admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-08-23 16:00:48 +00:00
parent 535d43b9d2
commit 2c30485ad6
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
56 changed files with 3370 additions and 297 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
2020/35xxx/CVE-2020-35509.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35509",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "keycloak",
"version": {
"version_data": [
{
"version_value": "11.0.3, 12.0.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2020-35509",
"url": "https://access.redhat.com/security/cve/cve-2020-35509"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in keycloak affecting versions 11.0.3 and 12.0.0. An expired certificate would be accepted by the direct-grant authenticator because of missing time stamp validations. The highest threat from this vulnerability is to data confidentiality and integrity."
}
]
}

70
2021/20xxx/CVE-2021-20298.json
View File

@ -4,14 +4,78 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20298",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OpenEXR",
"version": {
"version_data": [
{
"version_value": "Fixed in OpenEXR 3.0.0-beta"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 - Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25913",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25913"
},
{
"refsource": "MISC",
"name": "https://github.com/AcademySoftwareFoundation/openexr/pull/843",
"url": "https://github.com/AcademySoftwareFoundation/openexr/pull/843"
},
{
"refsource": "MISC",
"name": "https://github.com/AcademySoftwareFoundation/openexr/commit/85fd638ae0d5fa132434f4cbf32590261c1dba97",
"url": "https://github.com/AcademySoftwareFoundation/openexr/commit/85fd638ae0d5fa132434f4cbf32590261c1dba97"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1939156",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939156"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-20298",
"url": "https://access.redhat.com/security/cve/CVE-2021-20298"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to exhaust all memory accessible to the application. The highest threat from this vulnerability is to system availability."
}
]
}

70
2021/20xxx/CVE-2021-20304.json
View File

@ -4,14 +4,78 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20304",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OpenEXR",
"version": {
"version_data": [
{
"version_value": "Fixed in OpenEXR 3.0.0-beta"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190 - Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26229",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26229"
},
{
"refsource": "MISC",
"name": "https://github.com/AcademySoftwareFoundation/openexr/pull/849",
"url": "https://github.com/AcademySoftwareFoundation/openexr/pull/849"
},
{
"refsource": "MISC",
"name": "https://github.com/AcademySoftwareFoundation/openexr/commit/51a92d67f53c08230734e74564c807043cbfe41e",
"url": "https://github.com/AcademySoftwareFoundation/openexr/commit/51a92d67f53c08230734e74564c807043cbfe41e"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1939157",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939157"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-20304",
"url": "https://access.redhat.com/security/cve/CVE-2021-20304"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in OpenEXR's hufDecode functionality. This flaw allows an attacker who can pass a crafted file to be processed by OpenEXR, to trigger an undefined right shift error. The highest threat from this vulnerability is to system availability."
}
]
}

70
2021/20xxx/CVE-2021-20316.json
View File

@ -4,14 +4,78 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20316",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "samba",
"version": {
"version_data": [
{
"version_value": "Affects samba file server before v4.15.0, Fixed in samba v4.15.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.samba.org/show_bug.cgi?id=14842",
"url": "https://bugzilla.samba.org/show_bug.cgi?id=14842"
},
{
"refsource": "MISC",
"name": "https://www.samba.org/samba/security/CVE-2021-20316.html",
"url": "https://www.samba.org/samba/security/CVE-2021-20316.html"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2009673",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2009673"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-20316",
"url": "https://access.redhat.com/security/cve/CVE-2021-20316"
},
{
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2021-20316",
"url": "https://security-tracker.debian.org/tracker/CVE-2021-20316"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share."
}
]
}

4
2021/23xxx/CVE-2021-23156.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2021-23156",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}

4
2021/23xxx/CVE-2021-23161.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2021-23161",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}

65
2021/23xxx/CVE-2021-23177.json
View File

@ -4,14 +4,73 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-23177",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "libarchive",
"version": {
"version_data": [
{
"version_value": "Fixed in libarchive 3.5.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-59 - Improper Link Resolution Before File Access ('Link Following')"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/libarchive/libarchive/issues/1565",
"url": "https://github.com/libarchive/libarchive/issues/1565"
},
{
"refsource": "MISC",
"name": "https://github.com/libarchive/libarchive/commit/fba4f123cc456d2b2538f811bb831483bf336bad",
"url": "https://github.com/libarchive/libarchive/commit/fba4f123cc456d2b2538f811bb831483bf336bad"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2024245",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024245"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-23177",
"url": "https://access.redhat.com/security/cve/CVE-2021-23177"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain more privileges."
}
]
}

65
2021/31xxx/CVE-2021-31566.json
View File

@ -4,14 +4,73 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-31566",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "libarchive",
"version": {
"version_data": [
{
"version_value": "Fixed in libarchive 3.5.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-59 - Improper Link Resolution Before File Access ('Link Following')"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/libarchive/libarchive/issues/1566",
"url": "https://github.com/libarchive/libarchive/issues/1566"
},
{
"refsource": "MISC",
"name": "https://github.com/libarchive/libarchive/commit/b41daecb5ccb4c8e3b2c53fd6147109fc12c3043",
"url": "https://github.com/libarchive/libarchive/commit/b41daecb5ccb4c8e3b2c53fd6147109fc12c3043"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2024237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024237"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-31566",
"url": "https://access.redhat.com/security/cve/CVE-2021-31566"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privileges in a system."
}
]
}

