admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-04-26 19:01:38 +00:00
parent 361c4c0b11
commit 3390c42fa8
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
10 changed files with 504 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
2021/20xxx/CVE-2021-20609.json
View File

@ -52,25 +52,25 @@
"version_value": "MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. \"23071\" and prior"
},
{
"version_value": "MELSEC Q Series Q12DCCPU-V All versions"
"version_value": "MELSEC Q Series Q12DCCPU-V The first 5 digits of serial No. \"24031\" and prior"
},
{
"version_value": "MELSEC Q Series Q24DHCCPU-V(G) All versions"
"version_value": "MELSEC Q Series Q24DHCCPU-V(G) The first 5 digits of serial No. \"24031\" and prior"
},
{
"version_value": "MELSEC Q Series Q24/26DHCCPU-LS All versions"
"version_value": "MELSEC Q Series Q24/26DHCCPU-LS The first 5 digits of serial No. \"24031\" and prior"
},
{
"version_value": "MELSEC Q Series MR-MQ100 All versions"
"version_value": "MELSEC Q Series MR-MQ100 Operating system software version \"F\" and prior"
},
{
"version_value": "MELSEC Q Series Q172/173DCPU-S1 All versions"
"version_value": "MELSEC Q Series Q172/173DCPU-S1 Operating system software version \"W\" and prior"
},
{
"version_value": "MELSEC Q Series Q172/173DSCPU All versions"
},
{
"version_value": "MELSEC Q Series Q170MCPU All versions"
"version_value": "MELSEC Q Series Q170MCPU Operating system software version \"W\" and prior"
},
{
"version_value": "MELSEC Q Series Q170MSCPU(-S1) All versions"
@ -128,7 +128,7 @@
"description_data": [
{
"lang": "eng",
"value": "Uncontrolled Resource Consumption vulnerability in MELSEC iQ-R Series R00/01/02CPU Firmware versions \"24\" and prior, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions \"57\" and prior, MELSEC iQ-R Series R08/16/32/120SFCPU All versions, MELSEC iQ-R Series R08/16/32/120PCPU Firmware versions \"29\" and prior, MELSEC iQ-R Series R08/16/32/120PSFCPU All versions, MELSEC iQ-R Series R16/32/64MTCPU All versions, MELSEC iQ-R Series R12CCPU-V All versions, MELSEC Q Series Q03UDECPU The first 5 digits of serial No. \"23121\" and prior, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU The first 5 digits of serial No. \"23121\" and prior, MELSEC Q Series Q03/04/06/13/26UDVCPU The first 5 digits of serial No. \"23071\" and prior, MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. \"23071\" and prior, MELSEC Q Series Q12DCCPU-V All versions, MELSEC Q Series Q24DHCCPU-V(G) All versions, MELSEC Q Series Q24/26DHCCPU-LS All versions, MELSEC Q Series MR-MQ100 All versions, MELSEC Q Series Q172/173DCPU-S1 All versions, MELSEC Q Series Q172/173DSCPU All versions, MELSEC Q Series Q170MCPU All versions, MELSEC Q Series Q170MSCPU(-S1) All versions, MELSEC L Series L02/06/26CPU(-P) The first 5 digits of serial No. \"23121\" and prior, MELSEC L Series L26CPU-(P)BT The first 5 digits of serial No. \"23121\" and prior and MELIPC Series MI5122-VW All versions allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery."
"value": "Uncontrolled Resource Consumption vulnerability in MELSEC iQ-R Series R00/01/02CPU Firmware versions \"24\" and prior, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions \"57\" and prior, MELSEC iQ-R Series R08/16/32/120SFCPU All versions, MELSEC iQ-R Series R08/16/32/120PCPU Firmware versions \"29\" and prior, MELSEC iQ-R Series R08/16/32/120PSFCPU All versions, MELSEC iQ-R Series R16/32/64MTCPU All versions, MELSEC iQ-R Series R12CCPU-V All versions, MELSEC Q Series Q03UDECPU The first 5 digits of serial No. \"23121\" and prior, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU The first 5 digits of serial No. \"23121\" and prior, MELSEC Q Series Q03/04/06/13/26UDVCPU The first 5 digits of serial No. \"23071\" and prior, MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. \"23071\" and prior, MELSEC Q Series Q12DCCPU-V The first 5 digits of serial No. \"24031\" and prior, MELSEC Q Series Q24DHCCPU-V(G) The first 5 digits of serial No. \"24031\" and prior, MELSEC Q Series Q24/26DHCCPU-LS The first 5 digits of serial No. \"24031\" and prior, MELSEC Q Series MR-MQ100 Operating system software version \"F\" and prior, MELSEC Q Series Q172/173DCPU-S1 Operating system software version \"W\" and prior, MELSEC Q Series Q172/173DSCPU All versions, MELSEC Q Series Q170MCPU Operating system software version \"W\" and prior, MELSEC Q Series Q170MSCPU(-S1) All versions, MELSEC L Series L02/06/26CPU(-P) The first 5 digits of serial No. \"23121\" and prior, MELSEC L Series L26CPU-(P)BT The first 5 digits of serial No. \"23121\" and prior and MELIPC Series MI5122-VW All versions allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery."
}
]
}

