admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #649 from CVEProject/master

Browse Source 
XFA Rebase
This commit is contained in:
Scott Moore 2022-08-01 11:36:23 -04:00 committed by GitHub
commit 598fc0f0c6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
359 changed files with 9886 additions and 702 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2020/13xxx/CVE-2020-13692.json
View File

@ -116,6 +116,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-5a31ccfe66",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC/"
},
{
"refsource": "DEBIAN",
"name": "DSA-5196",
"url": "https://www.debian.org/security/2022/dsa-5196"
}
]
}

5
2020/8xxx/CVE-2020-8218.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
},
{
"refsource": "MISC",
"name": "https://www.gosecure.net/blog/2020/11/13/forget-your-perimeter-part-2-four-vulnerabilities-in-pulse-connect-secure/",
"url": "https://www.gosecure.net/blog/2020/11/13/forget-your-perimeter-part-2-four-vulnerabilities-in-pulse-connect-secure/"
}
]
},

5
2020/8xxx/CVE-2020-8238.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44588",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44588"
},
{
"refsource": "MISC",
"name": "https://www.gosecure.net/blog/2020/11/13/forget-your-perimeter-part-2-four-vulnerabilities-in-pulse-connect-secure/",
"url": "https://www.gosecure.net/blog/2020/11/13/forget-your-perimeter-part-2-four-vulnerabilities-in-pulse-connect-secure/"
}
]
},

5
2020/8xxx/CVE-2020-8256.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44588",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44588"
},
{
"refsource": "MISC",
"name": "https://www.gosecure.net/blog/2020/11/13/forget-your-perimeter-part-2-four-vulnerabilities-in-pulse-connect-secure/",
"url": "https://www.gosecure.net/blog/2020/11/13/forget-your-perimeter-part-2-four-vulnerabilities-in-pulse-connect-secure/"
}
]
},

4
2021/24xxx/CVE-2021-24347.json
View File

@ -66,7 +66,7 @@
{
"description": [
{
"value": "CWE-94 Improper Control of Generation of Code ('Code Injection')",
"value": "CWE-178 Improper Handling of Case Sensitivity",
"lang": "eng"
}
]
@ -82,4 +82,4 @@
"source": {
"discovery": "UNKNOWN"
}
}
}

8
2021/24xxx/CVE-2021-24349.json
View File

@ -60,6 +60,14 @@
"lang": "eng"
}
]
},
{
"description": [
{
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "eng"
}
]
}
]
},

4
2021/24xxx/CVE-2021-24728.json
View File

@ -66,7 +66,7 @@
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"value": "CWE-89 SQL Injection",
"lang": "eng"
}
]
@ -82,4 +82,4 @@
"source": {
"discovery": "UNKNOWN"
}
}
}

2
2021/24xxx/CVE-2021-24739.json
View File

@ -56,7 +56,7 @@
{
"description": [
{
"value": "CWE-285 Improper Authorization",
"value": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "eng"
}
]

8
2021/24xxx/CVE-2021-24822.json
View File

@ -60,6 +60,14 @@
"lang": "eng"
}
]
},
{
"description": [
{
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "eng"
}
]
}
]
},

12
2021/24xxx/CVE-2021-24836.json
View File

@ -56,7 +56,15 @@
{
"description": [
{
"value": "CWE-863 Incorrect Authorization",
"value": "CWE-862 Missing Authorization",
"lang": "eng"
}
]
},
{
"description": [
{
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "eng"
}
]
@ -72,4 +80,4 @@
"source": {
"discovery": "EXTERNAL"
}
}
}

4
2021/25xxx/CVE-2021-25094.json
View File

@ -66,7 +66,7 @@
{
"description": [
{
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"value": "CWE-306 Missing Authentication for Critical Function",
"lang": "eng"
}
]
@ -82,4 +82,4 @@
"source": {
"discovery": "EXTERNAL"
}
}
}

5
2021/40xxx/CVE-2021-40180.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://arxiv.org/pdf/2205.15202.pdf",
"url": "https://arxiv.org/pdf/2205.15202.pdf"
},
{
"refsource": "MISC",
"name": "https://github.com/BESTICSP/Vulnerabilities-Related-to-Mini-Programs-Permissions/blob/main/WX%20applet%20contact%20permission%20vulnerability%20report.pdf",
"url": "https://github.com/BESTICSP/Vulnerabilities-Related-to-Mini-Programs-Permissions/blob/main/WX%20applet%20contact%20permission%20vulnerability%20report.pdf"
}
]
}

