admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-12-06 02:00:36 +00:00
parent 44efa1d2ea
commit 3805e9b202
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
2 changed files with 96 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

91
2022/34xxx/CVE-2022-34881.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34881",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "hirt@hitachi.co.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Generation of Error Message Containing Sensitive Information vulnerability in Hitachi JP1/Automatic Operation allows local users to gain sensitive information. This issue affects JP1/Automatic Operation: from 10-00 through 10-54-03, from 11-00 before 11-51-09, from 12-00 before 12-60-01."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-209 Generation of Error Message Containing Sensitive Information",
"cweId": "CWE-209"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Hitachi",
"product": {
"product_data": [
{
"product_name": "JP1/Automatic Operation",
"version": {
"version_data": [
{
"version_value": "10-00",
"version_affected": "="
},
{
"version_value": "11-00",
"version_affected": "="
},
{
"version_value": "12-00",
"version_affected": "="
},
{
"version_value": "10-52",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-140/index.html",
"refsource": "MISC",
"name": "https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-140/index.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "hitachi-sec-2022-140",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

17
2022/40xxx/CVE-2022-40603.json
View File

@ -3,8 +3,9 @@
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "PSIRT@zyxel.com.tw",
"ID": "CVE-2022-40603"
"ASSIGNER": "security@zyxel.com.tw",
"ID": "CVE-2022-40603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -23,7 +24,7 @@
]
}
},
{
{
"product_name": "VPN series firmware",
"version": {
"version_data": [
@ -33,7 +34,7 @@
]
}
},
{
{
"product_name": "USG FLEX series firmware",
"version": {
"version_data": [
@ -43,7 +44,7 @@
]
}
},
{
{
"product_name": "ATP series firmware",
"version": {
"version_data": [
@ -53,7 +54,7 @@
]
}
}
]
]
}
}
]
@ -91,8 +92,8 @@
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN series firmware versions 4.30 through 5.31, USG FLEX series firmware versions 4.50 through 5.31, and ATP series firmware versions 4.32 through 5.31, which could allow an attacker to trick a user into visiting a crafted URL with the XSS payload. Then, the attacker could gain access to some browser-based information if the malicious script is executed on the victims browser."
"value": "A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN series firmware versions 4.30 through 5.31, USG FLEX series firmware versions 4.50 through 5.31, and ATP series firmware versions 4.32 through 5.31, which could allow an attacker to trick a user into visiting a crafted URL with the XSS payload. Then, the attacker could gain access to some browser-based information if the malicious script is executed on the victim\u2019s browser."
}
]
}
}
}