admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-09-23 15:00:35 +00:00
parent 9b0a0476b2
commit 387611a1eb
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
30 changed files with 1698 additions and 131 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2022/1xxx/CVE-2022-1996.json
View File

@ -104,6 +104,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2022-30c5ed5625",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220923-0005/",
"url": "https://security.netapp.com/advisory/ntap-20220923-0005/"
}
]
},

5
2022/20xxx/CVE-2022-20824.json
View File

@ -71,6 +71,11 @@
"name": "20220824 Cisco FXOS and NX-OS Software Cisco Discovery Protocol Denial of Service and Arbitrary Code Execution Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cdp-dos-ce-wWvPucC9"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220923-0001/",
"url": "https://security.netapp.com/advisory/ntap-20220923-0001/"
}
]
},

5
2022/21xxx/CVE-2022-21233.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220923-0002/",
"url": "https://security.netapp.com/advisory/ntap-20220923-0002/"
}
]
},

50
2022/23xxx/CVE-2022-23144.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-23144",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@zte.com.cn",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "ZXvSTB",
"version": {
"version_data": [
{
"version_value": "All versions up to ZXvSTB-CAMSV2.01.02.01"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "access control vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1026224",
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1026224"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system."
}
]
}

5
2022/27xxx/CVE-2022-27664.json
View File

@ -71,6 +71,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2022-45097317b4",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220923-0004/",
"url": "https://security.netapp.com/advisory/ntap-20220923-0004/"
}
]
}

5
2022/28xxx/CVE-2022-28948.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/go-yaml/yaml/issues/666",
"refsource": "MISC",
"name": "https://github.com/go-yaml/yaml/issues/666"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220923-0006/",
"url": "https://security.netapp.com/advisory/ntap-20220923-0006/"
}
]
}

5
2022/32xxx/CVE-2022-32189.json
View File

@ -90,6 +90,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2022-1f829990f0",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UH4RHZUO6LPJKGF2UZSD2UZOCIGHUI5E/"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220923-0003/",
"url": "https://security.netapp.com/advisory/ntap-20220923-0003/"
}
]
},

93
2022/35xxx/CVE-2022-35238.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-09-15T09:03:00.000Z",
"ID": "CVE-2022-35238",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress Awesome Filterable Portfolio plugin <= 1.9.7 - Unauthenticated Plugin Settings Change vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Awesome Filterable Portfolio (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 1.9.7",
"version_value": "1.9.7"
}
]
}
}
]
},
"vendor_name": "BriniA"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Ngo Van Thien (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Unauthenticated Plugin Settings Change vulnerability in Awesome Filterable Portfolio plugin <= 1.9.7 at WordPress."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://patchstack.com/database/vulnerability/awesome-filterable-portfolio/wordpress-awesome-filterable-portfolio-plugin-1-9-7-unauthenticated-plugin-settings-change-vulnerability/_s_id=cve",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/awesome-filterable-portfolio/wordpress-awesome-filterable-portfolio-plugin-1-9-7-unauthenticated-plugin-settings-change-vulnerability/_s_id=cve"
},
{
"name": "https://wordpress.org/plugins/awesome-filterable-portfolio/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/awesome-filterable-portfolio/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

93
2022/36xxx/CVE-2022-36388.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-09-12T09:47:00.000Z",
"ID": "CVE-2022-36388",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress YDS Support Ticket System plugin <= 1.0 - Cross-Site Request Forgery (CSRF) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "YDS Support Ticket System (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 1.0",
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "Ydesignservices"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by ptsfence (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in YDS Support Ticket System plugin <= 1.0 at WordPress."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://patchstack.com/database/vulnerability/yds-support-ticket-system/wordpress-yds-support-ticket-system-plugin-1-0-cross-site-request-forgery-csrf-vulnerability/_s_id=cve",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/yds-support-ticket-system/wordpress-yds-support-ticket-system-plugin-1-0-cross-site-request-forgery-csrf-vulnerability/_s_id=cve"
},
{
"name": "https://wordpress.org/plugins/yds-support-ticket-system/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/yds-support-ticket-system/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