4
2022/0xxx/CVE-2022-0594.json
View File

@ -56,7 +56,7 @@
{
"description": [
{
"value": "CWE-200 Information Exposure",
"value": "CWE-863 Incorrect Authorization",
"lang": "eng"
}
]
@ -72,4 +72,4 @@
"source": {
"discovery": "EXTERNAL"
}
}
}

89
2022/0xxx/CVE-2022-0598.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-0598",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-0598",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Login with phone number <= 1.3.7 - Multiple Admin+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Login with phone number",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.3.7",
"version_value": "1.3.7"
}
]
}
}
]
}
}
]
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Login with phone number WordPress plugin through 1.3.7 do not sanitise and escape plugin settings which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/4688d39e-ac9b-47f5-a4c1-f9548b63c68c",
"name": "https://wpscan.com/vulnerability/4688d39e-ac9b-47f5-a4c1-f9548b63c68c"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Michal Lipinski"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2022/1xxx/CVE-2022-1324.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1324",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-1324",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Event Timeline <= 1.1.5 - Admin+ Stored Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Event Timeline Vertical Timeline",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.1.5",
"version_value": "1.1.5"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Event Timeline WordPress plugin through 1.1.5 does not sanitize and escape Timeline Text, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/2ce2a387-acc8-482a-9452-a4d9acb187fd",
"name": "https://wpscan.com/vulnerability/2ce2a387-acc8-482a-9452-a4d9acb187fd"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Fayçal CHENA"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

10
2022/1xxx/CVE-2022-1391.json
View File

@ -3,7 +3,7 @@
"ID": "CVE-2022-1391",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Cab fare calculator <= 1.0.3 - Unauthenticated LFI"
"TITLE": "Cab fare calculator < 1.0.4 - Unauthenticated LFI"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -21,9 +21,9 @@
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0.3",
"version_value": "1.0.3"
"version_affected": "<",
"version_name": "1.0.4",
"version_value": "1.0.4"
}
]
}
@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "The Cab fare calculator WordPress plugin through 1.0.3 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues."
"value": "The Cab fare calculator WordPress plugin before 1.0.4 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues."
}
]
},

126
2022/1xxx/CVE-2022-1561.json
View File

@ -1,18 +1,132 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-coordination@incibe.es",
"DATE_PUBLIC": "2022-07-29T08:00:00.000Z",
"ID": "CVE-2022-1561",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Crafted backend URLs in Lura Project"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Lura Project",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "v2.0.2",
"version_value": "v2.0.2"
}
]
}
},
{
"product_name": "KrakenD-CE",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "v2.0.2",
"version_value": "v2.0.2"
}
]
}
},
{
"product_name": "KrakenD-EE",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "v2.0.0",
"version_value": "v2.0.0"
}
]
}
}
]
},
"vendor_name": "KrakenD"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Discovered by Github user Fepame"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Lura and KrakenD-CE versions older than v2.0.2 and KrakenD-EE versions older than v2.0.0 do not sanitize URL parameters correctly, allowing a malicious user to alter the backend URL defined for a pipe when remote users send crafty URL requests. The vulnerability does not affect KrakenD itself, but the consumed backend might be vulnerable."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-471: Modification of Assumed-Immutable Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.incibe-cert.es/en/early-warning/security-advisories/crafted-backend-urls-lura-project",
"refsource": "CONFIRM",
"url": "https://www.incibe-cert.es/en/early-warning/security-advisories/crafted-backend-urls-lura-project"
},
{
"name": "https://www.krakend.io/blog/cve-2022-1561-crafted-backend-urls/",
"refsource": "CONFIRM",
"url": "https://www.krakend.io/blog/cve-2022-1561-crafted-backend-urls/"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Lura Project and KrakenD-CE users must upgrade to v2.0.2 or higher. KrakenD-EE users must upgrade to v2.0.0 or higher."
}
],
"source": {
"defect": [
"INC-2022-0049"
],
"discovery": "EXTERNAL"
}
}

