mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
3b4d33f5f0
commit
373da8464e
@ -19,7 +19,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "2022, 2021, 2020, 2019"
|
||||
"version_value": "2022.1.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -46,18 +46,8 @@
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004",
|
||||
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1237/",
|
||||
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1237/"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-478/",
|
||||
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-478/"
|
||||
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007",
|
||||
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -65,7 +55,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code."
|
||||
"value": "A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -19,7 +19,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "2022, 2021, 2020, 2019"
|
||||
"version_value": "2022.1.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -46,13 +46,8 @@
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004",
|
||||
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-446/",
|
||||
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-446/"
|
||||
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007",
|
||||
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -19,7 +19,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "2022, 2021, 2020, 2019"
|
||||
"version_value": "2022.1.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -46,13 +46,8 @@
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004",
|
||||
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-470/",
|
||||
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-470/"
|
||||
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007",
|
||||
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -78,6 +78,11 @@
|
||||
"refsource": "DEBIAN",
|
||||
"name": "DSA-5096",
|
||||
"url": "https://www.debian.org/security/2022/dsa-5096"
|
||||
},
|
||||
{
|
||||
"refsource": "MLIST",
|
||||
"name": "[oss-security] 20220413 CVE-2022-0617: udf:A null-ptr-deref bug be triggered when write to an ICB inode",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2022/04/13/2"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -58,6 +58,11 @@
|
||||
"refsource": "MLIST",
|
||||
"name": "[debian-lts-announce] 20220410 [SECURITY] [DLA 2975-1] openjpeg2 security update",
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00006.html"
|
||||
},
|
||||
{
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2022-2d112d4480",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MIWSQFQWXDU4MT3XTVAO6HC7TVL3NHS7/"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -5,13 +5,13 @@
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-1246",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "REJECT"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-1280. Reason: This candidate is a reservation duplicate of CVE-2022-1280. Notes: All CVE users should reference CVE-2022-1280 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -4,14 +4,63 @@
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-1280",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "n/a",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "kernel",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "kernel 5.17.x"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-416"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2071022",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071022"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.openwall.com/lists/oss-security/2022/04/12/3",
|
||||
"url": "https://www.openwall.com/lists/oss-security/2022/04/12/3"
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak."
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,18 +1,118 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "responsibledisclosure@mattermost.com",
|
||||
"ID": "CVE-2022-1332",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "Restricted custom admin role can bypass the restrictions and view the server logs and server config.json file contents"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Mattermost",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "6.4",
|
||||
"version_value": "6.4.2"
|
||||
},
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "6.3",
|
||||
"version_value": "6.3.5"
|
||||
},
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "6.2",
|
||||
"version_value": "6.2.5"
|
||||
},
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "5.37",
|
||||
"version_value": "5.37.9"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Mattermost "
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"credit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Thanks to Rohitesh Gupta for contributing to this improvement under the Mattermost responsible disclosure policy."
|
||||
}
|
||||
],
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents."
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 4.3,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "NONE",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-200 Information Exposure"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://mattermost.com/security-updates/",
|
||||
"name": "https://mattermost.com/security-updates/"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Update Mattermost to version v6.4.2, 6.3.5, 6.2.5, or 5.37.9, depending on the minor version being run"
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"advisory": "MMSA-2022-0094",
|
||||
"defect": [
|
||||
"https://mattermost.atlassian.net/browse/MM-42271"
|
||||
],
|
||||
"discovery": "INTERNAL"
|
||||
}
|
||||
}
|
||||
@ -1,18 +1,103 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "responsibledisclosure@mattermost.com",
|
||||
"ID": "CVE-2022-1333",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "A specifically drafted Playbook could trigger large amount of webhook requests leading to Denial of Service"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Mattermost Playbooks",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_name": "Playbooks",
|
||||
"version_value": "1.24"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Mattermost "
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"credit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Thanks to Rohitesh Gupta for contributing to this improvement under the Mattermost responsible disclosure policy."
|
||||
}
|
||||
],
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Mattermost Playbooks plugin v1.24.0 and earlier fails to properly check the limit on the number of webhooks, which allows authenticated and authorized users to create a specifically drafted Playbook which could trigger a large amount of webhook requests leading to Denial of Service."