93
2022/36xxx/CVE-2022-36791.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-09-02T08:16:00.000Z",
"ID": "CVE-2022-36791",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress Torro Forms plugin <= 1.0.16 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Torro Forms (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 1.0.16",
"version_value": "1.0.16"
}
]
}
}
]
},
"vendor_name": "Awesome UG"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Ngo Van Thien (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Awesome UG Torro Forms plugin <= 1.0.16 at WordPress."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://patchstack.com/database/vulnerability/torro-forms/wordpress-torro-forms-plugin-1-0-16-authenticated-stored-cross-site-scripting-xss-vulnerability/_s_id=cve",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/torro-forms/wordpress-torro-forms-plugin-1-0-16-authenticated-stored-cross-site-scripting-xss-vulnerability/_s_id=cve"
},
{
"name": "https://wordpress.org/plugins/torro-forms/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/torro-forms/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

93
2022/37xxx/CVE-2022-37328.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-09-02T08:38:00.000Z",
"ID": "CVE-2022-37328",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress History Timeline plugin <= 1.0.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "History Timeline (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 1.0.5",
"version_value": "1.0.5"
}
]
}
}
]
},
"vendor_name": "Themes Awesome"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Ngo Van Thien (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in Themes Awesome History Timeline plugin <= 1.0.5 at WordPress."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://patchstack.com/database/vulnerability/timeline-awesome/wordpress-history-timeline-plugin-1-0-5-authenticated-stored-cross-site-scripting-xss-vulnerability/_s_id=cve",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/timeline-awesome/wordpress-history-timeline-plugin-1-0-5-authenticated-stored-cross-site-scripting-xss-vulnerability/_s_id=cve"
},
{
"name": "https://wordpress.org/plugins/timeline-awesome/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/timeline-awesome/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

93
2022/37xxx/CVE-2022-37342.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-09-12T09:54:00.000Z",
"ID": "CVE-2022-37342",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress Add Shortcodes Actions And Filters plugin <= 2.0.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Add Shortcodes Actions And Filters (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 2.0.9",
"version_value": "2.0.9"
}
]
}
}
]
},
"vendor_name": "Michael Simpson"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by ptsfence (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability Add Shortcodes Actions And Filters plugin <= 2.0.9 at WordPress."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://patchstack.com/database/vulnerability/add-actions-and-filters/wordpress-add-shortcodes-actions-and-filters-plugin-2-0-9-authenticated-stored-cross-site-scripting-xss-vulnerability/_s_id=cve",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/add-actions-and-filters/wordpress-add-shortcodes-actions-and-filters-plugin-2-0-9-authenticated-stored-cross-site-scripting-xss-vulnerability/_s_id=cve"
},
{
"name": "https://wordpress.org/plugins/add-actions-and-filters/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/add-actions-and-filters/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

99
2022/38xxx/CVE-2022-38061.json
View File

@ -1,18 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-09-22T11:39:00.000Z",
"ID": "CVE-2022-38061",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress Export Post Info plugin <= 1.2.0 - Authenticated CSV Injection vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Export Post Info (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 1.2.0",
"version_value": "1.2.0"
}
]
}
}
]
},
"vendor_name": "Apasionados"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Mika (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Authenticated (author+) CSV Injection vulnerability in Export Post Info plugin <= 1.2.0 at WordPress."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CSV Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/export-post-info/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/export-post-info/#developers"
},
{
"name": "https://patchstack.com/database/vulnerability/export-post-info/wordpress-export-post-info-plugin-1-2-0-authenticated-csv-injection-vulnerability/_s_id=cve",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/export-post-info/wordpress-export-post-info-plugin-1-2-0-authenticated-csv-injection-vulnerability/_s_id=cve"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to 1.2.1 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

93
2022/38xxx/CVE-2022-38085.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-09-12T10:34:00.000Z",
"ID": "CVE-2022-38085",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress Read more By Adam plugin <= 1.1.8 - Cross-Site Request Forgery (CSRF) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Read more By Adam (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 1.1.8",
"version_value": "1.1.8"
}
]
}
}
]
},
"vendor_name": "Adam Skaat"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by ptsfence (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Read more By Adam plugin <= 1.1.8 at WordPress."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://patchstack.com/database/vulnerability/read-more/wordpress-read-more-by-adam-plugin-1-1-8-cross-site-request-forgery-csrf-vulnerability/_s_id=cve",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/read-more/wordpress-read-more-by-adam-plugin-1-1-8-cross-site-request-forgery-csrf-vulnerability/_s_id=cve"
},
{
"name": "https://wordpress.org/plugins/read-more/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/read-more/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

