mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-05-06 18:53:08 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
286373011a
commit
46ca4fbcf4
@ -79,8 +79,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://support.lenovo.com/us/en/product_security/LEN-75210"
|
||||
"refsource": "MISC",
|
||||
"url": "https://support.lenovo.com/us/en/product_security/LEN-75210",
|
||||
"name": "https://support.lenovo.com/us/en/product_security/LEN-75210"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -35,7 +35,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A read-only authentication bypass vulnerability was reported in the Third Quarter 2021 release of Lenovo XClarity Controller (XCC) firmware affecting XCC devices configured in LDAP Authentication Only Mode and using an LDAP server that supports “unauthenticated bind”, such as Microsoft Active Directory. An unauthenticated user can gain read-only access to XCC in such a configuration, thereby allowing the XCC device configuration to be viewed but not changed.\nXCC devices configured to use local authentication, LDAP Authentication + Authorization Mode, or LDAP servers that support only “authenticated bind” and/or “anonymous bind” are not affected."
|
||||
"value": "A read-only authentication bypass vulnerability was reported in the Third Quarter 2021 release of Lenovo XClarity Controller (XCC) firmware affecting XCC devices configured in LDAP Authentication Only Mode and using an LDAP server that supports \u201cunauthenticated bind\u201d, such as Microsoft Active Directory. An unauthenticated user can gain read-only access to XCC in such a configuration, thereby allowing the XCC device configuration to be viewed but not changed. XCC devices configured to use local authentication, LDAP Authentication + Authorization Mode, or LDAP servers that support only \u201cauthenticated bind\u201d and/or \u201canonymous bind\u201d are not affected."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -73,8 +73,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://support.lenovo.com/us/en/product_security/LEN-72074"
|
||||
"refsource": "MISC",
|
||||
"url": "https://support.lenovo.com/us/en/product_security/LEN-72074",
|
||||
"name": "https://support.lenovo.com/us/en/product_security/LEN-72074"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -79,8 +79,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://support.lenovo.com/us/en/product_security/LEN-75210"
|
||||
"refsource": "MISC",
|
||||
"url": "https://support.lenovo.com/us/en/product_security/LEN-75210",
|
||||
"name": "https://support.lenovo.com/us/en/product_security/LEN-75210"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,18 +1,99 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "ics-cert@hq.dhs.gov",
|
||||
"DATE_PUBLIC": "2022-05-12T21:42:00.000Z",
|
||||
"ID": "CVE-2021-42700",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "Inkscape Out-of-bounds Read"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Inkscape",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "0.91"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Inkscape"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"credit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Tran Van Khang \u2013 khangkito (VinCSS), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
|
||||
}
|
||||
],
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Inkscape 0.19 is vulnerable to an out-of-bounds read, which may allow an attacker to have access to unauthorized information."
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "LOCAL",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 3.3,
|
||||
"baseSeverity": "LOW",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "NONE",
|
||||
"privilegesRequired": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "REQUIRED",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-125 Out-of-bounds Read"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Inkscape has fixed these vulnerabilities and recommends users update to Version Inkscape 1.0 or later."
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"discovery": "UNKNOWN"
|
||||
}
|
||||
}
|
||||
@ -1,18 +1,99 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "ics-cert@hq.dhs.gov",
|
||||
"DATE_PUBLIC": "2022-05-12T21:42:00.000Z",
|
||||
"ID": "CVE-2021-42702",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "Inkscape Access of Uninitialized Pointer"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Inkscape",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "0.91"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Inkscape"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"credit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Tran Van Khang \u2013 khangkito (VinCSS), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
|
||||
}
|
||||
],
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Inkscape version 0.19 can access an uninitialized pointer, which may allow an attacker to have access to unauthorized information."
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "LOCAL",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 3.3,
|
||||
"baseSeverity": "LOW",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "NONE",
|
||||
"privilegesRequired": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "REQUIRED",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-824 Access of Uninitialized Pointer"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Inkscape has fixed these vulnerabilities and recommends users update to Version Inkscape 1.0 or later."
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"discovery": "UNKNOWN"
|
||||
}
|
||||
}
|
||||
@ -1,18 +1,99 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "ics-cert@hq.dhs.gov",
|
||||
"DATE_PUBLIC": "2022-05-12T21:42:00.000Z",
|
||||
"ID": "CVE-2021-42704",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "Inkscape Out-of-bounds Write"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Inkscape",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "0.91"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Inkscape"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"credit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Tran Van Khang \u2013 khangkito (VinCSS), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
|
||||
}
|
||||
],
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Inkscape version 0.19 is vulnerable to an out-of-bounds write, which may allow an attacker to arbitrary execute code."
