admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-07-25 18:01:07 +00:00
parent efaa761117
commit 214fd33cd4
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
7 changed files with 506 additions and 270 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
2022/24xxx/CVE-2022-24992.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-24992",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-24992",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the component process.php of QR Code Generator v5.2.7 allows attackers to perform directory traversal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://qrcdr.com",
"refsource": "MISC",
"name": "http://qrcdr.com"
},
{
"url": "https://codecanyon.net/item/qrcdr-responsive-qr-code-generator/9226839",
"refsource": "MISC",
"name": "https://codecanyon.net/item/qrcdr-responsive-qr-code-generator/9226839"
},
{
"refsource": "MISC",
"name": "https://n0lsec.medium.com/qrcdr-path-traversal-vulnerability-bb89acc0c100",
"url": "https://n0lsec.medium.com/qrcdr-path-traversal-vulnerability-bb89acc0c100"
}
]
}

97
2022/2xxx/CVE-2022-2032.json
View File

@ -1,18 +1,103 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-coordination@incibe.es",
"DATE_PUBLIC": "2022-06-14T13:00:00.000Z",
"ID": "CVE-2022-2032",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Stored Cross Site-Scripting in File Manager"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pandora FMS",
"version": {
"version_data": [
{
"platform": "all",
"version_affected": "<=",
"version_name": "v761",
"version_value": "v761"
}
]
}
}
]
},
"vendor_name": "Artica PFMS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Pandora FMS v7.0NG.761 and below, in the file manager section, the dirname parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",
"refsource": "CONFIRM",
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
},
{
"name": "https://www.incibe.es/en/cve-assignment-publication/coordinated-cves",
"refsource": "CONFIRM",
"url": "https://www.incibe.es/en/cve-assignment-publication/coordinated-cves"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Fixed in v762"
}
],
"source": {
"defect": [
"#4875"
],
"discovery": "EXTERNAL"
}
}

92
2022/2xxx/CVE-2022-2059.json
View File

@ -1,18 +1,98 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-coordination@incibe.es",
"DATE_PUBLIC": "2022-06-14T13:00:00.000Z",
"ID": "CVE-2022-2059",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Stored Cross Site-Scripting in Agent Manager"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pandora FMS",
"version": {
"version_data": [
{
"platform": "all",
"version_affected": "<=",
"version_name": "v761",
"version_value": "v761"
}
]
}
}
]
},
"vendor_name": "Artica PFMS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Pandora FMS v7.0NG.761 and below, in the agent creation section, the alias parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",
"name": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Fixed in v762"
}
],
"source": {
"defect": [
"#4876"
],
"discovery": "EXTERNAL"
}
}

76
2022/2xxx/CVE-2022-2076.json
View File

@ -4,84 +4,14 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2076",
"TITLE": "Microsoft O365 session expiration",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "secure@microsoft.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Microsoft",
"product": {
"product_data": [
{
"product_name": "O365",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-613 Session Expiration"
}
]
}
]
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** A vulnerability has been found in Microsoft O365 and classified as critical. The session cookies introduce a session expiration issue as they might be used by two clients at the same time. The attack can be initiated remotely. Exploit details have been disclosed to the public. The real-world consequences of this vulnerability are still doubted at the moment. It is recommended to change the configuration settings. NOTE: Vendor claims that pre-requisites are very high, the feature works as intended, and that configuration settings might mitigate the issue."
}
]
},
"credit": "Lukas Reiter/Alexander Hagenah",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/sixgroup-security/Advisories/tree/main/20211209_Missing-Session-Hijacking-Protection-in-Microsoft-O365",
"refsource": "MISC",
"name": "https://github.com/sixgroup-security/Advisories/tree/main/20211209_Missing-Session-Hijacking-Protection-in-Microsoft-O365"
},
{
"url": "https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-continuous-access-evaluation",
"refsource": "MISC",
"name": "https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-continuous-access-evaluation"
},
{
"url": "https://www.mandiant.com/resources/russian-targeting-gov-business",
"refsource": "MISC",
"name": "https://www.mandiant.com/resources/russian-targeting-gov-business"
},
{
"url": "https://vuldb.com/?id.192028",
"refsource": "MISC",
"name": "https://vuldb.com/?id.192028"
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}