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "LOW",
|
||||
"baseScore": 3.5,
|
||||
"baseSeverity": "LOW",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "NONE",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "REQUIRED",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-770 Allocation of Resources Without Limits or Throttling"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://mattermost.com/security-updates/",
|
||||
"name": "https://mattermost.com/security-updates/"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Update Mattermost Playbooks Plugin to version v1.25.0 or higher. "
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"advisory": "MMSA-2022-0093",
|
||||
"defect": [
|
||||
"https://mattermost.atlassian.net/browse/MM-41918"
|
||||
],
|
||||
"discovery": "INTERNAL"
|
||||
}
|
||||
}
|
||||
@ -1,18 +1,130 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "responsibledisclosure@mattermost.com",
|
||||
"ID": "CVE-2022-1337",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "OOM DoS in Mattermost image proxy"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Mattermost",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "6.4",
|
||||
"version_value": "6.4.2"
|
||||
},
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "6.3",
|
||||
"version_value": "6.3.5"
|
||||
},
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "6.2",
|
||||
"version_value": "6.2.5"
|
||||
},
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "5.37",
|
||||
"version_value": "5.37.9"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Mattermost"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"configuration": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The local image proxy must be enabled for this issue to become exploitable. This is a non-default configuration."
|
||||
}
|
||||
],
|
||||
"credit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Thanks to Agniva de Sarker for contributing to this improvement under the Mattermost responsible disclosure policy."
|
||||
}
|
||||
],
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "The image proxy component in Mattermost version 6.4.1 and earlier allocates memory for multiple copies of a proxied image, which allows an authenticated attacker to crash the server via links to very large image files."
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "LOW",
|
||||
"baseScore": 4.3,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "NONE",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-400 Uncontrolled Resource Consumption"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://mattermost.com/security-updates/",
|
||||
"name": "https://mattermost.com/security-updates/"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Upgrade to Mattermost version 6.4.2, 6.3.5, 6.2.5, or 5.37.9."
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"advisory": "MMSA-2022-0090",
|
||||
"defect": [
|
||||
"https://mattermost.atlassian.net/browse/MM-41919"
|
||||
],
|
||||
"discovery": "INTERNAL"
|
||||
},
|
||||
"work_around": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Disable the image proxy or use an external proxy."
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -73,6 +73,16 @@
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://security.netapp.com/advisory/ntap-20220121-0008/",
|
||||
"url": "https://security.netapp.com/advisory/ntap-20220121-0008/"
|
||||
},
|
||||
{
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2022-43217f0ba7",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/"
|
||||
},
|
||||
{
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2022-be015e0331",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -69,6 +69,16 @@
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://security.netapp.com/advisory/ntap-20220121-0008/",
|
||||
"url": "https://security.netapp.com/advisory/ntap-20220121-0008/"
|
||||
},
|
||||
{
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2022-43217f0ba7",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/"
|
||||
},
|
||||
{
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2022-be015e0331",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -69,6 +69,16 @@
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://security.netapp.com/advisory/ntap-20220121-0008/",
|
||||
"url": "https://security.netapp.com/advisory/ntap-20220121-0008/"
|
||||
},
|
||||
{
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2022-43217f0ba7",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/"
|
||||
},
|
||||
{
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2022-be015e0331",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -69,6 +69,16 @@
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://security.netapp.com/advisory/ntap-20220121-0008/",
|
||||
"url": "https://security.netapp.com/advisory/ntap-20220121-0008/"
|
||||
},
|
||||
{
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2022-43217f0ba7",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/"
|
||||
},
|
||||
{
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2022-be015e0331",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -69,6 +69,16 @@
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://security.netapp.com/advisory/ntap-20220121-0008/",
|
||||
"url": "https://security.netapp.com/advisory/ntap-20220121-0008/"
|
||||
},
|
||||
{
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2022-43217f0ba7",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/"
|
||||
},
|
||||
{
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2022-be015e0331",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -69,6 +69,16 @@
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://security.netapp.com/advisory/ntap-20220121-0008/",
|
||||
"url": "https://security.netapp.com/advisory/ntap-20220121-0008/"
|
||||
},
|
||||
{
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2022-43217f0ba7",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/"
|
||||
},
|
||||
{
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2022-be015e0331",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -69,6 +69,16 @@