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "LOCAL",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 7.8,
|
||||
"baseSeverity": "HIGH",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"privilegesRequired": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "REQUIRED",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-787 Out-of-bounds Write"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Inkscape has fixed these vulnerabilities and recommends users update to Version Inkscape 1.0 or later."
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"discovery": "UNKNOWN"
|
||||
}
|
||||
}
|
||||
@ -123,8 +123,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
|
||||
"refsource": "MISC",
|
||||
"url": "https://iknow.lenovo.com.cn/detail/dc_200017.html",
|
||||
"name": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -123,8 +123,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
|
||||
"refsource": "MISC",
|
||||
"url": "https://iknow.lenovo.com.cn/detail/dc_200017.html",
|
||||
"name": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -123,8 +123,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
|
||||
"refsource": "MISC",
|
||||
"url": "https://iknow.lenovo.com.cn/detail/dc_200017.html",
|
||||
"name": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -123,8 +123,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
|
||||
"refsource": "MISC",
|
||||
"url": "https://iknow.lenovo.com.cn/detail/dc_200017.html",
|
||||
"name": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -123,8 +123,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
|
||||
"refsource": "MISC",
|
||||
"url": "https://iknow.lenovo.com.cn/detail/dc_200017.html",
|
||||
"name": "https://iknow.lenovo.com.cn/detail/dc_200017.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,18 +1,99 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security@snowsoftware.com",
|
||||
"ID": "CVE-2022-0883",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "Windows Unquoted/Trusted Service Paths"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Snow License Manager",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_name": "9",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "SNOW"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"credit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Software One"
|
||||
}
|
||||
],
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "SLM has an issue with Windows Unquoted/Trusted Service Paths Security Issue. All installations version 9.x.x prior to 9.20.1 should be patched."
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "LOCAL",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 7.3,
|
||||
"baseSeverity": "HIGH",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "REQUIRED",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-428 Unquoted Search Path or Element"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://community.snowsoftware.com/s/feed/0D5690000BsNCO6CQO",
|
||||
"name": "https://community.snowsoftware.com/s/feed/0D5690000BsNCO6CQO"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Upgrade to SLM SLM 9.20.1 or later"
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"discovery": "EXTERNAL"
|
||||
}
|
||||
}
|
||||
@ -79,8 +79,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://support.lenovo.com/us/en/product_security/LEN-79452"
|
||||
"refsource": "MISC",
|
||||
"url": "https://support.lenovo.com/us/en/product_security/LEN-79452",
|
||||
"name": "https://support.lenovo.com/us/en/product_security/LEN-79452"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -4,14 +4,58 @@
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-1734",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "n/a",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "kernel",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "Linux kernel versions prior to 5.18-rc6"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-416"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/torvalds/linux/commit/d270453a0d9ec10bb8a802a142fb1b3601a83098",
|
||||
"url": "https://github.com/torvalds/linux/commit/d270453a0d9ec10bb8a802a142fb1b3601a83098"
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine."
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -4,15 +4,148 @@
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-22787",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security@zoom.us",
|
||||
"DATE_PUBLIC": "2022-05-17T12:00:00.000Z",
|
||||
"TITLE": "Insufficient hostname validation during Clusterswitch message in Zoom Client for Meetings",
|
||||
"AKA": "Zoom Video Communications Inc",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"source": {
|
||||
"defect": [],
|
||||
"advisory": "",
|
||||
"discovery": "USER"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Zoom Video Communications Inc",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Zoom Client for Meetings for Android",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_name": "",
|
||||
"version_affected": "<",
|
||||
"version_value": "5.10.0",
|
||||
"platform": ""
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Zoom Client for Meetings for iOS",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_name": "",
|
||||
"version_affected": "<",
|
||||
"version_value": "5.10.0",
|
||||
"platform": ""
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Zoom Client for Meetings for Linux",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_name": "",
|
||||
"version_affected": "<",
|
||||
"version_value": "5.10.0",
|
||||
"platform": ""
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Zoom Client for Meetings for MacOS",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_name": "",
|
||||
"version_affected": "<",
|
||||
"version_value": "5.10.0",
|
||||
"platform": ""
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Zoom Client for Meetings for Windows",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_name": "",
|
||||
"version_affected": "<",
|
||||
"version_value": "5.10.0",
|
||||
"platform": ""
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Improper Input Validation"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.10.0 fails to properly validate the hostname during a server switch request. This issue could be used in a more sophisticated attack to trick an unsuspecting users client to connect to a malicious server when attempting to use Zoom services."
