admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-08 11:37:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-03-28 18:01:29 +00:00
parent c3a7f06e16
commit 313dbcb702
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
6 changed files with 285 additions and 226 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

170
2021/24xxx/CVE-2021-24962.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24962",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "WordPress File Upload < 4.16.3 - Contributor+ Path Traversal to RCE"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "WordPress File Upload",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.16.3",
"version_value": "4.16.3"
"CVE_data_meta": {
"ID": "CVE-2021-24962",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "WordPress File Upload < 4.16.3 - Contributor+ Path Traversal to RCE"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "WordPress File Upload",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.16.3",
"version_value": "4.16.3"
}
]
}
},
{
"product_name": "WordPress File Upload Pro",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.16.3",
"version_value": "4.16.3"
}
]
}
}
]
}
]
}
},
{
"product_name": "WordPress File Upload Pro",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.16.3",
"version_value": "4.16.3"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WordPress File Upload Free and Pro WordPress plugins before 4.16.3 allow users with a role as low as Contributor to perform path traversal via a shortcode argument, which can then be used to upload a PHP code disguised as an image inside the auto-loaded directory of the plugin, resulting in arbitrary code execution."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/7a95b3f2-285e-40e3-aead-41932c207623",
"name": "https://wpscan.com/vulnerability/7a95b3f2-285e-40e3-aead-41932c207623"
},
{
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2677722",
"name": "https://plugins.trac.wordpress.org/changeset/2677722"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WordPress File Upload Free and Pro WordPress plugins before 4.16.3 allow users with a role as low as Contributor to perform path traversal via a shortcode argument, which can then be used to upload a PHP code disguised as an image inside the auto-loaded directory of the plugin, resulting in arbitrary code execution."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2677722",
"name": "https://plugins.trac.wordpress.org/changeset/2677722"
},
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/7a95b3f2-285e-40e3-aead-41932c207623",
"name": "https://wpscan.com/vulnerability/7a95b3f2-285e-40e3-aead-41932c207623"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
}
],
"source": {
"discovery": "EXTERNAL"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}

136
2021/25xxx/CVE-2021-25071.json
View File

@ -1,75 +1,75 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-25071",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Akismet Privacy Policies <= 2.0.1 - Reflected Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Akismet Privacy Policies",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2.0.1",
"version_value": "2.0.1"
"CVE_data_meta": {
"ID": "CVE-2021-25071",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Akismet Privacy Policies <= 2.0.1 - Reflected Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Akismet Privacy Policies",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2.0.1",
"version_value": "2.0.1"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WordPress plugin through 2.0.1 does not sanitise and escape the translation parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/53085936-fa07-4f00-a7dc-bbe98c51320e",
"name": "https://wpscan.com/vulnerability/53085936-fa07-4f00-a7dc-bbe98c51320e"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WordPress plugin through 2.0.1 does not sanitise and escape the translation parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zając"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/53085936-fa07-4f00-a7dc-bbe98c51320e",
"name": "https://wpscan.com/vulnerability/53085936-fa07-4f00-a7dc-bbe98c51320e"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zaj\u0105c"
}
],
"source": {
"discovery": "EXTERNAL"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}

5
2021/44xxx/CVE-2021-44226.json
View File

@ -66,6 +66,11 @@
"refsource": "FULLDISC",
"name": "20220325 [SYSS-2021-058] Razer Synapse - Local Privilege Escalation",
"url": "http://seclists.org/fulldisclosure/2022/Mar/51"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/166485/Razer-Synapse-3.6.x-DLL-Hijacking.html",
"url": "http://packetstormsecurity.com/files/166485/Razer-Synapse-3.6.x-DLL-Hijacking.html"
}
]
}

134
2022/0xxx/CVE-2022-0679.json
View File

@ -1,75 +1,75 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-0679",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Narnoo Distributor <= 2.5.1 - Unauthenticated LFI to Arbitrary File Read / RCE"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Narnoo Distributor",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2.5.1",
"version_value": "2.5.1"
"CVE_data_meta": {
"ID": "CVE-2022-0679",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Narnoo Distributor <= 2.5.1 - Unauthenticated LFI to Arbitrary File Read / RCE"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Narnoo Distributor",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2.5.1",
"version_value": "2.5.1"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Narnoo Distributor WordPress plugin through 2.5.1 fails to validate and sanitize the lib_path parameter before it is passed into a call to require() via the narnoo_distributor_lib_request AJAX action (available to both unauthenticated and authenticated users) which results in the disclosure of arbitrary files as the content of the file is then displayed in the response as JSON data. This could also lead to RCE with various tricks but depends on the underlying system and it's configuration."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/0ea79eb1-6561-4c21-a20b-a1870863b0a8",
"name": "https://wpscan.com/vulnerability/0ea79eb1-6561-4c21-a20b-a1870863b0a8"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Narnoo Distributor WordPress plugin through 2.5.1 fails to validate and sanitize the lib_path parameter before it is passed into a call to require() via the narnoo_distributor_lib_request AJAX action (available to both unauthenticated and authenticated users) which results in the disclosure of arbitrary files as the content of the file is then displayed in the response as JSON data. This could also lead to RCE with various tricks but depends on the underlying system and it's configuration."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "cydave"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/0ea79eb1-6561-4c21-a20b-a1870863b0a8",
"name": "https://wpscan.com/vulnerability/0ea79eb1-6561-4c21-a20b-a1870863b0a8"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "cydave"
}
],
"source": {
"discovery": "EXTERNAL"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

5
2022/26xxx/CVE-2022-26659.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://docs.docker.com/desktop/windows/release-notes/",
"url": "https://docs.docker.com/desktop/windows/release-notes/"
},
{
"refsource": "MISC",
"name": "https://github.com/hmsec/Advisories/blob/master/CVE-2022-26659.md",
"url": "https://github.com/hmsec/Advisories/blob/master/CVE-2022-26659.md"
}
]
}

61
2022/26xxx/CVE-2022-26980.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26980",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-26980",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Teampass 2.1.26 allows reflected XSS via the index.php PATH_INFO."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/nilsteampassnet/TeamPass/commits/teampass_2",
"refsource": "MISC",
"name": "https://github.com/nilsteampassnet/TeamPass/commits/teampass_2"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/RNPG/6919286e0daebce7634d0a744e060dca",
"url": "https://gist.github.com/RNPG/6919286e0daebce7634d0a744e060dca"
}
]
}