admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-04-13 16:01:46 +00:00
parent bc54b46d14
commit 3a5e0631e0
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
22 changed files with 253 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
2015/20xxx/CVE-2015-20107.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-20107",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Python (aka CPython) through 3.10.4, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugs.python.org/issue24778",
"refsource": "MISC",
"name": "https://bugs.python.org/issue24778"
},
{
"url": "https://github.com/python/cpython/issues/68966",
"refsource": "MISC",
"name": "https://github.com/python/cpython/issues/68966"
}
]
}
}

5
2018/5xxx/CVE-2018-5786.json
View File

@ -61,6 +61,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210801 [SECURITY] [DLA 2725-1] lrzip security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00001.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220413 [SECURITY] [DLA 2981-1] lrzip security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00012.html"
}
]
}

9
2019/6xxx/CVE-2019-6834.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@se.com",
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2019-6834",
"STATE": "PUBLIC"
},
@ -11,7 +11,7 @@
"product": {
"product_data": [
{
"product_name": "Software Update (SESU) SUT Service component",
"product_name": "Software Update (SESU) \u2013 SUT Service component",
"version": {
"version_data": [
{
@ -74,8 +74,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.se.com/ww/en/download/document/SEVD-2019-225-06/"
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2019-225-06/",
"name": "https://www.se.com/ww/en/download/document/SEVD-2019-225-06/"
}
]
},

5
2020/25xxx/CVE-2020-25467.json
View File

@ -61,6 +61,11 @@
"url": "https://github.com/ckolivas/lrzip/issues/163",
"refsource": "MISC",
"name": "https://github.com/ckolivas/lrzip/issues/163"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220413 [SECURITY] [DLA 2981-1] lrzip security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00012.html"
}
]
}

7
2021/22xxx/CVE-2021-22794.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@se.com",
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2021-22794",
"STATE": "PUBLIC"
},
@ -73,8 +73,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.se.com/ww/en/download/document/SEVD-2021-257-03/"
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2021-257-03/",
"name": "https://www.se.com/ww/en/download/document/SEVD-2021-257-03/"
}
]
},

7
2021/22xxx/CVE-2021-22795.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@se.com",
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2021-22795",
"STATE": "PUBLIC"
},
@ -73,8 +73,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.se.com/ww/en/download/document/SEVD-2021-257-03/"
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2021-257-03/",
"name": "https://www.se.com/ww/en/download/document/SEVD-2021-257-03/"
}
]
},

9
2021/22xxx/CVE-2021-22797.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@se.com",
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2021-22797",
"STATE": "PUBLIC"
},
@ -56,7 +56,7 @@
"description_data": [
{
"lang": "eng",
"value": "A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the engineering software. Affected Product: EcoStruxure Control Expert (V15.0 SP1 and prior, including former Unity Pro), EcoStruxure Process Expert (2020 and prior, including former HDCS), SCADAPack RemoteConnect for x70 (All versions) "
"value": "A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the engineering software. Affected Product: EcoStruxure Control Expert (V15.0 SP1 and prior, including former Unity Pro), EcoStruxure Process Expert (2020 and prior, including former HDCS), SCADAPack RemoteConnect for x70 (All versions)"
}
]
},
@ -94,8 +94,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.se.com/ww/en/download/document/SEVD-2021-257-01/"
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2021-257-01/",
"name": "https://www.se.com/ww/en/download/document/SEVD-2021-257-01/"
}
]
},

5
2021/27xxx/CVE-2021-27345.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/ckolivas/lrzip/issues/164",
"refsource": "MISC",
"name": "https://github.com/ckolivas/lrzip/issues/164"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220413 [SECURITY] [DLA 2981-1] lrzip security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00012.html"
}
]
}

5
2021/27xxx/CVE-2021-27347.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/ckolivas/lrzip/issues/165",
"refsource": "MISC",
"name": "https://github.com/ckolivas/lrzip/issues/165"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220413 [SECURITY] [DLA 2981-1] lrzip security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00012.html"
}
]
}