87
2022/1xxx/CVE-2022-1585.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1585",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-1585",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Project Source Code Download <= 1.0.0 - Unauthenticated Backup Download"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "WordPress project source code download",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0.0",
"version_value": "1.0.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/e709958c-7bce-45d7-9a0a-6e0ed12cd03f",
"name": "https://wpscan.com/vulnerability/e709958c-7bce-45d7-9a0a-6e0ed12cd03f"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Daniel Ruf"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

89
2022/1xxx/CVE-2022-1600.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1600",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-1600",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "YOP Poll < 6.4.3 - IP Spoofing"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "YOP Poll",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6.4.3",
"version_value": "6.4.3"
}
]
}
}
]
}
}
]
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/2b7445fd-0992-47cd-9a48-f5f18d8171f7",
"name": "https://wpscan.com/vulnerability/2b7445fd-0992-47cd-9a48-f5f18d8171f7"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Daniel Ruf"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2022/1xxx/CVE-2022-1906.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1906",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-1906",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Copyright Proof <= 4.16 - Reflected Cross-Site-Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Copyright Proof",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "4.16",
"version_value": "4.16"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Copyright Proof WordPress plugin through 4.16 does not sanitise and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting when a specific setting is enabled."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/af4f459e-e60b-4384-aad9-0dc18aa3b338",
"name": "https://wpscan.com/vulnerability/af4f459e-e60b-4384-aad9-0dc18aa3b338"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "cydave"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

12
2022/1xxx/CVE-2022-1937.json
View File

@ -3,7 +3,7 @@
"ID": "CVE-2022-1937",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Awin Data Feed <= 1.6 - Reflected Cross-Site Scripting"
"TITLE": "Awin Data Feed < 1.8 - Reflected Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -21,9 +21,9 @@
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.6",
"version_value": "1.6"
"version_affected": "<",
"version_name": "1.8",
"version_value": "1.8"
}
]
}
@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "The Awin Data Feed WordPress plugin through 1.6 does not sanitise and escape a parameter before outputting it back via an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting"
"value": "The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a parameter before outputting it back via an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting"
}
]
},
@ -56,7 +56,7 @@
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"value": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "eng"
}
]

12
2022/1xxx/CVE-2022-1938.json
View File

@ -3,7 +3,7 @@
"ID": "CVE-2022-1938",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Awin Data Feed <= 1.6 - Unauthenticated Stored Cross-Site Scripting"
"TITLE": "Awin Data Feed < 1.8 - Unauthenticated Stored Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -21,9 +21,9 @@
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.6",
"version_value": "1.6"
"version_affected": "<",
"version_name": "1.8",
"version_value": "1.8"
}
]
}
@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "The Awin Data Feed WordPress plugin through 1.6 does not sanitise and escape a header when processing request to generate analytics data, allowing unauthenticated users to perform Stored Cross-Site Scripting attacks against a logged in admin viewing the plugin's settings"
"value": "The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a header when processing request to generate analytics data, allowing unauthenticated users to perform Stored Cross-Site Scripting attacks against a logged in admin viewing the plugin's settings"
}
]
},
@ -56,7 +56,7 @@
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"value": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "eng"
}
]

87
2022/1xxx/CVE-2022-1950.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1950",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-1950",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Youzify < 1.2.0 - Unauthenticated SQLi"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Youzify BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.2.0",
"version_value": "1.2.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/4352283f-dd43-4827-b417-0c55d0f4637d",
"name": "https://wpscan.com/vulnerability/4352283f-dd43-4827-b417-0c55d0f4637d"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-89 SQL Injection",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "cydave"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

5
2022/21xxx/CVE-2022-21724.json
View File

@ -93,6 +93,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220520 [SECURITY] [DLA 3018-1] libpgjava security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00027.html"
},
{
"refsource": "DEBIAN",
"name": "DSA-5196",
"url": "https://www.debian.org/security/2022/dsa-5196"
}
]
},

50
2022/21xxx/CVE-2022-21788.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-21788",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT6879, MT6895, MT6983",
"version": {
"version_data": [
{
"version_value": "Android 12.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/August-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/August-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In scp, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06988728; Issue ID: ALPS06988728."
}
]
}

50
2022/21xxx/CVE-2022-21789.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-21789",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT6779, MT6781, MT6785, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8791, MT8797, MT8798",
"version": {
"version_data": [
{
"version_value": "Android 11.0, 12.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/August-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/August-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In audio ipi, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478101; Issue ID: ALPS06478101."
}
]
}

