"
"url": "https://wordpress.org/plugins/page-views-count/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/page-views-count/#developers"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "eng",
"lang": "en",
"value": "Update to 2.5.6 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
"credits": [
{
"lang": "en",
"value": "Vulnerability discovered by Mika (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
}
]
}
}

67
2022/40xxx/CVE-2022-40230.json
View File

@ -1,34 +1,19 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-40230",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "IBM MQ Appliance ",
"version": {
"version_data": [
{
"version_value": "\"9.2 CD, 9.2 LTS, 9.3 CD, and LTS 9.3\""
}
]
}
}
]
}
}
]
}
"description": {
"description_data": [
{
"lang": "eng",
"value": "\"IBM MQ Appliance 9.2 CD, 9.2 LTS, 9.3 CD, and LTS 9.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 235532.\""
}
]
},
"problemtype": {
"problemtype_data": [
@ -42,20 +27,36 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "IBM MQ Appliance ",
"version": {
"version_data": [
{
"version_value": "\"9.2 CD, 9.2 LTS, 9.3 CD, and LTS 9.3\"",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6622051",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/6622051",
"url": "https://www.ibm.com/support/pages/node/6622051"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "\"IBM MQ Appliance 9.2 CD, 9.2 LTS, 9.3 CD, and LTS 9.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 235532.\""
"name": "https://www.ibm.com/support/pages/node/6622051"
}
]
}

67
2022/40xxx/CVE-2022-40747.json
View File

@ -1,34 +1,19 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-40747",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "IBM InfoSphere Information Server",
"version": {
"version_data": [
{
"version_value": "11.7"
}
]
}
}
]
}
}
]
}
"description": {
"description_data": [
{
"lang": "eng",
"value": "\"IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 236584.\""
}
]
},
"problemtype": {
"problemtype_data": [
@ -42,20 +27,36 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "IBM InfoSphere Information Server",
"version": {
"version_data": [
{
"version_value": "11.7",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6829373",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/6829373",
"url": "https://www.ibm.com/support/pages/node/6829373"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "\"IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 236584.\""
"name": "https://www.ibm.com/support/pages/node/6829373"
}
]
}

71
2022/41xxx/CVE-2022-41710.json
View File

@ -1,34 +1,19 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-41710",
"ASSIGNER": "help@fluidattacks.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Markdownify",
"version": {
"version_data": [
{
"version_value": "1.4.1"
}
]
}
}
]
}
}
]
}
"description": {
"description_data": [
{
"lang": "eng",
"value": "Markdownify version 1.4.1 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Markdownify. This is possible because the application does not have a CSP policy (or at least not strict enough) and/or does not properly validate the contents of markdown files before rendering them."
}
]
},
"problemtype": {
"problemtype_data": [
@ -42,25 +27,41 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Markdownify",
"version": {
"version_data": [
{
"version_value": "1.4.1",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/amitmerchant1990/electron-markdownify",
"refsource": "MISC",
"name": "https://github.com/amitmerchant1990/electron-markdownify",
"url": "https://github.com/amitmerchant1990/electron-markdownify"
"name": "https://github.com/amitmerchant1990/electron-markdownify"
},
{
"url": "https://fluidattacks.com/advisories/noisestorm/",
"refsource": "MISC",
"name": "https://fluidattacks.com/advisories/noisestorm/",
"url": "https://fluidattacks.com/advisories/noisestorm/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Markdownify version 1.4.1 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Markdownify. This is possible because the application does not have a CSP policy (or at least not strict enough) and/or does not properly validate the contents of markdown files before rendering them."
"name": "https://fluidattacks.com/advisories/noisestorm/"
}
]
}

71
2022/41xxx/CVE-2022-41714.json
View File

@ -1,34 +1,19 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-41714",
"ASSIGNER": "help@fluidattacks.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "fastest-json-copy",
"version": {
"version_data": [
{
"version_value": "1.0.1"
}
]
}
}
]
}
}
]
}
"description": {
"description_data": [
{
"lang": "eng",
"value": "fastest-json-copy version 1.0.1 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the '__proto__' property to be edited."
}
]
},
"problemtype": {
"problemtype_data": [
@ -42,25 +27,41 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "fastest-json-copy",
"version": {
"version_data": [
{
"version_value": "1.0.1",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://fluidattacks.com/advisories/guetta/",
"refsource": "MISC",
"name": "https://fluidattacks.com/advisories/guetta/",
"url": "https://fluidattacks.com/advisories/guetta/"
"name": "https://fluidattacks.com/advisories/guetta/"
},
{
"url": "https://github.com/streamich/fastest-json-copy",
"refsource": "MISC",
"name": "https://github.com/streamich/fastest-json-copy",
"url": "https://github.com/streamich/fastest-json-copy"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "fastest-json-copy version 1.0.1 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the '__proto__' property to be edited."
"name": "https://github.com/streamich/fastest-json-copy"
}
]
}