99
2022/33xxx/CVE-2022-33969.json
View File

@ -1,18 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-07-25T11:52:00.000Z",
"ID": "CVE-2022-33969",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress Flipbox plugin <= 2.6.0 - Authenticated WordPress Options Change vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Flipbox (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 2.6.0",
"version_value": "2.6.1"
}
]
}
}
]
},
"vendor_name": "Biplob Adhikari"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by m0ze (Patchstack)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Authenticated WordPress Options Change vulnerability in Biplob Adhikari's Flipbox plugin <= 2.6.0 at WordPress."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://plugins.trac.wordpress.org/changeset/2648808",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2648808"
},
{
"name": "https://patchstack.com/database/vulnerability/image-hover-effects-ultimate-visual-composer/wordpress-flipbox-plugin-2-6-0-authenticated-wordpress-options-change-vulnerability",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/image-hover-effects-ultimate-visual-composer/wordpress-flipbox-plugin-2-6-0-authenticated-wordpress-options-change-vulnerability"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to 2.6.1 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

172
2022/35xxx/CVE-2022-35287.json
View File

@ -1,90 +1,90 @@
{
"description" : {
"description_data" : [
{
"value" : "IBM Security Verify Information Queue 10.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 230817.",
"lang" : "eng"
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6606827",
"title" : "IBM Security Bulletin 6606827 (Security Verify Information Queue)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6606827"
},
{
"name" : "ibm-sv-cve202235287-info-disc (230817)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/230817"
}
]
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "10.0.2"
}
]
},
"product_name" : "Security Verify Information Queue"
}
]
},
"vendor_name" : "IBM"
"value": "IBM Security Verify Information Queue 10.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 230817.",
"lang": "eng"
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6606827",
"title": "IBM Security Bulletin 6606827 (Security Verify Information Queue)",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6606827"
},
{
"name": "ibm-sv-cve202235287-info-disc (230817)",
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/230817"
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "10.0.2"
}
]
},
"product_name": "Security Verify Information Queue"
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2022-07-22T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2022-35287"
},
"data_version" : "4.0",
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"PR" : "N",
"UI" : "N",
"A" : "N",
"I" : "N",
"C" : "H",
"AV" : "N",
"AC" : "H",
"S" : "C",
"SCORE" : "6.800"
}
}
}
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"CVE_data_meta": {
"DATE_PUBLIC": "2022-07-22T00:00:00",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2022-35287"
},
"data_version": "4.0",
"data_format": "MITRE",
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
},
"BM": {
"PR": "N",
"UI": "N",
"A": "N",
"I": "N",
"C": "H",
"AV": "N",
"AC": "H",
"S": "C",
"SCORE": "6.800"
}
}
}
}

174
2022/35xxx/CVE-2022-35288.json
View File

@ -1,90 +1,90 @@
{
"data_version" : "4.0",
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2022-35288",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2022-07-22T00:00:00"
},
"impact" : {
"cvssv3" : {
"BM" : {
"AV" : "N",
"C" : "L",
"I" : "N",
"A" : "N",
"UI" : "N",
"PR" : "N",
"S" : "U",
"SCORE" : "5.300",
"AC" : "L"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
"data_version": "4.0",
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Security Verify Information Queue",
"version" : {
"version_data" : [
{
"version_value" : "10.0.2"
}
]
}
}
]
},
"vendor_name" : "IBM"
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
}
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6606831 (Security Verify Information Queue)",
"name" : "https://www.ibm.com/support/pages/node/6606831",
"url" : "https://www.ibm.com/support/pages/node/6606831",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/230818",
"refsource" : "XF",
"name" : "ibm-sv-cve202235288-info-disc (230818)",
"title" : "X-Force Vulnerability Report"
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM Security Verify Information Queue 10.0.2 could allow a user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 230818.",
"lang" : "eng"
}
]
}
}
]
},
"CVE_data_meta": {
"ID": "CVE-2022-35288",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-07-22T00:00:00"
},
"impact": {
"cvssv3": {
"BM": {
"AV": "N",
"C": "L",
"I": "N",
"A": "N",
"UI": "N",
"PR": "N",
"S": "U",
"SCORE": "5.300",
"AC": "L"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Verify Information Queue",
"version": {
"version_data": [
{
"version_value": "10.0.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6606831 (Security Verify Information Queue)",
"name": "https://www.ibm.com/support/pages/node/6606831",
"url": "https://www.ibm.com/support/pages/node/6606831",
"refsource": "CONFIRM"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/230818",
"refsource": "XF",
"name": "ibm-sv-cve202235288-info-disc (230818)",
"title": "X-Force Vulnerability Report"
}
]
},
"description": {
"description_data": [
{
"value": "IBM Security Verify Information Queue 10.0.2 could allow a user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 230818.",
"lang": "eng"
}
]
}
}