50
2022/21xxx/CVE-2022-21790.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-21790",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT6833, MT6853, MT6873, MT6877, MT6893",
"version": {
"version_data": [
{
"version_value": "Android 11.0, 12.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/August-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/August-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In camera isp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479306; Issue ID: ALPS06479306."
}
]
}

50
2022/21xxx/CVE-2022-21791.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-21791",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT6833, MT6853, MT6873, MT6877, MT6885, MT6893",
"version": {
"version_data": [
{
"version_value": "Android 11.0, 12.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/August-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/August-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In camera isp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478059; Issue ID: ALPS06478059."
}
]
}

50
2022/21xxx/CVE-2022-21792.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-21792",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6893",
"version": {
"version_data": [
{
"version_value": "Android 11.0, 12.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/August-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/August-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07085410; Issue ID: ALPS07085410."
}
]
}

96
2022/22xxx/CVE-2022-22334.json
View File

@ -1,18 +1,96 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-22334",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user to access information from a tenant of which they should not have access. IBM X-Force ID: 219391."
}
]
},
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
},
"BM": {
"S": "U",
"AC": "H",
"I": "L",
"A": "N",
"C": "L",
"AV": "N",
"PR": "L",
"SCORE": "4.200",
"UI": "N"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Robotic Process Automation",
"version": {
"version_data": [
{
"version_value": "21.0.0"
},
{
"version_value": "21.0.1"
},
{
"version_value": "21.0.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_type": "CVE",
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6608550",
"name": "https://www.ibm.com/support/pages/node/6608550",
"title": "IBM Security Bulletin 6608550 (Robotic Process Automation)",
"refsource": "CONFIRM"
},
{
"name": "ibm-rpa-cve202222334-info-disc (219391)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/219391",
"refsource": "XF",
"title": "X-Force Vulnerability Report"
}
]
},
"data_format": "MITRE",
"CVE_data_meta": {
"DATE_PUBLIC": "2022-07-29T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2022-22334",
"STATE": "PUBLIC"
}
}

98
2022/22xxx/CVE-2022-22505.json
View File

@ -1,17 +1,95 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-22505",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow IBM tenant credentials to be exposed. IBM X-Force ID: 227288.",
"lang": "eng"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"impact": {
"cvssv3": {
"BM": {
"AV": "P",
"PR": "N",
"SCORE": "4.600",
"UI": "N",
"I": "N",
"AC": "L",
"A": "N",
"C": "H",
"S": "U"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"CVE_data_meta": {
"DATE_PUBLIC": "2022-07-29T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2022-22505",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "21.0.0"
},
{
"version_value": "21.0.1"
},
{
"version_value": "21.0.2"
}
]
},
"product_name": "Robotic Process Automation"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_type": "CVE",
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6608404",
"name": "https://www.ibm.com/support/pages/node/6608404",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6608404 (Robotic Process Automation)"
},
{
"name": "ibm-rpa-cve202222505-info-disc (227288)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/227288",
"title": "X-Force Vulnerability Report",
"refsource": "XF"
}
]
}

97
2022/26xxx/CVE-2022-26308.json
View File

@ -1,18 +1,103 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@pandorafms.com",
"DATE_PUBLIC": "2022-05-13T08:00:00.000Z",
"ID": "CVE-2022-26308",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Improper Access Control in Configuration (Credential store) "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pandora FMS",
"version": {
"version_data": [
{
"platform": "all",
"version_affected": "<=",
"version_name": "v760",
"version_value": "v760"
}
]
}
}
]
},
"vendor_name": "Artica PFMS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Pandora FMS v7.0NG.760 and below allows an improper access control in Configuration (Credential store) where a user with the role of Operator (Write) could create, delete, view existing keys which are outside the intended role."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",
"refsource": "CONFIRM",
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
},
{
"name": "https://www.incibe.es/en/cve-assignment-publication/coordinated-cves",
"refsource": "CONFIRM",
"url": "https://www.incibe.es/en/cve-assignment-publication/coordinated-cves"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Fixed in v761"
}
],
"source": {
"defect": [
"4844"
],
"discovery": "EXTERNAL"
}
}

