admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-01-13 16:01:10 +00:00
parent 2e4d51cd00
commit 317d20fd19
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
8 changed files with 131 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
2020/12xxx/CVE-2020-12080.json
View File

@ -52,17 +52,21 @@
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2020-28",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2020-28"
},
{
"name": "https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2020-12080-Remediated-in-FlexNet-Publisher/ta-p/143873",
"refsource": "CONFIRM",
"url": "https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2020-12080-Remediated-in-FlexNet-Publisher/ta-p/143873",
"name": "https://community.flexera.com/t5/FlexNet-Publisher-News/FlexNet-Publisher-2020-R2-11-17-0-is-here/ba-p/144017/jump-to/first-unread-message",
"refsource": "CONFIRM",
"url": "https://community.flexera.com/t5/FlexNet-Publisher-News/FlexNet-Publisher-2020-R2-11-17-0-is-here/ba-p/144017/jump-to/first-unread-message",
"name": "https://www.tenable.com/security/research/tra-2020-28",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2020-28"
"url": "https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2020-12080-Remediated-in-FlexNet-Publisher/ta-p/143873"
},
{
"name": "https://community.flexera.com/t5/FlexNet-Publisher-News/FlexNet-Publisher-2020-R2-11-17-0-is-here/ba-p/144017/jump-to/first-unread-message",
"refsource": "CONFIRM",
"url": "https://community.flexera.com/t5/FlexNet-Publisher-News/FlexNet-Publisher-2020-R2-11-17-0-is-here/ba-p/144017/jump-to/first-unread-message"
}
]
}
}
}

66
2021/40xxx/CVE-2021-40327.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-40327",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-40327",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Trusted Firmware-M (TF-M) 1.4.0, when Profile Small is used, has incorrect access control. NSPE can access a secure key (held by the Crypto service) based solely on knowledge of its key ID. For example, there is no authorization check associated with the relationship between a caller and a key owner."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://developer.arm.com/support/arm-security-updates",
"refsource": "MISC",
"name": "https://developer.arm.com/support/arm-security-updates"
},
{
"url": "https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/",
"refsource": "MISC",
"name": "https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/"
},
{
"refsource": "CONFIRM",
"name": "https://tf-m-user-guide.trustedfirmware.org/docs/security/security_advisories/profile_small_key_id_encoding_vulnerability.html",
"url": "https://tf-m-user-guide.trustedfirmware.org/docs/security/security_advisories/profile_small_key_id_encoding_vulnerability.html"
}
]
}

18
2022/0xxx/CVE-2022-0217.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-0217",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/0xxx/CVE-2022-0218.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-0218",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

7
2022/23xxx/CVE-2022-23131.json
View File

@ -49,7 +49,7 @@
"description_data": [
{
"lang": "eng",
"value": "In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified.\nMalicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to Zabbix Frontend. To perform the attack, SAML authentication is required to be enabled and the actor has to know the username of Zabbix user (or use the guest account, which is disabled by default)."
"value": "In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to Zabbix Frontend. To perform the attack, SAML authentication is required to be enabled and the actor has to know the username of Zabbix user (or use the guest account, which is disabled by default)."
}
]
},
@ -87,8 +87,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://support.zabbix.com/browse/ZBX-20350"
"refsource": "MISC",
"url": "https://support.zabbix.com/browse/ZBX-20350",
"name": "https://support.zabbix.com/browse/ZBX-20350"
}
]
},

13
2022/23xxx/CVE-2022-23132.json
View File

@ -23,13 +23,13 @@
},
{
"version_affected": "=",
"version_name": "5.0.0 5.0.18",
"version_value": "5.0.0 5.0.18"
"version_name": "5.0.0 \u2013 5.0.18",
"version_value": "5.0.0 \u2013 5.0.18"
},
{
"version_affected": "=",
"version_name": "5.4.0 5.4.8",
"version_value": "5.4.0 5.4.8"
"version_name": "5.4.0 \u2013 5.4.8",
"version_value": "5.4.0 \u2013 5.4.8"
},
{
"version_affected": "!>=",
@ -102,8 +102,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://support.zabbix.com/browse/ZBX-20341"
"refsource": "MISC",
"url": "https://support.zabbix.com/browse/ZBX-20341",
"name": "https://support.zabbix.com/browse/ZBX-20341"
}
]
},

15
2022/23xxx/CVE-2022-23133.json
View File

@ -18,13 +18,13 @@
"version_data": [
{
"version_affected": "=",
"version_name": "5.0.0 5.0.18",
"version_value": "5.0.0 5.0.18"
"version_name": "5.0.0 \u2013 5.0.18",
"version_value": "5.0.0 \u2013 5.0.18"
},
{
"version_affected": "=",
"version_name": "5.4.0 5.4.8",
"version_value": "5.4.0 5.4.8"
"version_name": "5.4.0 \u2013 5.4.8",
"version_value": "5.4.0 \u2013 5.4.8"
},
{
"version_affected": "!>=",
@ -59,7 +59,7 @@
"description_data": [
{
"lang": "eng",
"value": "An authenticated user can create a hosts group from the configuration with XSS payload, which will be available for other users.\nWhen XSS is stored by an authenticated malicious actor and other users try to search for groups during new host creation, the XSS payload will fire and the actor can steal session cookies and perform session hijacking to impersonate users or take over their accounts."
"value": "An authenticated user can create a hosts group from the configuration with XSS payload, which will be available for other users. When XSS is stored by an authenticated malicious actor and other users try to search for groups during new host creation, the XSS payload will fire and the actor can steal session cookies and perform session hijacking to impersonate users or take over their accounts."
}
]
},
@ -97,8 +97,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://support.zabbix.com/browse/ZBX-20388"
"refsource": "MISC",
"url": "https://support.zabbix.com/browse/ZBX-20388",
"name": "https://support.zabbix.com/browse/ZBX-20388"
}
]
},

7
2022/23xxx/CVE-2022-23134.json
View File

@ -49,7 +49,7 @@
"description_data": [
{
"lang": "eng",
"value": "After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well.\nMalicious actor can pass step checks and potentially change the configuration of Zabbix Frontend."
"value": "After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend."
}
]
},
@ -87,8 +87,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://support.zabbix.com/browse/ZBX-20384"
"refsource": "MISC",
"url": "https://support.zabbix.com/browse/ZBX-20384",
"name": "https://support.zabbix.com/browse/ZBX-20384"
}
]
},