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://security.netapp.com/advisory/ntap-20220121-0008/",
|
||||
"url": "https://security.netapp.com/advisory/ntap-20220121-0008/"
|
||||
},
|
||||
{
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2022-43217f0ba7",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/"
|
||||
},
|
||||
{
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2022-be015e0331",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -73,6 +73,16 @@
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://security.netapp.com/advisory/ntap-20220121-0008/",
|
||||
"url": "https://security.netapp.com/advisory/ntap-20220121-0008/"
|
||||
},
|
||||
{
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2022-43217f0ba7",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/"
|
||||
},
|
||||
{
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2022-be015e0331",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -69,6 +69,16 @@
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://security.netapp.com/advisory/ntap-20220121-0008/",
|
||||
"url": "https://security.netapp.com/advisory/ntap-20220121-0008/"
|
||||
},
|
||||
{
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2022-43217f0ba7",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/"
|
||||
},
|
||||
{
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2022-be015e0331",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -69,6 +69,16 @@
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://security.netapp.com/advisory/ntap-20220121-0008/",
|
||||
"url": "https://security.netapp.com/advisory/ntap-20220121-0008/"
|
||||
},
|
||||
{
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2022-43217f0ba7",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/"
|
||||
},
|
||||
{
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2022-be015e0331",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -73,6 +73,16 @@
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://security.netapp.com/advisory/ntap-20220121-0008/",
|
||||
"url": "https://security.netapp.com/advisory/ntap-20220121-0008/"
|
||||
},
|
||||
{
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2022-43217f0ba7",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/"
|
||||
},
|
||||
{
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2022-be015e0331",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -73,6 +73,16 @@
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://security.netapp.com/advisory/ntap-20220121-0008/",
|
||||
"url": "https://security.netapp.com/advisory/ntap-20220121-0008/"
|
||||
},
|
||||
{
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2022-43217f0ba7",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/"
|
||||
},
|
||||
{
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2022-be015e0331",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -69,6 +69,16 @@
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://security.netapp.com/advisory/ntap-20220121-0008/",
|
||||
"url": "https://security.netapp.com/advisory/ntap-20220121-0008/"
|
||||
},
|
||||
{
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2022-43217f0ba7",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/"
|
||||
},
|
||||
{
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2022-be015e0331",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -4,14 +4,58 @@
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-22955",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security@vmware.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "n/a",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "VMware Workspace ONE Access",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Authentication bypass"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html",
|
||||
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework."
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -4,14 +4,58 @@
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-22956",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security@vmware.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "n/a",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "VMware Workspace ONE Access",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Authentication bypass"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html",
|
||||
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework."
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -4,14 +4,58 @@
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-22957",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security@vmware.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "n/a",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "VMware Workspace ONE Access, Identity Manager and vRealize Automation.",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Remote code execution"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html",
|
||||
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution."
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -4,14 +4,58 @@
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-22958",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security@vmware.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "n/a",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "VMware Workspace ONE Access, Identity Manager and vRealize Automation.",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Remote code execution"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html",
|
||||
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution."
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -4,14 +4,58 @@
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-22959",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security@vmware.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "n/a",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross site request forgery"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html",
|
||||
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI."