94
2022/26xxx/CVE-2022-26309.json
View File

@ -1,18 +1,100 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@pandorafms.com",
"DATE_PUBLIC": "2022-05-13T08:00:00.000Z",
"ID": "CVE-2022-26309",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Cross-Site Request en Bulk operation (User operation)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pandora FMS",
"version": {
"version_data": [
{
"platform": "all",
"version_affected": "<=",
"version_name": "v760",
"version_value": "v760"
}
]
}
}
]
},
"vendor_name": "Artica PFMS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Pandora FMS v7.0NG.759 allows Cross-Site Request Forgery in Bulk operation (User operation) resulting in elevation of privilege to Administrator group."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",
"refsource": "CONFIRM",
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
},
{
"name": "https://www.incibe.es/en/cve-assignment-publication/coordinated-cves",
"refsource": "CONFIRM",
"url": "https://www.incibe.es/en/cve-assignment-publication/coordinated-cves"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Fixed in v761"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

97
2022/26xxx/CVE-2022-26310.json
View File

@ -1,18 +1,103 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@pandorafms.com",
"DATE_PUBLIC": "2022-05-13T08:00:00.000Z",
"ID": "CVE-2022-26310",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Improper Authorization in User Management to Vertical Privilege Escalation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pandora FMS",
"version": {
"version_data": [
{
"platform": "all",
"version_affected": "<=",
"version_name": "v760",
"version_value": "v760"
}
]
}
}
]
},
"vendor_name": "Artica PFMS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Pandora FMS v7.0NG.760 and below allows an improper authorization in User Management where any authenticated user with access to the User Management module could create, modify or delete any user with full admin privilege. The impact could lead to a vertical privilege escalation to access the privileges of a higher-level user or typically an admin user."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",
"refsource": "CONFIRM",
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
},
{
"name": "https://www.incibe.es/en/cve-assignment-publication/coordinated-cves",
"refsource": "CONFIRM",
"url": "https://www.incibe.es/en/cve-assignment-publication/coordinated-cves"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Fixed in v761"
}
],
"source": {
"defect": [
"Ticket#4847"
],
"discovery": "EXTERNAL"
}
}

50
2022/26xxx/CVE-2022-26426.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26426",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT6833, MT6853, MT6873, MT6877, MT6893, MT8167, MT8167S, MT8168, MT8175, MT8185, MT8362A, MT8365, MT8385, MT8666, MT8675, MT8765, MT8786, MT8788, MT8789, MT8791, MT8797",
"version": {
"version_data": [
{
"version_value": "Android 11.0, 12.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/August-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/August-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07085486; Issue ID: ALPS07085486."
}
]
}

50
2022/26xxx/CVE-2022-26427.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26427",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT6833, MT6853, MT6873, MT6877, MT6893",
"version": {
"version_data": [
{
"version_value": "Android 11.0, 12.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/August-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/August-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07085540; Issue ID: ALPS07085540."
}
]
}

50
2022/26xxx/CVE-2022-26428.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26428",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT6739, MT6761, MT6765, MT6771, MT8163, MT8167, MT8173, MT8183, MT8362A, MT8385, MT8695",
"version": {
"version_data": [
{
"version_value": "Android 11.0, 12.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/August-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/August-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In video codec, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06521260; Issue ID: ALPS06521260."
}
]
}

50
2022/26xxx/CVE-2022-26429.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26429",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT6580, MT6735, MT6739, MT6757, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8168, MT8173, MT8185, MT8321, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797",
"version": {
"version_data": [
{
"version_value": "Android 11.0, 12.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/August-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/August-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In cta, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07025415; Issue ID: ALPS07025415."
}
]
}

50
2022/26xxx/CVE-2022-26430.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26430",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT6833, MT6853, MT6873, MT6877, MT6879, MT6885, MT6893, MT6895, MT6983, MT8185, MT8321, MT8385, MT8532, MT8666, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797",
"version": {
"version_data": [
{
"version_value": "Android 11.0, 12.0 or Yocto 3.1, 3.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/August-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/August-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032521; Issue ID: ALPS07032521."
}
]
}

50
2022/26xxx/CVE-2022-26431.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26431",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT6833, MT6853, MT6873, MT6877, MT6879, MT6885, MT6893, MT6895, MT6983, MT8185, MT8321, MT8385, MT8532, MT8666, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797",
"version": {
"version_data": [
{
"version_value": "Android 11.0, 12.0 or Yocto 3.1, 3.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/August-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/August-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032553; Issue ID: ALPS07032553."
}
]
}