93
2022/38xxx/CVE-2022-38460.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-09-14T08:56:00.000Z",
"ID": "CVE-2022-38460",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress NOTICE BOARD plugin <= 1.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NOTICE BOARD (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 1.1",
"version_value": "1.1"
}
]
}
}
]
},
"vendor_name": "Jitendriya Tripathy"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Ngo Van Thien (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in NOTICE BOARD plugin <= 1.1 at WordPress."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://patchstack.com/database/vulnerability/notice-board/wordpress-notice-board-plugin-1-1-authenticated-stored-cross-site-scripting-xss-vulnerability/_s_id=cve",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/notice-board/wordpress-notice-board-plugin-1-1-authenticated-stored-cross-site-scripting-xss-vulnerability/_s_id=cve"
},
{
"name": "https://wordpress.org/plugins/notice-board/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/notice-board/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

17
2022/38xxx/CVE-2022-38667.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "HTTP applications (servers) based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used."
"value": "HTTP applications (servers) based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. The HTTP parser supports HTTP pipelining, but the asynchronous Connection layer is unaware of HTTP pipelining. Specifically, the Connection layer is unaware that it has begun processing a later request before it has finished processing an earlier request."
}
]
},
@ -52,10 +52,25 @@
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://cwe.mitre.org/data/definitions/372.html",
"url": "https://cwe.mitre.org/data/definitions/372.html"
},
{
"url": "https://github.com/CrowCpp/Crow/pull/524",
"refsource": "MISC",
"name": "https://github.com/CrowCpp/Crow/pull/524"
},
{
"refsource": "MISC",
"name": "https://github.com/0xhebi/CVEs/blob/main/Crow/CVE-2022-38667.md",
"url": "https://github.com/0xhebi/CVEs/blob/main/Crow/CVE-2022-38667.md"
},
{
"refsource": "MISC",
"name": "https://gynvael.coldwind.pl/?id=753",
"url": "https://gynvael.coldwind.pl/?id=753"
}
]
}

12
2022/38xxx/CVE-2022-38668.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "HTTP applications (servers) based on Crow through 1.0+4 may reveal potentially sensitive data from stack memory when fulfilling a request for a static file smaller than 16 KB."
"value": "HTTP applications (servers) based on Crow through 1.0+4 may reveal potentially sensitive uninitialized data from stack memory when fulfilling a request for a static file smaller than 16 KB."
}
]
},
@ -56,6 +56,16 @@
"url": "https://github.com/CrowCpp/Crow/pull/523",
"refsource": "MISC",
"name": "https://github.com/CrowCpp/Crow/pull/523"
},
{
"refsource": "MISC",
"name": "https://gynvael.coldwind.pl/?id=752",
"url": "https://gynvael.coldwind.pl/?id=752"
},
{
"refsource": "MISC",
"name": "https://github.com/0xhebi/CVEs/blob/main/Crow/CVE-2022-38668.md",
"url": "https://github.com/0xhebi/CVEs/blob/main/Crow/CVE-2022-38668.md"
}
]
}

101
2022/3xxx/CVE-2022-3257.json
View File

@ -1,18 +1,107 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "responsibledisclosure@mattermost.com",
"ID": "CVE-2022-3257",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Server-side Denial of Service while processing a specifically crafted GIF file"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mattermost",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "7.1.x"
}
]
}
}
]
},
"vendor_name": "Mattermost"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks to Philippe Antoine (catenacyber) for contributing to this improvement under the Mattermost responsible disclosure policy."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Mattermost version 7.1.x and earlier fails to sufficiently process a specifically crafted GIF file when it is uploaded while drafting a post, which allows authenticated users to cause resource exhaustion while processing the file, resulting in server-side Denial of Service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://mattermost.com/security-updates/",
"name": "https://mattermost.com/security-updates/"
},
{
"refsource": "MISC",
"url": "https://hackerone.com/reports/1620170",
"name": "https://hackerone.com/reports/1620170"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update Mattermost to version v7.2 or higher."
}
],
"source": {
"advisory": "MMSA-2022-00115",
"defect": [
"https://mattermost.atlassian.net/browse/MM-45503"
],
"discovery": "EXTERNAL"
}
}