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -4,14 +4,58 @@
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-22960",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security@vmware.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "n/a",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Privilege escalation"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html",
|
||||
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'."
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -4,14 +4,58 @@
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-22961",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security@vmware.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "n/a",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Information disclosure"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html",
|
||||
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims."
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -4,14 +4,58 @@
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-25795",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "psirt@autodesk.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "n/a",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "2022.1.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Untrusted Pointer Dereference"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007",
|
||||
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -4,14 +4,58 @@
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-25797",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "psirt@autodesk.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "n/a",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Autodesk Trueview",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "2022.1.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Memory Corruption"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007",
|
||||
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A Memory Corruption Vulnerability in Autodesk TrueView 2022 and 2021 may lead to remote code execution through maliciously crafted DWG files."
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,18 +1,75 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secure@citrix.com",
|
||||
"ID": "CVE-2022-27503",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "StoreFront",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "1912",
|
||||
"version_value": "CU5"
|
||||
},
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "3.12",
|
||||
"version_value": "CU9"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Citrix"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Cross-site Scripting (XSS) vulnerability in Citrix StoreFront affects version 1912 before CU5 and version 3.12 before CU9"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-79 Cross-site Scripting (XSS)"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://support.citrix.com/article/CTX377814",
|
||||
"name": "https://support.citrix.com/article/CTX377814"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"discovery": "UNKNOWN"
|
||||
}
|
||||
}
|
||||
@ -1,18 +1,70 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secure@citrix.com",
|
||||
"DATE_PUBLIC": "2022-04-12T18:45:00.000Z",
|
||||
"ID": "CVE-2022-27505",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Citrix SD-WAN",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_value": "Citrix SD-WAN Standard/Premium Edition Appliance versions 11.4.1a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Citirx"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Reflected cross site scripting (XSS)"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-79 Cross-site Scripting (XSS)"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://support.citrix.com/article/CTX370550",
|
||||
"name": "https://support.citrix.com/article/CTX370550"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"discovery": "UNKNOWN"
|
||||
}
|
||||
}
|
||||
@ -1,18 +1,77 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secure@citrix.com",
|
||||
"DATE_PUBLIC": "2022-04-12T18:45:00.000Z",
|
||||
"ID": "CVE-2022-27506",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Citrix SD-WAN",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_value": "Citrix SD-WAN Center Management Console versions 11.4.3 "
|
||||
},
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_value": "Citrix SD-WAN Standard/Premium Edition Appliance versions 11.4.1"
|
||||
},
|
||||
{
|
||||
"version_value": "Citrix SD-WAN Orchestrator for On-Premises versions 13.2.1 "
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Citirx"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Hard-coded credentials allow administrators to access the shell via the SD-WAN CLI"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-798 Use of Hard-coded Credentials"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://support.citrix.com/article/CTX370550",
|
||||
"name": "https://support.citrix.com/article/CTX370550"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"discovery": "UNKNOWN"
|
||||
}
|
||||
}
|
||||
@ -4,14 +4,58 @@
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-27523",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "psirt@autodesk.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "n/a",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Autodesk Trueview",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "2022.1.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Buffer Over Read"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007",
|
||||
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A buffer over-read can be exploited in Autodesk TrueView 2022 may lead to an exposure of sensitive information or a crash through using a maliciously crafted DWG file as an Input. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -4,14 +4,58 @@
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-27524",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "psirt@autodesk.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "n/a",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Autodesk Trueview",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "2022.1.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Out-of-bound Read"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007",
|
||||
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "An out-of-bounds read can be exploited in Autodesk TrueView 2022 may lead to an exposure of sensitive information or a crash through using a maliciously crafted DWG file as an Input. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,18 +1,105 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "audit@patchstack.com",
|
||||
"DATE_PUBLIC": "2022-04-11T17:36:00.000Z",
|
||||
"ID": "CVE-2022-27846",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "WordPress Yoo Slider plugin <= 2.0.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to Slider Creation / Modification"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Yoo Slider \u2013 Image Slider & Video Slider (WordPress plugin)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_name": "<= 2.0.0",
|
||||
"version_value": "2.0.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Yooslider"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"credit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Vulnerability discovered by Ex.Mi (Patchstack)"
|
||||
}
|
||||
],
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slider <= 2.0.0 on WordPress allows attackers to create or modify slider."