90
2021/3xxx/CVE-2021-3670.json
View File

@ -4,14 +4,98 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3670",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "samba",
"version": {
"version_data": [
{
"version_value": "Affects Samba 4.1 and newer."
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 - Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2077533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077533"
},
{
"refsource": "MISC",
"name": "https://bugzilla.samba.org/show_bug.cgi?id=14694",
"url": "https://bugzilla.samba.org/show_bug.cgi?id=14694"
},
{
"refsource": "MISC",
"name": "https://gitlab.com/samba-team/samba/-/commit/1d5b155619bc532c46932965b215bd73a920e56f",
"url": "https://gitlab.com/samba-team/samba/-/commit/1d5b155619bc532c46932965b215bd73a920e56f"
},
{
"refsource": "MISC",
"name": "https://gitlab.com/samba-team/samba/-/commit/dcfcafdbf756e12d9077ad7920eea25478c29f81",
"url": "https://gitlab.com/samba-team/samba/-/commit/dcfcafdbf756e12d9077ad7920eea25478c29f81"
},
{
"refsource": "MISC",
"name": "https://gitlab.com/samba-team/samba/-/commit/86fe9d48883f87c928bf31ccbd275db420386803",
"url": "https://gitlab.com/samba-team/samba/-/commit/86fe9d48883f87c928bf31ccbd275db420386803"
},
{
"refsource": "MISC",
"name": "https://gitlab.com/samba-team/samba/-/commit/e1ab0c43629686d1d2c0b0b2bcdc90057a792049",
"url": "https://gitlab.com/samba-team/samba/-/commit/e1ab0c43629686d1d2c0b0b2bcdc90057a792049"
},
{
"refsource": "MISC",
"name": "https://gitlab.com/samba-team/samba/-/commit/2b3af3b560c9617a233c131376c870fce146c002",
"url": "https://gitlab.com/samba-team/samba/-/commit/2b3af3b560c9617a233c131376c870fce146c002"
},
{
"refsource": "MISC",
"name": "https://gitlab.com/samba-team/samba/-/commit/5f0590362c5c0c5ee20503a67467f9be2d50e73b",
"url": "https://gitlab.com/samba-team/samba/-/commit/5f0590362c5c0c5ee20503a67467f9be2d50e73b"
},
{
"refsource": "MISC",
"name": "https://gitlab.com/samba-team/samba/-/commit/3507e96b3dcf0c0b8eff7b2c08ffccaf0812a393",
"url": "https://gitlab.com/samba-team/samba/-/commit/3507e96b3dcf0c0b8eff7b2c08ffccaf0812a393"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "MaxQueryDuration not honoured in Samba AD DC LDAP"
}
]
}

65
2021/3xxx/CVE-2021-3690.json
View File

@ -4,14 +4,73 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3690",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "undertow",
"version": {
"version_data": [
{
"version_value": "Fixed in 2.2.10.Final, 2.0.40.Final"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 - Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://issues.redhat.com/browse/UNDERTOW-1935",
"url": "https://issues.redhat.com/browse/UNDERTOW-1935"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1991299",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991299"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-3690",
"url": "https://access.redhat.com/security/cve/CVE-2021-3690"
},
{
"refsource": "MISC",
"name": "https://github.com/undertow-io/undertow/commit/c7e84a0b7efced38506d7d1dfea5902366973877",
"url": "https://github.com/undertow-io/undertow/commit/c7e84a0b7efced38506d7d1dfea5902366973877"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability."
}
]
}

65
2021/3xxx/CVE-2021-3701.json
View File

@ -4,14 +4,73 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3701",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "ansible-runner",
"version": {
"version_data": [
{
"version_value": "Affects ansible-runner 2.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276 - Incorrect Default Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1977959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1977959"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-3701",
"url": "https://access.redhat.com/security/cve/CVE-2021-3701"
},
{
"refsource": "MISC",
"name": "https://github.com/ansible/ansible-runner/issues/738",
"url": "https://github.com/ansible/ansible-runner/issues/738"
},
{
"refsource": "MISC",
"name": "https://github.com/ansible/ansible-runner/pull/742/commits",
"url": "https://github.com/ansible/ansible-runner/pull/742/commits"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in ansible-runner where the default temporary files configuration in ansible-2.0.0 are written to world R/W locations. This flaw allows an attacker to pre-create the directory, resulting in reading private information or forcing ansible-runner to write files as the legitimate user in a place they did not expect. The highest threat from this vulnerability is to confidentiality and integrity."
}
]
}

60
2021/3xxx/CVE-2021-3702.json
View File

@ -4,14 +4,68 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3702",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "ansible-runner",
"version": {
"version_data": [
{
"version_value": "Affects ansible-runner 2.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/ansible/ansible-runner/pull/742/commits",
"url": "https://github.com/ansible/ansible-runner/pull/742/commits"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1977965",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1977965"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-3702",
"url": "https://access.redhat.com/security/cve/CVE-2021-3702"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A race condition flaw was found in ansible-runner, where an attacker could watch for rapid creation and deletion of a temporary directory, substitute their directory at that name, and then have access to ansible-runner's private_data_dir the next time ansible-runner made use of the private_data_dir. The highest Threat out of this flaw is to integrity and confidentiality."
}
]
}