14
2021/20xxx/CVE-2021-20610.json
View File

@ -52,25 +52,25 @@
"version_value": "MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. \"23071\" and prior"
},
{
"version_value": "MELSEC Q Series Q12DCCPU-V All versions"
"version_value": "MELSEC Q Series Q12DCCPU-V The first 5 digits of serial No. \"24031\" and prior"
},
{
"version_value": "MELSEC Q Series Q24DHCCPU-V(G) All versions"
"version_value": "MELSEC Q Series Q24DHCCPU-V(G) The first 5 digits of serial No. \"24031\" and prior"
},
{
"version_value": "MELSEC Q Series Q24/26DHCCPU-LS All versions"
"version_value": "MELSEC Q Series Q24/26DHCCPU-LS The first 5 digits of serial No. \"24031\" and prior"
},
{
"version_value": "MELSEC Q Series MR-MQ100 All versions"
"version_value": "MELSEC Q Series MR-MQ100 Operating system software version \"F\" and prior"
},
{
"version_value": "MELSEC Q Series Q172/173DCPU-S1 All versions"
"version_value": "MELSEC Q Series Q172/173DCPU-S1 Operating system software version \"W\" and prior"
},
{
"version_value": "MELSEC Q Series Q172/173DSCPU All versions"
},
{
"version_value": "MELSEC Q Series Q170MCPU All versions"
"version_value": "MELSEC Q Series Q170MCPU Operating system software version \"W\" and prior"
},
{
"version_value": "MELSEC Q Series Q170MSCPU(-S1) All versions"
@ -128,7 +128,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper Handling of Length Parameter Inconsistency vulnerability in MELSEC iQ-R Series R00/01/02CPU Firmware versions \"24\" and prior, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions \"57\" and prior, MELSEC iQ-R Series R08/16/32/120SFCPU All versions, MELSEC iQ-R Series R08/16/32/120PCPU Firmware versions \"29\" and prior, MELSEC iQ-R Series R08/16/32/120PSFCPU All versions, MELSEC iQ-R Series R16/32/64MTCPU All versions, MELSEC iQ-R Series R12CCPU-V All versions, MELSEC Q Series Q03UDECPU The first 5 digits of serial No. \"23121\" and prior, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU The first 5 digits of serial No. \"23121\" and prior, MELSEC Q Series Q03/04/06/13/26UDVCPU The first 5 digits of serial No. \"23071\" and prior, MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. \"23071\" and prior, MELSEC Q Series Q12DCCPU-V All versions, MELSEC Q Series Q24DHCCPU-V(G) All versions, MELSEC Q Series Q24/26DHCCPU-LS All versions, MELSEC Q Series MR-MQ100 All versions, MELSEC Q Series Q172/173DCPU-S1 All versions, MELSEC Q Series Q172/173DSCPU All versions, MELSEC Q Series Q170MCPU All versions, MELSEC Q Series Q170MSCPU(-S1) All versions, MELSEC L Series L02/06/26CPU(-P) The first 5 digits of serial No. \"23121\" and prior, MELSEC L Series L26CPU-(P)BT The first 5 digits of serial No. \"23121\" and prior and MELIPC Series MI5122-VW All versions allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery."
"value": "Improper Handling of Length Parameter Inconsistency vulnerability in MELSEC iQ-R Series R00/01/02CPU Firmware versions \"24\" and prior, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions \"57\" and prior, MELSEC iQ-R Series R08/16/32/120SFCPU All versions, MELSEC iQ-R Series R08/16/32/120PCPU Firmware versions \"29\" and prior, MELSEC iQ-R Series R08/16/32/120PSFCPU All versions, MELSEC iQ-R Series R16/32/64MTCPU All versions, MELSEC iQ-R Series R12CCPU-V All versions, MELSEC Q Series Q03UDECPU The first 5 digits of serial No. \"23121\" and prior, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU The first 5 digits of serial No. \"23121\" and prior, MELSEC Q Series Q03/04/06/13/26UDVCPU The first 5 digits of serial No. \"23071\" and prior, MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. \"23071\" and prior, MELSEC Q Series Q12DCCPU-V The first 5 digits of serial No. \"24031\" and prior, MELSEC Q Series Q24DHCCPU-V(G) The first 5 digits of serial No. \"24031\" and prior, MELSEC Q Series Q24/26DHCCPU-LS The first 5 digits of serial No. \"24031\" and prior, MELSEC Q Series MR-MQ100 Operating system software version \"F\" and prior, MELSEC Q Series Q172/173DCPU-S1 Operating system software version \"W\" and prior, MELSEC Q Series Q172/173DSCPU All versions, MELSEC Q Series Q170MCPU Operating system software version \"W\" and prior, MELSEC Q Series Q170MSCPU(-S1) All versions, MELSEC L Series L02/06/26CPU(-P) The first 5 digits of serial No. \"23121\" and prior, MELSEC L Series L26CPU-(P)BT The first 5 digits of serial No. \"23121\" and prior and MELIPC Series MI5122-VW All versions allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery."
}
]
}