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 4.3,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "REQUIRED",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://wordpress.org/plugins/yoo-slider/#developers",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://wordpress.org/plugins/yoo-slider/#developers"
|
||||
},
|
||||
{
|
||||
"name": "https://patchstack.com/database/vulnerability/yoo-slider/wordpress-yoo-slider-plugin-2-0-0-cross-site-request-forgery-csrf-vulnerability-leading-to-slider-creation-modification",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://patchstack.com/database/vulnerability/yoo-slider/wordpress-yoo-slider-plugin-2-0-0-cross-site-request-forgery-csrf-vulnerability-leading-to-slider-creation-modification"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Update to 2.1.0 or higher version."
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"discovery": "EXTERNAL"
|
||||
}
|
||||
}
|
||||
@ -1,18 +1,105 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "audit@patchstack.com",
|
||||
"DATE_PUBLIC": "2022-04-11T17:36:00.000Z",
|
||||
"ID": "CVE-2022-27847",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "WordPress Yoo Slider plugin <= 2.0.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to Template Import"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Yoo Slider \u2013 Image Slider & Video Slider (WordPress plugin)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_name": "<= 2.0.0",
|
||||
"version_value": "2.0.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Yooslider"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"credit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Vulnerability discovered by Ex.Mi (Patchstack)"
|
||||
}
|
||||
],
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slider <= 2.0.0 on WordPress allows attackers to import templates."
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 4.3,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "REQUIRED",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://wordpress.org/plugins/yoo-slider/#developers",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://wordpress.org/plugins/yoo-slider/#developers"
|
||||
},
|
||||
{
|
||||
"name": "https://patchstack.com/database/vulnerability/yoo-slider/wordpress-yoo-slider-plugin-2-0-0-cross-site-request-forgery-csrf-vulnerability-leading-to-template-import",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://patchstack.com/database/vulnerability/yoo-slider/wordpress-yoo-slider-plugin-2-0-0-cross-site-request-forgery-csrf-vulnerability-leading-to-template-import"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Update to 2.1.0 or higher version."
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"discovery": "EXTERNAL"
|
||||
}
|
||||
}
|
||||
@ -61,6 +61,16 @@
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2022-af492757d9",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LAWC35TO642FOP3UCA3C6IF7NAUFOVZ6/"
|
||||
},
|
||||
{
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2022-5cd9d787dc",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFMPUI3WI4U2F7ONHRW36WDY4ZE7LGGT/"
|
||||
},
|
||||
{
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2022-91633399ff",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IHHC455LMSJNG4CSZ5CEAHYWY2DE5YW/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -61,6 +61,16 @@
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2022-af492757d9",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LAWC35TO642FOP3UCA3C6IF7NAUFOVZ6/"
|
||||
},
|
||||
{
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2022-5cd9d787dc",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFMPUI3WI4U2F7ONHRW36WDY4ZE7LGGT/"
|
||||
},
|
||||
{
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2022-91633399ff",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IHHC455LMSJNG4CSZ5CEAHYWY2DE5YW/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -61,6 +61,16 @@
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2022-af492757d9",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LAWC35TO642FOP3UCA3C6IF7NAUFOVZ6/"
|
||||
},
|
||||
{
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2022-5cd9d787dc",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFMPUI3WI4U2F7ONHRW36WDY4ZE7LGGT/"
|
||||
},
|
||||
{
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2022-91633399ff",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IHHC455LMSJNG4CSZ5CEAHYWY2DE5YW/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user