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://explore.zoom.us/en/trust/security/security-bulletin",
|
||||
"name": "https://explore.zoom.us/en/trust/security/security-bulletin"
|
||||
}
|
||||
]
|
||||
},
|
||||
"configuration": [],
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"version": "3.1",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "HIGH",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "LOW",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L",
|
||||
"baseScore": 5.9,
|
||||
"baseSeverity": "MEDIUM"
|
||||
}
|
||||
},
|
||||
"exploit": [],
|
||||
"work_around": [],
|
||||
"solution": [],
|
||||
"credit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Ivan Fratric of Google Project Zero"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -4,14 +4,78 @@
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-25161",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "n/a",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS); Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS); Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) Prior to 1.270"
|
||||
},
|
||||
{
|
||||
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) Prior to 1.270"
|
||||
},
|
||||
{
|
||||
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS Prior to 1.270"
|
||||
},
|
||||
{
|
||||
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS Prior to 1.270"
|
||||
},
|
||||
{
|
||||
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS Prior to 1.270"
|
||||
},
|
||||
{
|
||||
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS) Prior to 1.030"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Improper Input Validation"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-004_en.pdf",
|
||||
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-004_en.pdf"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://jvn.jp/vu/JVNVU95926817/index.html",
|
||||
"url": "https://jvn.jp/vu/JVNVU95926817/index.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS versions prior to 1.270 and Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS) versions prior to 1.030 allows a remote unauthenticated attacker to cause a DoS condition for the product's program execution or communication by sending specially crafted packets. System reset of the product is required for recovery."
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -4,14 +4,78 @@
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-25162",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "n/a",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS); Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS); Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) Prior to 1.270"
|
||||
},
|
||||
{
|
||||
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) Prior to 1.270"
|
||||
},
|
||||
{
|
||||
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS Prior to 1.270"
|
||||
},
|
||||
{
|
||||
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS Prior to 1.270"
|
||||
},
|
||||
{
|
||||
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS Prior to 1.270"
|
||||
},
|
||||
{
|
||||
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS) Prior to 1.030"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Improper Input Validation"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-004_en.pdf",
|
||||
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-004_en.pdf"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://jvn.jp/vu/JVNVU95926817/index.html",
|
||||
"url": "https://jvn.jp/vu/JVNVU95926817/index.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS versions prior to 1.270 and Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS) versions prior to 1.030 allows a remote unauthenticated attacker to cause a temporary DoS condition for the product's communication by sending specially crafted packets."
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,61 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-28924",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ID": "CVE-2022-28924",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "An information disclosure vulnerability in UniverSIS-Students before v1.5.0 allows attackers to obtain sensitive information via a crafted GET request to the endpoint /api/students/me/courses/."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://suumcuique.org/blog/posts/information-disclosure-vulnerability-universis",
|
||||
"refsource": "MISC",
|
||||
"name": "https://suumcuique.org/blog/posts/information-disclosure-vulnerability-universis"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,18 +1,105 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "audit@patchstack.com",
|
||||
"DATE_PUBLIC": "2022-05-17T11:20:00.000Z",
|
||||
"ID": "CVE-2022-29445",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "WordPress Popup Box plugin <= 2.1.2 - Authenticated Local File Inclusion (LFI) vulnerability"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Popup Box (WordPress plugin)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_name": "<= 2.1.2",
|
||||
"version_value": "2.1.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Wow-Company"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"credit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Vulnerability discovered by 0xB9 (Patchstack Alliance)"
|
||||
}
|
||||
],
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Popup Box plugin <= 2.1.2 at WordPress."
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 6.8,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"privilegesRequired": "HIGH",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "REQUIRED",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Local File Inclusion (LFI)"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://wordpress.org/plugins/popup-box/#developers",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://wordpress.org/plugins/popup-box/#developers"
|
||||
},
|
||||
{
|
||||
"name": "https://patchstack.com/database/vulnerability/popup-box/wordpress-popup-box-plugin-2-1-2-authenticated-local-file-inclusion-lfi-vulnerability",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://patchstack.com/database/vulnerability/popup-box/wordpress-popup-box-plugin-2-1-2-authenticated-local-file-inclusion-lfi-vulnerability"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Update to 2.2 or higher version."
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"discovery": "EXTERNAL"
|
||||
}
|
||||
}
|
||||
@ -4,14 +4,68 @@
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-30596",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "patrick@puiterwijk.org",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "n/a",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "moodle",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "Affects : 4.0, 3.11 to 3.11.6, 3.10 to 3.10.10, 3.9 to 3.9.13 and earlier unsupported versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://moodle.org/mod/forum/discuss.php?d=434578",
|
||||
"url": "https://moodle.org/mod/forum/discuss.php?d=434578"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2083583",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083583"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-74204",
|
||||
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-74204"
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk."
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user