14
2021/20xxx/CVE-2021-20611.json
View File

@ -52,25 +52,25 @@
"version_value": "MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. \"23071\" and prior"
},
{
"version_value": "MELSEC Q Series Q12DCCPU-V All versions"
"version_value": "MELSEC Q Series Q12DCCPU-V The first 5 digits of serial No. \"24031\" and prior"
},
{
"version_value": "MELSEC Q Series Q24DHCCPU-V(G) All versions"
"version_value": "MELSEC Q Series Q24DHCCPU-V(G) The first 5 digits of serial No. \"24031\" and prior"
},
{
"version_value": "MELSEC Q Series Q24/26DHCCPU-LS All versions"
"version_value": "MELSEC Q Series Q24/26DHCCPU-LS The first 5 digits of serial No. \"24031\" and prior"
},
{
"version_value": "MELSEC Q Series MR-MQ100 All versions"
"version_value": "MELSEC Q Series MR-MQ100 Operating system software version \"F\" and prior"
},
{
"version_value": "MELSEC Q Series Q172/173DCPU-S1 All versions"
"version_value": "MELSEC Q Series Q172/173DCPU-S1 Operating system software version \"W\" and prior"
},
{
"version_value": "MELSEC Q Series Q172/173DSCPU All versions"
},
{
"version_value": "MELSEC Q Series Q170MCPU All versions"
"version_value": "MELSEC Q Series Q170MCPU Operating system software version \"W\" and prior"
},
{
"version_value": "MELSEC Q Series Q170MSCPU(-S1) All versions"
@ -128,7 +128,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper Input Validation vulnerability in MELSEC iQ-R Series R00/01/02CPU Firmware versions \"24\" and prior, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions \"57\" and prior, MELSEC iQ-R Series R08/16/32/120SFCPU All versions, MELSEC iQ-R Series R08/16/32/120PCPU Firmware versions \"29\" and prior, MELSEC iQ-R Series R08/16/32/120PSFCPU All versions, MELSEC iQ-R Series R16/32/64MTCPU All versions, MELSEC iQ-R Series R12CCPU-V All versions, MELSEC Q Series Q03UDECPU The first 5 digits of serial No. \"23121\" and prior, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU The first 5 digits of serial No. \"23121\" and prior, MELSEC Q Series Q03/04/06/13/26UDVCPU The first 5 digits of serial No. \"23071\" and prior, MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. \"23071\" and prior, MELSEC Q Series Q12DCCPU-V All versions, MELSEC Q Series Q24DHCCPU-V(G) All versions, MELSEC Q Series Q24/26DHCCPU-LS All versions, MELSEC Q Series MR-MQ100 All versions, MELSEC Q Series Q172/173DCPU-S1 All versions, MELSEC Q Series Q172/173DSCPU All versions, MELSEC Q Series Q170MCPU All versions, MELSEC Q Series Q170MSCPU(-S1) All versions, MELSEC L Series L02/06/26CPU(-P) The first 5 digits of serial No. \"23121\" and prior, MELSEC L Series L26CPU-(P)BT The first 5 digits of serial No. \"23121\" and prior and MELIPC Series MI5122-VW All versions allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery."