67
2022/42xxx/CVE-2022-42442.json
View File

@ -1,34 +1,19 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42442",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "IBM Robotic Process Automation for Cloud Pak",
"version": {
"version_data": [
{
"version_value": "\"21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5\""
}
]
}
}
]
}
}
]
}
"description": {
"description_data": [
{
"lang": "eng",
"value": "\"IBM Robotic Process Automation for Cloud Pak 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to exposure of the first tenant owner e-mail address to users with access to the container platform. IBM X-Force ID: 238214.\""
}
]
},
"problemtype": {
"problemtype_data": [
@ -42,20 +27,36 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "IBM Robotic Process Automation for Cloud Pak",
"version": {
"version_data": [
{
"version_value": "\"21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5\"",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6831787",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/6831787",
"url": "https://www.ibm.com/support/pages/node/6831787"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "\"IBM Robotic Process Automation for Cloud Pak 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to exposure of the first tenant owner e-mail address to users with access to the container platform. IBM X-Force ID: 238214.\""
"name": "https://www.ibm.com/support/pages/node/6831787"
}
]
}

71
2022/42xxx/CVE-2022-42744.json
View File

@ -1,34 +1,19 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42744",
"ASSIGNER": "help@fluidattacks.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "CandidATS",
"version": {
"version_data": [
{
"version_value": "3.0.0"
}
]
}
}
]
}
}
]
}
"description": {
"description_data": [
{
"lang": "eng",
"value": "CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases. This is possible because the application does not correctly validate the entriesPerPage parameter against SQLi attacks."
}
]
},
"problemtype": {
"problemtype_data": [
@ -42,25 +27,41 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "CandidATS",
"version": {
"version_data": [
{
"version_value": "3.0.0",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://candidats.net/",
"refsource": "MISC",
"name": "https://candidats.net/",
"url": "https://candidats.net/"
"name": "https://candidats.net/"
},
{
"url": "https://fluidattacks.com/advisories/mohawke/",
"refsource": "MISC",
"name": "https://fluidattacks.com/advisories/mohawke/",
"url": "https://fluidattacks.com/advisories/mohawke/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases. This is possible because the application does not correctly validate the entriesPerPage parameter against SQLi attacks."
"name": "https://fluidattacks.com/advisories/mohawke/"
}
]
}

59
2022/43xxx/CVE-2022-43062.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-43062",
"ASSIGNER": "cve@mitre.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,12 +27,36 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "?"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/YorkLee53645349/Cve_report/blob/main/vendor/oretnom23/online-diagnostic-lab-management-system/SQLi-1.md",
"refsource": "MISC",
"name": "https://github.com/YorkLee53645349/Cve_report/blob/main/vendor/oretnom23/online-diagnostic-lab-management-system/SQLi-1.md",
"url": "https://github.com/YorkLee53645349/Cve_report/blob/main/vendor/oretnom23/online-diagnostic-lab-management-system/SQLi-1.md"
"name": "https://github.com/YorkLee53645349/Cve_report/blob/main/vendor/oretnom23/online-diagnostic-lab-management-system/SQLi-1.md"
}
]
}

59
2022/43xxx/CVE-2022-43063.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-43063",
"ASSIGNER": "cve@mitre.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,12 +27,36 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "?"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/YorkLee53645349/Cve_report/blob/main/vendor/oretnom23/online-diagnostic-lab-management-system/SQLi-2.md",
"refsource": "MISC",
"name": "https://github.com/YorkLee53645349/Cve_report/blob/main/vendor/oretnom23/online-diagnostic-lab-management-system/SQLi-2.md",
"url": "https://github.com/YorkLee53645349/Cve_report/blob/main/vendor/oretnom23/online-diagnostic-lab-management-system/SQLi-2.md"
"name": "https://github.com/YorkLee53645349/Cve_report/blob/main/vendor/oretnom23/online-diagnostic-lab-management-system/SQLi-2.md"
}
]
}