93
2022/40xxx/CVE-2022-40193.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-09-15T09:25:00.000Z",
"ID": "CVE-2022-40193",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress Awesome Filterable Portfolio plugin <= 1.9.7 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Awesome Filterable Portfolio (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 1.9.7",
"version_value": "1.9.7"
}
]
}
}
]
},
"vendor_name": "BriniA"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Ngo Van Thien (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in Awesome Filterable Portfolio plugin <= 1.9.7 at WordPress."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/awesome-filterable-portfolio/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/awesome-filterable-portfolio/"
},
{
"name": "https://patchstack.com/database/vulnerability/awesome-filterable-portfolio/wordpress-awesome-filterable-portfolio-plugin-1-9-7-unauthenticated-stored-cross-site-scripting-xss-vulnerability/_s_id=cve",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/awesome-filterable-portfolio/wordpress-awesome-filterable-portfolio-plugin-1-9-7-unauthenticated-stored-cross-site-scripting-xss-vulnerability/_s_id=cve"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

93
2022/40xxx/CVE-2022-40195.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-09-12T10:46:00.000Z",
"ID": "CVE-2022-40195",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress PCA Predict plugin <= 1.0.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PCA Predict (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 1.0.3",
"version_value": "1.0.3"
}
]
}
}
]
},
"vendor_name": "PCA Predict"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by ptsfence (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PCA Predict plugin <= 1.0.3 at WordPress."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://patchstack.com/database/vulnerability/address-email-and-phone-validation/wordpress-pca-predict-plugin-1-0-3-authenticated-stored-cross-site-scripting-xss-vulnerability/_s_id=cve",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/address-email-and-phone-validation/wordpress-pca-predict-plugin-1-0-3-authenticated-stored-cross-site-scripting-xss-vulnerability/_s_id=cve"
},
{
"name": "https://wordpress.org/plugins/address-email-and-phone-validation/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/address-email-and-phone-validation/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

99
2022/40xxx/CVE-2022-40310.json
View File

@ -1,18 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-09-14T07:01:00.000Z",
"ID": "CVE-2022-40310",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress Rate my Post \u2013 WP Rating System plugin <= 3.3.4 - Race Condition vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rate my Post \u2013 WP Rating System (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 3.3.4",
"version_value": "3.3.4"
}
]
}
}
]
},
"vendor_name": "Blaz K."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Nguy Minh Tuan (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Authenticated (subscriber+) Race Condition vulnerability in Rate my Post \u2013 WP Rating System plugin <= 3.3.4 at WordPress allows attackers to increase/decrease votes."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Race condition"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/rate-my-post/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/rate-my-post/#developers"
},
{
"name": "https://patchstack.com/database/vulnerability/rate-my-post/wordpress-rate-my-post-wp-rating-system-plugin-3-3-4-race-condition-vulnerability/_s_id=cve",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/rate-my-post/wordpress-rate-my-post-wp-rating-system-plugin-3-3-4-race-condition-vulnerability/_s_id=cve"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to 3.3.5 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

99
2022/40xxx/CVE-2022-40671.json
View File

@ -1,18 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-09-14T06:46:00.000Z",
"ID": "CVE-2022-40671",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress Rate my Post \u2013 WP Rating System plugin <= 3.3.4 - Cross-Site Request Forgery (CSRF) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rate my Post \u2013 WP Rating System (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 3.3.4",
"version_value": "3.3.4"
}
]
}
}
]
},
"vendor_name": "Blaz K."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Nguy Minh Tuan (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Rate my Post \u2013 WP Rating System plugin <= 3.3.4 at WordPress."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://patchstack.com/database/vulnerability/rate-my-post/wordpress-rate-my-post-wp-rating-system-plugin-3-3-4-cross-site-request-forgery-csrf-vulnerability/_s_id=cve",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/rate-my-post/wordpress-rate-my-post-wp-rating-system-plugin-3-3-4-cross-site-request-forgery-csrf-vulnerability/_s_id=cve"
},
{
"name": "https://wordpress.org/plugins/rate-my-post/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/rate-my-post/#developers"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to 3.3.5 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