65
2021/3xxx/CVE-2021-3714.json
View File

@ -4,14 +4,73 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3714",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "Not known"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://arxiv.org/abs/2111.08553",
"url": "https://arxiv.org/abs/2111.08553"
},
{
"refsource": "MISC",
"name": "https://arxiv.org/pdf/2111.08553.pdf",
"url": "https://arxiv.org/pdf/2111.08553.pdf"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1931327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1931327"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-3714",
"url": "https://access.redhat.com/security/cve/CVE-2021-3714"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a networked service to determine if the page has been merged."
}
]
}

4
2021/3xxx/CVE-2021-3724.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2021-3724",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}

60
2021/3xxx/CVE-2021-3736.json
View File

@ -4,14 +4,68 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3736",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "Fixed in v5.15-rc1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1995570",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995570"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-3736",
"url": "https://access.redhat.com/security/cve/CVE-2021-3736"
},
{
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/de5494af4815a4c9328536c72741229b7de88e7f",
"url": "https://github.com/torvalds/linux/commit/de5494af4815a4c9328536c72741229b7de88e7f"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in the Linux kernel. A memory leak problem was found in mbochs_ioctl in samples/vfio-mdev/mbochs.c in Virtual Function I/O (VFIO) Mediated devices. This flaw could allow a local attacker to leak internal kernel information."
}
]
}

60
2021/3xxx/CVE-2021-3759.json
View File

@ -4,14 +4,68 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3759",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "Fixed in Linux kernel 5.15-rc1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 - Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1999675",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999675"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-3759",
"url": "https://access.redhat.com/security/cve/CVE-2021-3759"
},
{
"refsource": "MISC",
"name": "https://lore.kernel.org/linux-mm/1626333284-1404-1-git-send-email-nglaive@gmail.com/",
"url": "https://lore.kernel.org/linux-mm/1626333284-1404-1-git-send-email-nglaive@gmail.com/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A memory overflow vulnerability was found in the Linux kernel\u2019s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability."
}
]
}

60
2021/3xxx/CVE-2021-3763.json
View File

@ -4,14 +4,68 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3763",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "AMQ Broker",
"version": {
"version_data": [
{
"version_value": "Fixed in amq-7.9.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 - Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2000654",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000654"
},
{
"refsource": "MISC",
"name": "https://issues.redhat.com/browse/ENTMQBR-5372",
"url": "https://issues.redhat.com/browse/ENTMQBR-5372"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-3763",
"url": "https://access.redhat.com/security/cve/CVE-2021-3763"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in the Red Hat AMQ Broker management console in version 7.8 where an existing user is able to access some limited information even when the role the user is assigned to should not be allow access to the management console. The main impact is to confidentiality as this flaw means some role bindings are incorrectly checked, some privileged meta information such as queue names and configuration details are disclosed but the impact is limited as not all information is accessible and there is no affect to integrity."
}
]
}

65
2021/3xxx/CVE-2021-3764.json
View File

@ -4,14 +4,73 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3764",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Linux Kernel",
"version": {
"version_data": [
{
"version_value": "Fixed in v5.15-rc4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 - Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/505d9dcb0f7ddf9d075e729523a33d38642ae680",
"url": "https://github.com/torvalds/linux/commit/505d9dcb0f7ddf9d075e729523a33d38642ae680"
},
{
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2021-3764",
"url": "https://security-tracker.debian.org/tracker/CVE-2021-3764"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1997467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997467"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-3764",
"url": "https://access.redhat.com/security/cve/CVE-2021-3764"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability."
}
]
}

4
2021/3xxx/CVE-2021-3771.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2021-3771",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}

65
2021/3xxx/CVE-2021-3798.json
View File

@ -4,14 +4,73 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3798",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "opencryptoki",
"version": {
"version_data": [
{
"version_value": "Fixed in v3.17.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1990591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1990591"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-3798",
"url": "https://access.redhat.com/security/cve/CVE-2021-3798"
},
{
"refsource": "MISC",
"name": "https://github.com/opencryptoki/opencryptoki/pull/402",
"url": "https://github.com/opencryptoki/opencryptoki/pull/402"
},
{
"refsource": "MISC",
"name": "https://github.com/opencryptoki/opencryptoki/commit/4e3b43c3d8844402c04a66b55c6c940f965109f0",
"url": "https://github.com/opencryptoki/opencryptoki/commit/4e3b43c3d8844402c04a66b55c6c940f965109f0"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via C_CreateObject, nor when C_DeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack."
}
]
}

65
2021/3xxx/CVE-2021-3800.json
View File

@ -4,14 +4,73 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3800",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Glib",
"version": {
"version_data": [
{
"version_value": "Fixed in glib2 2.63.6"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1938284",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1938284"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-3800",
"url": "https://access.redhat.com/security/cve/CVE-2021-3800"
},
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2017/06/23/8",
"url": "https://www.openwall.com/lists/oss-security/2017/06/23/8"
},
{
"refsource": "MISC",
"name": "https://gitlab.gnome.org/GNOME/glib/-/commit/3529bb4450a51995",
"url": "https://gitlab.gnome.org/GNOME/glib/-/commit/3529bb4450a51995"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition."
}
]
}

65
2021/3xxx/CVE-2021-3827.json
View File

@ -4,14 +4,73 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3827",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "keycloak",
"version": {
"version_data": [
{
"version_value": "Fixed in v18.0.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 - Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/keycloak/keycloak/security/advisories/GHSA-4pc7-vqv5-5r3v",
"url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-4pc7-vqv5-5r3v"
},
{
"refsource": "MISC",
"name": "https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d",
"url": "https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2007512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007512"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-3827",
"url": "https://access.redhat.com/security/cve/CVE-2021-3827"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The highest threat from this vulnerability is to confidentiality and integrity."
}
]
}