"value": "Improper Input Validation vulnerability in MELSEC iQ-R Series R00/01/02CPU Firmware versions \"24\" and prior, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions \"57\" and prior, MELSEC iQ-R Series R08/16/32/120SFCPU All versions, MELSEC iQ-R Series R08/16/32/120PCPU Firmware versions \"29\" and prior, MELSEC iQ-R Series R08/16/32/120PSFCPU All versions, MELSEC iQ-R Series R16/32/64MTCPU All versions, MELSEC iQ-R Series R12CCPU-V All versions, MELSEC Q Series Q03UDECPU The first 5 digits of serial No. \"23121\" and prior, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU The first 5 digits of serial No. \"23121\" and prior, MELSEC Q Series Q03/04/06/13/26UDVCPU The first 5 digits of serial No. \"23071\" and prior, MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. \"23071\" and prior, MELSEC Q Series Q12DCCPU-V The first 5 digits of serial No. \"24031\" and prior, MELSEC Q Series Q24DHCCPU-V(G) The first 5 digits of serial No. \"24031\" and prior, MELSEC Q Series Q24/26DHCCPU-LS The first 5 digits of serial No. \"24031\" and prior, MELSEC Q Series MR-MQ100 Operating system software version \"F\" and prior, MELSEC Q Series Q172/173DCPU-S1 Operating system software version \"W\" and prior, MELSEC Q Series Q172/173DSCPU All versions, MELSEC Q Series Q170MCPU Operating system software version \"W\" and prior, MELSEC Q Series Q170MSCPU(-S1) All versions, MELSEC L Series L02/06/26CPU(-P) The first 5 digits of serial No. \"23121\" and prior, MELSEC L Series L26CPU-(P)BT The first 5 digits of serial No. \"23121\" and prior and MELIPC Series MI5122-VW All versions allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery."
}
]
}

89
2021/26xxx/CVE-2021-26628.json
View File

@ -1,18 +1,95 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"ID": "CVE-2021-26628",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "MaxBoard XSS and File Upload Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MaxBoard",
"version": {
"version_data": [
{
"platform": "Linux",
"version_affected": "<=",
"version_value": "1.9.6"
}
]
}
}
]
},
"vendor_name": "No Vendor Information"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insufficient script validation of the admin page enables XSS, which causes unauthorized users to steal admin privileges. When uploading file in a specific menu, the verification of the files is insufficient. It allows remote attackers to upload arbitrary files disguising them as image files."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66673",
"name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66673"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

81
2021/26xxx/CVE-2021-26629.json
View File

@ -1,18 +1,87 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"ID": "CVE-2021-26629",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "tobesoft XPLATFORM Path Traversal Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "XPLATFORM",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "<=",
"version_value": "9.2.2.280"
}
]
}
}
]
},
"vendor_name": "tobesoft Co.,Ltd"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A path traversal vulnerability in XPLATFORM's runtime archive function could lead to arbitrary file creation. When the .xzip archive file is decompressed, an arbitrary file can be d in the parent path by using the path traversal pattern \u2018..\\\u2019."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66674",
"name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66674"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