55
2022/43xxx/CVE-2022-43372.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-43372",
"ASSIGNER": "cve@mitre.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,6 +27,30 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "?"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{

67
2022/43xxx/CVE-2022-43574.json
View File

@ -1,34 +1,19 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-43574",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "IBM Robotic Process Automation",
"version": {
"version_data": [
{
"version_value": "\"21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5\""
}
]
}
}
]
}
}
]
}
"description": {
"description_data": [
{
"lang": "eng",
"value": "\"IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignment which could allow access to application configurations. IBM X-Force ID: 238679.\""
}
]
},
"problemtype": {
"problemtype_data": [
@ -42,20 +27,36 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "IBM Robotic Process Automation",
"version": {
"version_data": [
{
"version_value": "\"21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5\"",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6831645",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/6831645",
"url": "https://www.ibm.com/support/pages/node/6831645"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "\"IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignment which could allow access to application configurations. IBM X-Force ID: 238679.\""
"name": "https://www.ibm.com/support/pages/node/6831645"
}
]
}

138
2022/44xxx/CVE-2022-44627.json
View File

@ -1,45 +1,12 @@
{
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-10-20T17:55:00.000Z",
"ID": "CVE-2022-44627",
"STATE": "PUBLIC",
"TITLE": "WordPress Simple SEO plugin <= 1.8.12 - Cross-Site Request Forgery (CSRF) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Simple SEO (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 1.8.12",
"version_value": "<= 1.8.12"
}
]
}
}
]
},
"vendor_name": "David Cole"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Mika (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-44627",
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -48,58 +15,91 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "David Cole",
"product": {
"product_data": [
{
"product_name": "Simple SEO (WordPress plugin)",
"version": {
"version_data": [
{
"version_value": "<= 1.8.12",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/cds-simple-seo/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/cds-simple-seo/#developers"
"url": "https://wordpress.org/plugins/cds-simple-seo/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/cds-simple-seo/#developers"
},
{
"name": "https://patchstack.com/database/vulnerability/cds-simple-seo/wordpress-simple-seo-plugin-1-8-12-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/cds-simple-seo/wordpress-simple-seo-plugin-1-8-12-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
"url": "https://patchstack.com/database/vulnerability/cds-simple-seo/wordpress-simple-seo-plugin-1-8-12-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/cds-simple-seo/wordpress-simple-seo-plugin-1-8-12-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "eng",
"lang": "en",
"value": "Update to 1.8.13 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
"credits": [
{
"lang": "en",
"value": "Vulnerability discovered by Mika (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
}
]
}
}

132
2022/44xxx/CVE-2022-44628.json
View File

@ -1,45 +1,12 @@
{
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-11-02T19:49:00.000Z",
"ID": "CVE-2022-44628",
"STATE": "PUBLIC",
"TITLE": "WordPress 4ECPS Web Forms plugin <= 0.2.17 - Auth. Stored Cross-Site Scripting (XSS) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "4ECPS Web Forms (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 0.2.17",
"version_value": "0.2.17"
}
]
}
}
]
},
"vendor_name": "JumpDEMAND Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Hoang Van Hiep aka sk4rl1ghT (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-44628",
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -48,52 +15,85 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
"value": "CWE-79 Cross-site Scripting (XSS)",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "JumpDEMAND Inc.",
"product": {
"product_data": [
{
"product_name": "4ECPS Web Forms (WordPress plugin)",
"version": {
"version_data": [
{
"version_value": "<= 0.2.17",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://patchstack.com/database/vulnerability/4ecps-webforms/wordpress-4ecps-web-forms-plugin-0-2-17-auth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/4ecps-webforms/wordpress-4ecps-web-forms-plugin-0-2-17-auth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve"
"url": "https://patchstack.com/database/vulnerability/4ecps-webforms/wordpress-4ecps-web-forms-plugin-0-2-17-auth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/4ecps-webforms/wordpress-4ecps-web-forms-plugin-0-2-17-auth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve"
},
{
"name": "https://wordpress.org/plugins/4ecps-webforms/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/4ecps-webforms/"
"url": "https://wordpress.org/plugins/4ecps-webforms/",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/4ecps-webforms/"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Vulnerability discovered by Hoang Van Hiep aka sk4rl1ghT (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
}
]
}
}