60
2021/3xxx/CVE-2021-3839.json
View File

@ -4,14 +4,68 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3839",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "dpdk",
"version": {
"version_data": [
{
"version_value": "Fixed in dpdk v22.03"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 - Out-of-bounds Read | CWE-787 - Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2025882",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025882"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-3839",
"url": "https://access.redhat.com/security/cve/CVE-2021-3839"
},
{
"refsource": "MISC",
"name": "https://github.com/DPDK/dpdk/commit/6442c329b9d2ded0f44b27d2016aaba8ba5844c5",
"url": "https://github.com/DPDK/dpdk/commit/6442c329b9d2ded0f44b27d2016aaba8ba5844c5"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability."
}
]
}

4
2021/3xxx/CVE-2021-3894.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2021-3894",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}

70
2021/3xxx/CVE-2021-3905.json
View File

@ -4,14 +4,78 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3905",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "openvswitch (ovs)",
"version": {
"version_data": [
{
"version_value": "Fixed in v2.17.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401 - Missing Release of Memory after Effective Lifetime"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2019692",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019692"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-3905",
"url": "https://access.redhat.com/security/cve/CVE-2021-3905"
},
{
"refsource": "MISC",
"name": "https://ubuntu.com/security/CVE-2021-3905",
"url": "https://ubuntu.com/security/CVE-2021-3905"
},
{
"refsource": "MISC",
"name": "https://github.com/openvswitch/ovs-issues/issues/226",
"url": "https://github.com/openvswitch/ovs-issues/issues/226"
},
{
"refsource": "MISC",
"name": "https://github.com/openvswitch/ovs/commit/803ed12e31b0377c37d7aa8c94b3b92f2081e349",
"url": "https://github.com/openvswitch/ovs/commit/803ed12e31b0377c37d7aa8c94b3b92f2081e349"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments."
}
]
}

92
2022/28xxx/CVE-2022-28882.json
View File

@ -1,18 +1,98 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2022-28882",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Denial-of-Service (DoS) Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All F-Secure and WithSecure Endpoint Protection products for Windows & Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure and WithSecure"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "WithSecure & F-Secure would like to thank faty420 https://twitter.com/faty420 for bringing this issue to our attention"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. The exploit can be triggered remotely by an attacker."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service Vulnerability "
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.withsecure.com/en/support/security-advisories",
"name": "https://www.withsecure.com/en/support/security-advisories"
}
]
},
"solution": [
{
"lang": "eng",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-08-10_06"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

92
2022/28xxx/CVE-2022-28883.json
View File

@ -1,18 +1,98 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2022-28883",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Denial-of-Service (DoS) Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All F-Secure and WithSecure Endpoint Protection products for Windows & Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure and WithSecure"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "WithSecure & F-Secure would like to thank faty420 https://twitter.com/faty420 for bringing this issue to our attention"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl unpack function crashes. This can lead to a possible scanning engine crash. The exploit can be triggered remotely by an attacker."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service Vulnerability "
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.withsecure.com/en/support/security-advisories",
"name": "https://www.withsecure.com/en/support/security-advisories"
}
]
},
"solution": [
{
"lang": "eng",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-08-10_06"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

93
2022/29xxx/CVE-2022-29476.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-08-12T00:12:00.000Z",
"ID": "CVE-2022-29476",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress Notification Bar for WordPress plugin <= 1.1.8 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Notification Bar for WordPress",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 1.1.8",
"version_value": "1.1.8"
}
]
}
}
]
},
"vendor_name": "8 Degree Themes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by ptsfence (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in 8 Degree Themes otification Bar for WordPress plugin <= 1.1.8 at WordPress."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://patchstack.com/database/vulnerability/8-degree-notification-bar/wordpress-notification-bar-for-wordpress-plugin-1-1-8-unauthenticated-stored-cross-site-scripting-xss-vulnerability",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/8-degree-notification-bar/wordpress-notification-bar-for-wordpress-plugin-1-1-8-unauthenticated-stored-cross-site-scripting-xss-vulnerability"
},
{
"name": "https://wordpress.org/plugins/8-degree-notification-bar/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/8-degree-notification-bar/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

166
2022/2xxx/CVE-2022-2965.json
View File

@ -1,89 +1,89 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2965",
"STATE": "PUBLIC",
"TITLE": "Improper Restriction of Rendered UI Layers or Frames in notrinos/notrinoserp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "notrinos/notrinoserp",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "0.7"
}
]
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2965",
"STATE": "PUBLIC",
"TITLE": "Improper Restriction of Rendered UI Layers or Frames in notrinos/notrinoserp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "notrinos/notrinoserp",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "0.7"
}
]
}
}
]
},
"vendor_name": "notrinos"
}
}
]
},
"vendor_name": "notrinos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Restriction of Rendered UI Layers or Frames in GitHub repository notrinos/notrinoserp prior to 0.7."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames"
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Restriction of Rendered UI Layers or Frames in GitHub repository notrinos/notrinoserp prior to 0.7."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/61e3bdf7-3548-45ea-b105-967abc0977f4",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/61e3bdf7-3548-45ea-b105-967abc0977f4"
},
{
"name": "https://github.com/notrinos/notrinoserp/commit/c2ff3d8e85a811003b796ca38f5b3290deeaa3aa",
"refsource": "MISC",
"url": "https://github.com/notrinos/notrinoserp/commit/c2ff3d8e85a811003b796ca38f5b3290deeaa3aa"
}
]
},
"source": {
"advisory": "61e3bdf7-3548-45ea-b105-967abc0977f4",
"discovery": "EXTERNAL"
}
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/61e3bdf7-3548-45ea-b105-967abc0977f4",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/61e3bdf7-3548-45ea-b105-967abc0977f4"
},
{
"name": "https://github.com/notrinos/notrinoserp/commit/c2ff3d8e85a811003b796ca38f5b3290deeaa3aa",
"refsource": "MISC",
"url": "https://github.com/notrinos/notrinoserp/commit/c2ff3d8e85a811003b796ca38f5b3290deeaa3aa"
}
]
},
"source": {
"advisory": "61e3bdf7-3548-45ea-b105-967abc0977f4",
"discovery": "EXTERNAL"
}
}