93
2022/40xxx/CVE-2022-40672.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-09-15T10:50:00.000Z",
"ID": "CVE-2022-40672",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress CPO Shortcodes plugin <= 1.5.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CPO Shortcodes (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 1.5.0",
"version_value": "1.5.0"
}
]
}
}
]
},
"vendor_name": "WPChill"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by ptsfence (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CPO Shortcodes plugin <= 1.5.0 at WordPress."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://patchstack.com/database/vulnerability/cpo-shortcodes/wordpress-cpo-shortcodes-plugin-1-5-0-authenticated-stored-cross-site-scripting-xss-vulnerability/_s_id=cve",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/cpo-shortcodes/wordpress-cpo-shortcodes-plugin-1-5-0-authenticated-stored-cross-site-scripting-xss-vulnerability/_s_id=cve"
},
{
"name": "https://wordpress.org/plugins/cpo-shortcodes/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/cpo-shortcodes/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

56
2022/40xxx/CVE-2022-40851.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-40851",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-40851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tenda AC15 V15.03.05.19 contained a stack overflow via the function fromAddressNat."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC15/addressNat.md",
"refsource": "MISC",
"name": "https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC15/addressNat.md"
}
]
}

56
2022/40xxx/CVE-2022-40854.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-40854",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-40854",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tenda AC18 router contained a stack overflow vulnerability in /goform/fast_setting_wifi_set"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC18/form_fast_setting_wifi_set.md",
"refsource": "MISC",
"name": "https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC18/form_fast_setting_wifi_set.md"
}
]
}

56
2022/40xxx/CVE-2022-40855.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-40855",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-40855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tenda W20E router V15.11.0.6 contains a stack overflow in the function formSetPortMapping with post request 'goform/setPortMapping/'. This vulnerability allows attackers to cause a Denial of Service (DoS) or Remote Code Execution (RCE) via the portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal, and portMappingExternal parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/CPSeek/Router-vuls/blob/main/Tenda/W20E/formSetPortMapping.md",
"refsource": "MISC",
"name": "https://github.com/CPSeek/Router-vuls/blob/main/Tenda/W20E/formSetPortMapping.md"
}
]
}

56
2022/40xxx/CVE-2022-40861.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-40861",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-40861",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tenda AC18 router V15.03.05.19 contains a stack overflow vulnerability in the formSetQosBand->FUN_0007db78 function with the request /goform/SetNetControlList/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC18/formSetQosBand.md",
"refsource": "MISC",
"name": "https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC18/formSetQosBand.md"
}
]
}

56
2022/40xxx/CVE-2022-40866.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-40866",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-40866",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formSetDebugCfg with request /goform/setDebugCfg/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/CPSeek/Router-vuls/blob/main/Tenda/W20E/setDebugCfg.md",
"refsource": "MISC",
"name": "https://github.com/CPSeek/Router-vuls/blob/main/Tenda/W20E/setDebugCfg.md"
}
]
}

56
2022/40xxx/CVE-2022-40867.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-40867",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-40867",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formIPMacBindDel with the request /goform/delIpMacBind/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/CPSeek/Router-vuls/blob/main/Tenda/W20E/formIPMacBindDel.md",
"refsource": "MISC",
"name": "https://github.com/CPSeek/Router-vuls/blob/main/Tenda/W20E/formIPMacBindDel.md"
}
]
}

56
2022/40xxx/CVE-2022-40868.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-40868",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-40868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formDelDhcpRule with the request /goform/delDhcpRules/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/CPSeek/Router-vuls/blob/main/Tenda/W20E/formDelDhcpRule.md",
"refsource": "MISC",
"name": "https://github.com/CPSeek/Router-vuls/blob/main/Tenda/W20E/formDelDhcpRule.md"
}
]
}