admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-08 03:27:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-08-03 14:00:52 +00:00
parent 04ba0e7e83
commit 4eca307b71
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
5 changed files with 182 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2022/23xxx/CVE-2022-23442.json
View File

@ -71,7 +71,7 @@
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability [CWE-284] in FortiOS versions 6.2.0 through 6.2.11, 6.4.0 through 6.4.8 and 7.0.0 through 7.0.5\u00a0may allow an authenticated attacker with a restricted user profile to gather the checksum information about the other VDOMs\u00a0via CLI commands."
"value": "An improper access control vulnerability [CWE-284] in FortiOS versions 6.2.0 through 6.2.11, 6.4.0 through 6.4.8 and 7.0.0 through 7.0.5 may allow an authenticated attacker with a restricted user profile to gather the checksum information about the other VDOMs via CLI commands."
}
]
}

3
2022/27xxx/CVE-2022-27484.json
View File

@ -71,8 +71,7 @@
"description_data": [
{
"lang": "eng",
"value": "A unverified password change in Fortinet FortiADC version 6.2.0 through 6.2.3, 6.1.x, 6.0.x, 5.x.x allows an authenticated attacker to bypass the Old Password\u00a0check\u00a0in the password change form via\u00a0a crafted HTTP request."
"value": "A unverified password change in Fortinet FortiADC version 6.2.0 through 6.2.3, 6.1.x, 6.0.x, 5.x.x allows an authenticated attacker to bypass the Old Password check in the password change form via a crafted HTTP request."
}
]
}

61
2022/32xxx/CVE-2022-32292.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-32292",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-32292",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1200189",
"refsource": "MISC",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1200189"
},
{
"refsource": "CONFIRM",
"name": "https://lore.kernel.org/connman/20220801080043.4861-5-wagi@monom.org/",
"url": "https://lore.kernel.org/connman/20220801080043.4861-5-wagi@monom.org/"
}
]
}

66
2022/32xxx/CVE-2022-32293.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-32293",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-32293",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1200190",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1200190"
},
{
"refsource": "CONFIRM",
"name": "https://lore.kernel.org/connman/20220801080043.4861-3-wagi@monom.org/",
"url": "https://lore.kernel.org/connman/20220801080043.4861-3-wagi@monom.org/"
},
{
"refsource": "MISC",
"name": "https://lore.kernel.org/connman/20220801080043.4861-1-wagi@monom.org/",
"url": "https://lore.kernel.org/connman/20220801080043.4861-1-wagi@monom.org/"
}
]
}

71
2022/36xxx/CVE-2022-36359.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-36359",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-36359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://docs.djangoproject.com/en/4.0/releases/security/",
"refsource": "MISC",
"name": "https://docs.djangoproject.com/en/4.0/releases/security/"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220803 Django: CVE-2022-36359: Potential reflected file download vulnerability in FileResponse.",
"url": "http://www.openwall.com/lists/oss-security/2022/08/03/1"
},
{
"refsource": "MISC",
"name": "https://groups.google.com/g/django-announce/c/8cz--gvaJr4",
"url": "https://groups.google.com/g/django-announce/c/8cz--gvaJr4"
},
{
"refsource": "CONFIRM",
"name": "https://www.djangoproject.com/weblog/2022/aug/03/security-releases/",
"url": "https://www.djangoproject.com/weblog/2022/aug/03/security-releases/"
}
]
}