18
2022/2xxx/CVE-2022-2966.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2966",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/2xxx/CVE-2022-2967.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2967",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/2xxx/CVE-2022-2968.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2968",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/2xxx/CVE-2022-2969.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2969",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

99
2022/33xxx/CVE-2022-33142.json
View File

@ -1,18 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-08-22T07:36:00.000Z",
"ID": "CVE-2022-33142",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress Better Messages plugin <= 1.9.10.57 - Denial Of Service (DoS) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Better Messages (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 1.9.10.57",
"version_value": "1.9.10.57"
}
]
}
}
]
},
"vendor_name": "WordPlus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Dhakal Ananda (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Authenticated (subscriber+) Denial Of Service (DoS) vulnerability in WordPlus WordPress Better Messages plugin <= 1.9.10.57 at WordPress."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial Of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/bp-better-messages/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/bp-better-messages/#developers"
},
{
"name": "https://patchstack.com/database/vulnerability/bp-better-messages/wordpress-better-messages-plugin-1-9-10-57-denial-of-service-dos-vulnerability",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/bp-better-messages/wordpress-better-messages-plugin-1-9-10-57-denial-of-service-dos-vulnerability"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to 1.9.10.58 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

93
2022/34xxx/CVE-2022-34648.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-08-11T22:46:00.000Z",
"ID": "CVE-2022-34648",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress Uploading SVG, WEBP and ICO files plugin <= 1.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Uploading SVG, WEBP and ICO files (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 1.0.1",
"version_value": "1.0.1"
}
]
}
}
]
},
"vendor_name": "dmitrylitvinov"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Kim Jong Min aka Universe (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://patchstack.com/database/vulnerability/uploading-svgwebp-and-ico-files/wordpress-uploading-svg-webp-and-ico-files-plugin-1-0-0-authenticated-stored-cross-site-scripting-xss-vulnerability",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/uploading-svgwebp-and-ico-files/wordpress-uploading-svg-webp-and-ico-files-plugin-1-0-0-authenticated-stored-cross-site-scripting-xss-vulnerability"
},
{
"name": "https://wordpress.org/plugins/uploading-svgwebp-and-ico-files/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/uploading-svgwebp-and-ico-files/#developers"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

99
2022/34xxx/CVE-2022-34658.json
View File

@ -1,18 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-08-01T22:06:00.000Z",
"ID": "CVE-2022-34658",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress Download Manager plugin <= 3.2.48 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Download Manager (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 3.2.48",
"version_value": "3.2.48"
}
]
}
}
]
},
"vendor_name": "W3 Eden, Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Vlad Vector (Patchstack)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple Authenticated (contributor+) Persistent Cross-Site Scripting (XSS) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/download-manager/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/download-manager/#developers"
},
{
"name": "https://patchstack.com/database/vulnerability/download-manager/wordpress-download-manager-plugin-3-2-48-multiple-authenticated-persistent-cross-site-scripting-xss-vulnerabilities",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/download-manager/wordpress-download-manager-plugin-3-2-48-multiple-authenticated-persistent-cross-site-scripting-xss-vulnerabilities"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to 3.2.49 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

99
2022/34xxx/CVE-2022-34868.json
View File

@ -1,18 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-07-29T20:42:00.000Z",
"ID": "CVE-2022-34868",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress \u042eKassa \u0434\u043b\u044f WooCommerce plugin <= 2.3.0 - Authenticated Arbitrary Settings Update vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "\u042eKassa \u0434\u043b\u044f WooCommerce (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 2.3.0",
"version_value": "2.3.0"
}
]
}
}
]
},
"vendor_name": "YooMoney"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by ptsfence (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Authenticated Arbitrary Settings Update vulnerability in YooMoney \u042eKassa \u0434\u043b\u044f WooCommerce plugin <= 2.3.0 at WordPress."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://patchstack.com/database/vulnerability/yookassa/wordpress-yukassa-dlya-woocommerce-plugin-2-3-0-authenticated-arbitrary-settings-update-vulnerability",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/yookassa/wordpress-yukassa-dlya-woocommerce-plugin-2-3-0-authenticated-arbitrary-settings-update-vulnerability"
},
{
"name": "https://wordpress.org/plugins/yookassa/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/yookassa/#developers"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to 2.3.1 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