93
2021/36xxx/CVE-2021-36867.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-04-26T07:49:00.000Z",
"ID": "CVE-2021-36867",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress Psychological tests & quizzes plugin <= 0.21.19 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Psychological tests & quizzes (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 0.21.19",
"version_value": "0.21.19"
}
]
}
}
]
},
"vendor_name": "Alexander Ustimenko"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Ngo Van Thien (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko's Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher user rights."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/wp-testing/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/wp-testing/"
},
{
"name": "https://patchstack.com/database/vulnerability/wp-testing/wordpress-psychological-tests-quizzes-plugin-0-21-19-authenticated-stored-cross-site-scripting-xss-vulnerability",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/wp-testing/wordpress-psychological-tests-quizzes-plugin-0-21-19-authenticated-stored-cross-site-scripting-xss-vulnerability"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

99
2021/36xxx/CVE-2021-36895.json
View File

@ -1,18 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-04-26T06:54:00.000Z",
"ID": "CVE-2021-36895",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress Tripetto plugin <= 5.1.4 - Unauthenticated Cross-Site Scripting (XSS) vulnerability via SVG image upload"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tripetto (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 5.1.4",
"version_value": "5.1.4"
}
]
}
}
]
},
"vendor_name": "Tripetto"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Ngo Van Thien (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Unauthenticated Cross-Site Scripting (XSS) vulnerability in Tripetto's Tripetto plugin <= 5.1.4 on WordPress via SVG image upload."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/tripetto/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/tripetto/#developers"
},
{
"name": "https://patchstack.com/database/vulnerability/tripetto/wordpress-tripetto-plugin-5-1-4-unauthenticated-cross-site-scripting-xss-vulnerability-via-svg-image-upload",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/tripetto/wordpress-tripetto-plugin-5-1-4-unauthenticated-cross-site-scripting-xss-vulnerability-via-svg-image-upload"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to 5.2.0 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

60
2022/1xxx/CVE-2022-1466.json
View File

@ -4,14 +4,68 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1466",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "rhsso",
"version": {
"version_data": [
{
"version_value": "rhsso 7.5.0.GA"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2050228",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050228"
},
{
"refsource": "MISC",
"name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-076.txt",
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-076.txt"
},
{
"refsource": "MISC",
"name": "https://www.syss.de/pentest-blog/fehlerhafte-autorisierung-bei-red-hat-single-sign-on-750ga-syss-2021-076",
"url": "https://www.syss.de/pentest-blog/fehlerhafte-autorisierung-bei-red-hat-single-sign-on-750ga-syss-2021-076"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though no respective permission was granted."
}
]
}

2
2022/24xxx/CVE-2022-24866.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "Discourse Assign is a plugin for assigning users to a topic in Discourse, an open-source messaging platform. Prior to version 1.0.1, the UserBookmarkSerializer serialized the whole User / Group object, which leaked some private information. The data was only being serialized to people who could view assignment info, which is limited to staff by default. For the vast majority of sites, this data was only leaked to trusted staff member, but for sites with assign features enabled publicly, the data was accessible to more people than just staff. Version 1.0.1 contains a patch. There are currently no known workarounds.\n"
"value": "Discourse Assign is a plugin for assigning users to a topic in Discourse, an open-source messaging platform. Prior to version 1.0.1, the UserBookmarkSerializer serialized the whole User / Group object, which leaked some private information. The data was only being serialized to people who could view assignment info, which is limited to staff by default. For the vast majority of sites, this data was only leaked to trusted staff member, but for sites with assign features enabled publicly, the data was accessible to more people than just staff. Version 1.0.1 contains a patch. There are currently no known workarounds."
}
]
},

93
2022/27xxx/CVE-2022-27854.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-04-26T13:33:00.000Z",
"ID": "CVE-2022-27854",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress Psychological tests & quizzes plugin <= 0.21.19 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Psychological tests & quizzes (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 0.21.19",
"version_value": "0.21.19"
}
]
}
}
]
},
"vendor_name": "Alexander Ustimenko"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Ex.Mi (Patchstack)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko's Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher role via &wpt_test_page_submit_button_caption parameter."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/wp-testing/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/wp-testing/"
},
{
"name": "https://patchstack.com/database/vulnerability/wp-testing/wordpress-psychological-tests-quizzes-plugin-0-21-19-authenticated-stored-cross-site-scripting-xss-vulnerability-1",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/wp-testing/wordpress-psychological-tests-quizzes-plugin-0-21-19-authenticated-stored-cross-site-scripting-xss-vulnerability-1"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}