61
2021/42xxx/CVE-2021-42136.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-42136",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-42136",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes Functionality of REDCap 11.2.5 allows remote attackers to execute JavaScript code in the client's browser by storing said code as a Missing Data Code value. This can then be leveraged to execute a Cross-Site Request Forgery attack to escalate privileges to administrator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.project-redcap.org/",
"refsource": "MISC",
"name": "https://www.project-redcap.org/"
},
{
"refsource": "MISC",
"name": "https://redcap.med.usc.edu/_shib/assets/ChangeLog_Standard.pdf",
"url": "https://redcap.med.usc.edu/_shib/assets/ChangeLog_Standard.pdf"
}
]
}

9
2022/0xxx/CVE-2022-0221.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@se.com",
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2022-0221",
"STATE": "PUBLIC"
},
@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could result in information disclosure when opening a malicious solution file provided by an attacker with SCADAPack Workbench. This could be exploited to pass data from local files to a remote system controlled by an attacker. Affected Product: SCADAPack Workbench (6.6.8a and prior) "
"value": "A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could result in information disclosure when opening a malicious solution file provided by an attacker with SCADAPack Workbench. This could be exploited to pass data from local files to a remote system controlled by an attacker. Affected Product: SCADAPack Workbench (6.6.8a and prior)"
}
]
},
@ -74,8 +74,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.se.com/ww/en/download/document/SEVD-2022-087-01/"
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2022-087-01/",
"name": "https://www.se.com/ww/en/download/document/SEVD-2022-087-01/"
}
]
},

5
2022/0xxx/CVE-2022-0715.json
View File

@ -90,8 +90,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.se.com/ww/en/download/document/SEVD-2022-067-02/"
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2022-067-02/",
"name": "https://www.se.com/ww/en/download/document/SEVD-2022-067-02/"
}
]
},

5
2022/22xxx/CVE-2022-22805.json
View File

@ -68,8 +68,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.se.com/ww/en/download/document/SEVD-2022-067-02/"
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2022-067-02/",
"name": "https://www.se.com/ww/en/download/document/SEVD-2022-067-02/"
}
]
},

5
2022/22xxx/CVE-2022-22806.json
View File

@ -68,8 +68,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.se.com/ww/en/download/document/SEVD-2022-067-02/"
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2022-067-02/",
"name": "https://www.se.com/ww/en/download/document/SEVD-2022-067-02/"
}
]
},

5
2022/24xxx/CVE-2022-24231.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/nsparker1337/OpenSource/blob/main/Blind_XSS",
"refsource": "MISC",
"name": "https://github.com/nsparker1337/OpenSource/blob/main/Blind_XSS"
},
{
"refsource": "MISC",
"name": "https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2022/Simple-Student-Information",
"url": "https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2022/Simple-Student-Information"
}
]
}

5
2022/26xxx/CVE-2022-26291.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/ckolivas/lrzip/issues/206",
"refsource": "MISC",
"name": "https://github.com/ckolivas/lrzip/issues/206"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220413 [SECURITY] [DLA 2981-1] lrzip security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00012.html"
}
]
}

5
2022/28xxx/CVE-2022-28363.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/166647/Reprise-License-Manager-14.2-Cross-Site-Scripting-Information-Disclosure.html",
"url": "http://packetstormsecurity.com/files/166647/Reprise-License-Manager-14.2-Cross-Site-Scripting-Information-Disclosure.html"
},
{
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2022/Apr/1",
"url": "https://seclists.org/fulldisclosure/2022/Apr/1"
}
]
}

5
2022/28xxx/CVE-2022-28364.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/166647/Reprise-License-Manager-14.2-Cross-Site-Scripting-Information-Disclosure.html",
"url": "http://packetstormsecurity.com/files/166647/Reprise-License-Manager-14.2-Cross-Site-Scripting-Information-Disclosure.html"
},
{
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2022/Apr/1",
"url": "https://seclists.org/fulldisclosure/2022/Apr/1"
}
]
}

5
2022/28xxx/CVE-2022-28365.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/166647/Reprise-License-Manager-14.2-Cross-Site-Scripting-Information-Disclosure.html",
"url": "http://packetstormsecurity.com/files/166647/Reprise-License-Manager-14.2-Cross-Site-Scripting-Information-Disclosure.html"
},
{
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2022/Apr/1",
"url": "https://seclists.org/fulldisclosure/2022/Apr/1"
}
]
}

18
2022/29xxx/CVE-2022-29259.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-29259",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/29xxx/CVE-2022-29260.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-29260",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/29xxx/CVE-2022-29261.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-29261",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}