99
2022/35xxx/CVE-2022-35235.json
View File

@ -1,18 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-08-09T06:56:00.000Z",
"ID": "CVE-2022-35235",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress WPide plugin <= 2.6 - Authenticated Arbitrary File Read vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WPIDE \u2013 File Manager & Code Editor (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 2.6",
"version_value": "2.6"
}
]
}
}
]
},
"vendor_name": "XplodedThemes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Brandon Roldan (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Authenticated (admin+) Arbitrary File Read vulnerability in XplodedThemes WPide plugin <= 2.6 at WordPress."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary File Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://patchstack.com/database/vulnerability/wpide/wordpress-wpide-plugin-2-6-authenticated-arbitrary-file-read-vulnerability",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/wpide/wordpress-wpide-plugin-2-6-authenticated-arbitrary-file-read-vulnerability"
},
{
"name": "https://wordpress.org/plugins/wpide/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/wpide/#developers"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to 3.0 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

93
2022/35xxx/CVE-2022-35242.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-08-12T00:19:00.000Z",
"ID": "CVE-2022-35242",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress THE Leads Management System: 59sec LITE plugin <= 3.4.1 - Unauthenticated plugin settings change vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "THE Leads Management System: 59sec LITE (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 3.4.1",
"version_value": "3.4.1"
}
]
}
}
]
},
"vendor_name": "59sec"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by ptsfence (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Unauthenticated plugin settings change vulnerability in 59sec THE Leads Management System: 59sec LITE plugin <= 3.4.1 at WordPress."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://patchstack.com/database/vulnerability/59sec-lite-contact-form-7-push-notifications-on-ios-and-android/wordpress-the-leads-management-system-59sec-lite-plugin-3-4-1-unauthenticated-plugin-settings-change-vulnerability",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/59sec-lite-contact-form-7-push-notifications-on-ios-and-android/wordpress-the-leads-management-system-59sec-lite-plugin-3-4-1-unauthenticated-plugin-settings-change-vulnerability"
},
{
"name": "https://wordpress.org/plugins/59sec-lite-contact-form-7-push-notifications-on-ios-and-android/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/59sec-lite-contact-form-7-push-notifications-on-ios-and-android/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

4
2022/35xxx/CVE-2022-35654.json
View File

@ -71,9 +71,9 @@
"references": {
"reference_data": [
{
"url": "https://support.pega.com/support-doc/pega-security-advisory-c22-vulnerability-%E2%80%93-hotfix-matrix-0",
"url": "https://support.pega.com/support-doc/pega-security-advisory-d22-e22-f22-vulnerabilities-%E2%80%93-hotfix-matrix",
"refsource": "MISC",
"name": "https://support.pega.com/support-doc/pega-security-advisory-c22-vulnerability-%E2%80%93-hotfix-matrix-0"
"name": "https://support.pega.com/support-doc/pega-security-advisory-d22-e22-f22-vulnerabilities-%E2%80%93-hotfix-matrix"
}
]
},

4
2022/35xxx/CVE-2022-35655.json
View File

@ -71,9 +71,9 @@
"references": {
"reference_data": [
{
"url": "https://support.pega.com/support-doc/pega-security-advisory-c22-vulnerability-%E2%80%93-hotfix-matrix-0",
"url": "https://support.pega.com/support-doc/pega-security-advisory-d22-e22-f22-vulnerabilities-%E2%80%93-hotfix-matrix",
"refsource": "MISC",
"name": "https://support.pega.com/support-doc/pega-security-advisory-c22-vulnerability-%E2%80%93-hotfix-matrix-0"
"name": "https://support.pega.com/support-doc/pega-security-advisory-d22-e22-f22-vulnerabilities-%E2%80%93-hotfix-matrix"
}
]
},

4
2022/35xxx/CVE-2022-35656.json
View File

@ -71,9 +71,9 @@
"references": {
"reference_data": [
{
"url": "https://support.pega.com/support-doc/pega-security-advisory-c22-vulnerability-%E2%80%93-hotfix-matrix-0",
"url": "https://support.pega.com/support-doc/pega-security-advisory-d22-e22-f22-vulnerabilities-%E2%80%93-hotfix-matrix",
"refsource": "MISC",
"name": "https://support.pega.com/support-doc/pega-security-advisory-c22-vulnerability-%E2%80%93-hotfix-matrix-0"
"name": "https://support.pega.com/support-doc/pega-security-advisory-d22-e22-f22-vulnerabilities-%E2%80%93-hotfix-matrix"
}
]
},

99
2022/35xxx/CVE-2022-35726.json
View File

@ -1,18 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-08-22T00:01:00.000Z",
"ID": "CVE-2022-35726",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress Video Gallery plugin <= 1.3.4.5 - Broken Authentication vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Video Gallery (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 1.3.4.5",
"version_value": "1.3.4.5"
}
]
}
}
]
},
"vendor_name": "yotuwp"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Muhammad Daffa (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Broken Authentication vulnerability in yotuwp Video Gallery plugin <= 1.3.4.5 at WordPress."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Broken Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://patchstack.com/database/vulnerability/yotuwp-easy-youtube-embed/wordpress-video-gallery-plugin-1-3-4-5-broken-authentication",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/yotuwp-easy-youtube-embed/wordpress-video-gallery-plugin-1-3-4-5-broken-authentication"
},
{
"name": "https://wordpress.org/plugins/yotuwp-easy-youtube-embed/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/yotuwp-easy-youtube-embed/#developers"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to 1.3.5 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

