admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-08-01 20:00:51 +00:00
parent 0ac41180e6
commit 30c2c8a79d
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
10 changed files with 198 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
2022/2xxx/CVE-2022-2602.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2602",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

2
2022/31xxx/CVE-2022-31177.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "Flask-AppBuilder is an application development framework built on top of Flask python framework. In versions prior to 4.1.3 an authenticated Admin user could query other users by their salted and hashed passwords strings. These filters could be made by using partial hashed password strings. The response would not include the hashed passwords, but an attacker could infer partial password hashes and their respective users. This issue has been fixed in version 4.1.3. Users are advised to upgrade. There are no known workarounds for this issue.\n"
"value": "Flask-AppBuilder is an application development framework built on top of Flask python framework. In versions prior to 4.1.3 an authenticated Admin user could query other users by their salted and hashed passwords strings. These filters could be made by using partial hashed password strings. The response would not include the hashed passwords, but an attacker could infer partial password hashes and their respective users. This issue has been fixed in version 4.1.3. Users are advised to upgrade. There are no known workarounds for this issue."
}
]
},

2
2022/31xxx/CVE-2022-31178.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "eLabFTW is an electronic lab notebook manager for research teams. A vulnerability was discovered which allows a logged in user to read a template without being authorized to do so. This vulnerability has been patched in 4.3.4. Users are advised to upgrade. There are no known workarounds for this issue.\n"
"value": "eLabFTW is an electronic lab notebook manager for research teams. A vulnerability was discovered which allows a logged in user to read a template without being authorized to do so. This vulnerability has been patched in 4.3.4. Users are advised to upgrade. There are no known workarounds for this issue."
}
]
},

10
2022/31xxx/CVE-2022-31179.json
View File

@ -69,6 +69,11 @@
},
"references": {
"reference_data": [
{
"name": "https://github.com/ericcornelissen/shescape/releases/tag/v1.5.8",
"refsource": "MISC",
"url": "https://github.com/ericcornelissen/shescape/releases/tag/v1.5.8"
},
{
"name": "https://github.com/ericcornelissen/shescape/security/advisories/GHSA-jjc5-fp7p-6f8w",
"refsource": "CONFIRM",
@ -78,11 +83,6 @@
"name": "https://github.com/ericcornelissen/shescape/pull/332",
"refsource": "MISC",
"url": "https://github.com/ericcornelissen/shescape/pull/332"
},
{
"name": "https://github.com/ericcornelissen/shescape/releases/tag/v1.5.8",
"refsource": "MISC",
"url": "https://github.com/ericcornelissen/shescape/releases/tag/v1.5.8"
}
]
},

2
2022/31xxx/CVE-2022-31181.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP's Eval function on attacker input. The problem is fixed in version 1.7.8.7. Users are advised to upgrade. Users unable to upgrade may delete the MySQL Smarty cache feature.\n"
"value": "PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP's Eval function on attacker input. The problem is fixed in version 1.7.8.7. Users are advised to upgrade. Users unable to upgrade may delete the MySQL Smarty cache feature."
}
]
},

12
2022/31xxx/CVE-2022-31186.json
View File

@ -72,6 +72,11 @@
},
"references": {
"reference_data": [
{
"name": "https://next-auth.js.org/getting-started/upgrade-v4",
"refsource": "MISC",
"url": "https://next-auth.js.org/getting-started/upgrade-v4"
},
{
"name": "https://github.com/nextauthjs/next-auth/security/advisories/GHSA-p6mm-27gq-9v3p",
"refsource": "CONFIRM",
@ -82,11 +87,6 @@
"refsource": "MISC",
"url": "https://next-auth.js.org/configuration/options#logger"
},
{
"name": "https://next-auth.js.org/getting-started/upgrade-v4",
"refsource": "MISC",
"url": "https://next-auth.js.org/getting-started/upgrade-v4"
},
{
"name": "https://next-auth.js.org/warnings#debug_enabled",
"refsource": "MISC",
@ -98,4 +98,4 @@
"advisory": "GHSA-p6mm-27gq-9v3p",
"discovery": "UNKNOWN"
}
}
}

2
2022/31xxx/CVE-2022-31188.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "CVAT is an opensource interactive video and image annotation tool for computer vision. Versions prior to 2.0.0 were found to be subject to a Server-side request forgery (SSRF) vulnerability. Validation has been added to urls used in the affected code path in version 2.0.0. Users are advised to upgrade. There are no known workarounds for this issue.\n"
"value": "CVAT is an opensource interactive video and image annotation tool for computer vision. Versions prior to 2.0.0 were found to be subject to a Server-side request forgery (SSRF) vulnerability. Validation has been added to urls used in the affected code path in version 2.0.0. Users are advised to upgrade. There are no known workarounds for this issue."
}
]
},

61
2022/31xxx/CVE-2022-31321.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-31321",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-31321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The foldername parameter in Bolt 5.1.7 was discovered to have incorrect input validation, allowing attackers to perform directory enumeration or cause a Denial of Service (DoS) via a crafted input."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://bolt.com",
"refsource": "MISC",
"name": "http://bolt.com"
},
{
"refsource": "MISC",
"name": "https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md",
"url": "https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md"
}
]
}

61
2022/34xxx/CVE-2022-34530.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34530",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-34530",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers to enumerate usernames via password reset requests and distinct responses returned based on usernames."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md",
"url": "https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md"
},
{
"url": "http://backdrop.com",
"refsource": "MISC",
"name": "http://backdrop.com"
}
]
}

61
2022/35xxx/CVE-2022-35118.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-35118",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-35118",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "PyroCMS v3.9 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md",
"url": "https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md"
},
{
"url": "http://pyrocms.com",
"refsource": "MISC",
"name": "http://pyrocms.com"
}
]
}