99
2022/36xxx/CVE-2022-36282.json
View File

@ -1,18 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-08-22T07:26:00.000Z",
"ID": "CVE-2022-36282",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress Search Exclude plugin <= 1.2.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Search Exclude (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 1.2.6",
"version_value": "1.2.6"
}
]
}
}
]
},
"vendor_name": "Roman Pronskiy"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Muhammad Daffa (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Roman Pronskiy's Search Exclude plugin <= 1.2.6 at WordPress."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://patchstack.com/database/vulnerability/search-exclude/wordpress-search-exclude-plugin-1-2-6-authenticated-stored-cross-site-scripting-xss-vulnerability",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/search-exclude/wordpress-search-exclude-plugin-1-2-6-authenticated-stored-cross-site-scripting-xss-vulnerability"
},
{
"name": "https://wordpress.org/plugins/search-exclude/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/search-exclude/#developers"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to 1.2.7 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

93
2022/36xxx/CVE-2022-36285.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-08-11T23:36:00.000Z",
"ID": "CVE-2022-36285",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress Uploading SVG, WEBP and ICO files plugin <= 1.0.1 - Authenticated Arbitrary File Upload vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Uploading SVG, WEBP and ICO files (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 1.0.1",
"version_value": "1.0.1"
}
]
}
}
]
},
"vendor_name": "dmitrylitvinov"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Kim Jong Min aka Universe (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Authenticated Arbitrary File Upload vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/uploading-svgwebp-and-ico-files/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/uploading-svgwebp-and-ico-files/#developers"
},
{
"name": "https://patchstack.com/database/vulnerability/uploading-svgwebp-and-ico-files/wordpress-uploading-svg-webp-and-ico-files-plugin-1-0-0-authenticated-arbitrary-file-upload-vulnerability",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/uploading-svgwebp-and-ico-files/wordpress-uploading-svg-webp-and-ico-files-plugin-1-0-0-authenticated-arbitrary-file-upload-vulnerability"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

99
2022/36xxx/CVE-2022-36288.json
View File

@ -1,18 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-08-01T22:34:00.000Z",
"ID": "CVE-2022-36288",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress Download Manager plugin <= 3.2.48 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Download Manager (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 3.2.48",
"version_value": "3.2.48"
}
]
}
}
]
},
"vendor_name": "W3 Eden, Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Vlad Vector (Patchstack)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/download-manager/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/download-manager/#developers"
},
{
"name": "https://patchstack.com/database/vulnerability/download-manager/wordpress-download-manager-plugin-3-2-48-multiple-cross-site-request-forgery-csrf-vulnerabilities",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/download-manager/wordpress-download-manager-plugin-3-2-48-multiple-cross-site-request-forgery-csrf-vulnerabilities"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to 3.2.49 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

93
2022/36xxx/CVE-2022-36292.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-08-10T20:27:00.000Z",
"ID": "CVE-2022-36292",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress Gallery PhotoBlocks plugin <= 1.2.6 - Cross-Site Request Forgery (CSRF) vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Gallery PhotoBlocks (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 1.2.6",
"version_value": "1.2.6"
}
]
}
}
]
},
"vendor_name": "WPChill"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Ngo Van Thien (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerabilities in WPChill Gallery PhotoBlocks plugin <= 1.2.6 at WordPress."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://patchstack.com/database/vulnerability/photoblocks-grid-gallery/wordpress-gallery-photoblocks-plugin-1-2-6-cross-site-request-forgery-csrf-vulnerabilities",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/photoblocks-grid-gallery/wordpress-gallery-photoblocks-plugin-1-2-6-cross-site-request-forgery-csrf-vulnerabilities"
},
{
"name": "https://wordpress.org/plugins/photoblocks-grid-gallery/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/photoblocks-grid-gallery/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

93
2022/36xxx/CVE-2022-36341.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-08-10T19:02:00.000Z",
"ID": "CVE-2022-36341",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress AS \u2013 Create Pinterest Pinboard Pages plugin <= 1.0 - Authenticated plugin settings change leading to Stored Cross-Site Scripting (XSS) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AS \u2013 Create Pinterest Pinboard Pages (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 1.0",
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "Akash soni"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by ptsfence (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Authenticated (subscriber+) plugin settings change leading to Stored Cross-Site Scripting (XSS) vulnerability in Akash soni's AS \u2013 Create Pinterest Pinboard Pages plugin <= 1.0 at WordPress."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://patchstack.com/database/vulnerability/as-create-pinterest-pinboard-pages/wordpress-as-create-pinterest-pinboard-pages-plugin-1-0-authenticated-plugin-settings-change-leading-to-stored-cross-site-scripting-xss-vulnerability",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/as-create-pinterest-pinboard-pages/wordpress-as-create-pinterest-pinboard-pages-plugin-1-0-authenticated-plugin-settings-change-leading-to-stored-cross-site-scripting-xss-vulnerability"
},
{
"name": "https://wordpress.org/plugins/as-create-pinterest-pinboard-pages/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/as-create-pinterest-pinboard-pages/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

93
2022/36xxx/CVE-2022-36347.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-08-12T06:43:00.000Z",
"ID": "CVE-2022-36347",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress Alpine PhotoTile for Pinterest plugin <= 1.3.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Alpine PhotoTile for Pinterest (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 1.3.1",
"version_value": "1.3.1"
}
]
}
}
]
},
"vendor_name": "Alpine Press"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by ptsfence (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alpine Press Alpine PhotoTile for Pinterest plugin <= 1.3.1 at WordPress."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://patchstack.com/database/vulnerability/alpine-photo-tile-for-pinterest/wordpress-alpine-phototile-for-pinterest-plugin-1-3-1-authenticated-stored-cross-site-scripting-xss-vulnerability",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/alpine-photo-tile-for-pinterest/wordpress-alpine-phototile-for-pinterest-plugin-1-3-1-authenticated-stored-cross-site-scripting-xss-vulnerability"
},
{
"name": "https://wordpress.org/plugins/alpine-photo-tile-for-pinterest/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/alpine-photo-tile-for-pinterest/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

99
2022/36xxx/CVE-2022-36379.json
View File

@ -1,18 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-07-28T21:14:00.000Z",
"ID": "CVE-2022-36379",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress \u042eKassa \u0434\u043b\u044f WooCommerce plugin <= 2.3.0 - Cross-Site Request Forgery (CSRF) leading to plugin settings update"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "\u042eKassa \u0434\u043b\u044f WooCommerce (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 2.3.0",
"version_value": "2.3.0"
}
]
}
}
]
},
"vendor_name": "YooMoney"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by ptsfence (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) leading to plugin settings update in YooMoney \u042eKassa \u0434\u043b\u044f WooCommerce plugin <= 2.3.0 at WordPress."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/yookassa/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/yookassa/#developers"
},
{
"name": "https://patchstack.com/database/vulnerability/yookassa/wordpress-yukassa-dlya-woocommerce-plugin-2-3-0-cross-site-request-forgery-csrf-leading-to-plugin-settings-update",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/yookassa/wordpress-yukassa-dlya-woocommerce-plugin-2-3-0-cross-site-request-forgery-csrf-leading-to-plugin-settings-update"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to 2.3.1 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

99
2022/36xxx/CVE-2022-36389.json
View File

@ -1,18 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-01-18T08:45:00.000Z",
"ID": "CVE-2022-36389",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress Better Messages plugin <= 1.9.9.148 - Cross-Site Request Forgery (CSRF) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Better Messages (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 1.9.9.148",
"version_value": "1.9.9.148"
}
]
}
}
]
},
"vendor_name": "WordPlus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Vlad Vector (Patchstack)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/bp-better-messages/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/bp-better-messages/#developers"
},
{
"name": "https://patchstack.com/database/vulnerability/bp-better-messages/wordpress-better-messages-plugin-1-9-9-148-cross-site-request-forgery-csrf-vulnerability-2",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/bp-better-messages/wordpress-better-messages-plugin-1-9-9-148-cross-site-request-forgery-csrf-vulnerability-2"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to 1.9.9.149 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

99
2022/36xxx/CVE-2022-36394.json
View File

@ -1,18 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-08-09T07:17:00.000Z",
"ID": "CVE-2022-36394",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress Contest Gallery plugin <= 17.0.4 - Authenticated SQL Injection (SQLi) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Contest Gallery (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 17.0.4",
"version_value": "17.0.4"
}
]
}
}
]
},
"vendor_name": "Contest Gallery"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Nguy Minh Tuan (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Authenticated (author+) SQL Injection (SQLi) vulnerability in Contest Gallery plugin <= 17.0.4 at WordPress."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://patchstack.com/database/vulnerability/contest-gallery/wordpress-contest-gallery-plugin-17-0-4-authenticated-sql-injection-sqli-vulnerability",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/contest-gallery/wordpress-contest-gallery-plugin-17-0-4-authenticated-sql-injection-sqli-vulnerability"
},
{
"name": "https://wordpress.org/plugins/contest-gallery/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/contest-gallery/#developers"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to 17.0.5 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

99
2022/36xxx/CVE-2022-36405.json
View File

@ -1,18 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-08-09T07:05:00.000Z",
"ID": "CVE-2022-36405",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress amCharts: Charts and Maps plugin <= 1.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "amCharts: Charts and Maps (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 1.4",
"version_value": "1.4"
}
]
}
}
]
},
"vendor_name": "amCharts"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Ngo Van Thien (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in amCharts: Charts and Maps plugin <= 1.4 at WordPress."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://patchstack.com/database/vulnerability/amcharts-charts-and-maps/wordpress-amcharts-charts-and-maps-plugin-1-4-authenticated-stored-cross-site-scripting-xss-vulnerability",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/amcharts-charts-and-maps/wordpress-amcharts-charts-and-maps-plugin-1-4-authenticated-stored-cross-site-scripting-xss-vulnerability"
},
{
"name": "https://wordpress.org/plugins/amcharts-charts-and-maps/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/amcharts-charts-and-maps/#developers"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to 1.4.1 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

56
2022/37xxx/CVE-2022-37111.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-37111",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-37111",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "BlueCMS 1.6 has SQL injection in line 132 of admin/article.php"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/seizer-zyx/Vulnerability/issues/1",
"refsource": "MISC",
"name": "https://github.com/seizer-zyx/Vulnerability/issues/1"
}
]
}

56
2022/37xxx/CVE-2022-37112.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-37112",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-37112",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "BlueCMS 1.6 has SQL injection in line 55 of admin/model.php"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/seizer-zyx/Vulnerability/issues/2",
"refsource": "MISC",
"name": "https://github.com/seizer-zyx/Vulnerability/issues/2"
}
]
}

56
2022/37xxx/CVE-2022-37113.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-37113",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-37113",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Bluecms 1.6 has SQL injection in line 132 of admin/area.php"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/seizer-zyx/Vulnerability/issues/3",
"refsource": "MISC",
"name": "https://github.com/seizer-zyx/Vulnerability/issues/3"
}
]
}