50
2022/26xxx/CVE-2022-26432.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26432",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT6833, MT6853, MT6873, MT6877, MT6879, MT6885, MT6893, MT6895, MT6983, MT8185, MT8321, MT8385, MT8532, MT8666, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797",
"version": {
"version_data": [
{
"version_value": "Android 11.0, 12.0 or Yocto 3.1, 3.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/August-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/August-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032542; Issue ID: ALPS07032542."
}
]
}

50
2022/26xxx/CVE-2022-26433.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26433",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT6833, MT6853, MT6873, MT6877, MT6879, MT6885, MT6893, MT6895, MT6983, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8532, MT8666, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797",
"version": {
"version_data": [
{
"version_value": "Android 11.0, 12.0 or Yocto 3.1, 3.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/August-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/August-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138400; Issue ID: ALPS07138400."
}
]
}

50
2022/26xxx/CVE-2022-26434.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26434",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT6833, MT6853, MT6873, MT6877, MT6879, MT6885, MT6893, MT6895, MT6983, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8532, MT8666, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797",
"version": {
"version_data": [
{
"version_value": "Android 11.0, 12.0 or Yocto 3.1, 3.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/August-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/August-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138450; Issue ID: ALPS07138450."
}
]
}

50
2022/26xxx/CVE-2022-26435.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26435",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT6833, MT6853, MT6873, MT6877, MT6879, MT6885, MT6893, MT6895, MT6983, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8532, MT8666, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797",
"version": {
"version_data": [
{
"version_value": "Android 11.0, 12.0 or Yocto 3.1, 3.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/August-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/August-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138435; Issue ID: ALPS07138435."
}
]
}

50
2022/26xxx/CVE-2022-26436.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26436",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT6855, MT6879, MT6895, MT6983",
"version": {
"version_data": [
{
"version_value": "Android 12.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/August-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/August-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In emi mpu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07023666; Issue ID: ALPS07023666."
}
]
}

50
2022/26xxx/CVE-2022-26437.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26437",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT2621, MT2625",
"version": {
"version_data": [
{
"version_value": "NBIOT SDK V2.8.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/August-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/August-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In httpclient, there is a possible out of bounds write due to uninitialized data. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WSAP00103831; Issue ID: WSAP00103831."
}
]
}

50
2022/26xxx/CVE-2022-26438.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26438",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT7603, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915, MT7916, MT7986, MT8981",
"version": {
"version_data": [
{
"version_value": "7.6.2.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/August-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/August-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420013; Issue ID: GN20220420013."
}
]
}

50
2022/26xxx/CVE-2022-26439.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26439",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT7603, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915, MT7916, MT7986, MT8981",
"version": {
"version_data": [
{
"version_value": "7.6.2.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/August-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/August-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420020; Issue ID: GN20220420020."
}
]
}

50
2022/26xxx/CVE-2022-26440.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26440",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT7603, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915, MT7916, MT7986, MT8981",
"version": {
"version_data": [
{
"version_value": "7.6.2.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/August-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/August-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420037; Issue ID: GN20220420037."
}
]
}

50
2022/26xxx/CVE-2022-26441.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26441",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT7603, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915, MT7916, MT7986, MT8981",
"version": {
"version_data": [
{
"version_value": "7.6.2.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/August-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/August-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420044; Issue ID: GN20220420044."
}
]
}

50
2022/26xxx/CVE-2022-26442.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26442",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT7603, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915, MT7916, MT7986, MT8981",
"version": {
"version_data": [
{
"version_value": "7.6.2.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/August-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/August-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420051; Issue ID: GN20220420051."
}
]
}

50
2022/26xxx/CVE-2022-26443.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26443",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT7603, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915, MT7916, MT7986, MT8981",
"version": {
"version_data": [
{
"version_value": "7.6.2.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/August-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/August-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420068; Issue ID: GN20220420068."
}
]
}

50
2022/26xxx/CVE-2022-26444.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26444",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT7603, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915, MT7916, MT7986, MT8981",
"version": {
"version_data": [
{
"version_value": "7.6.2.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/August-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/August-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420075; Issue ID: GN20220420075."
}
]
}

50
2022/26xxx/CVE-2022-26445.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26445",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT7603, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915, MT7916, MT7986, MT8981",
"version": {
"version_data": [
{
"version_value": "7.6.2.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/August-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/August-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420088; Issue ID: GN20220420088."
}
]
}

5
2022/26xxx/CVE-2022-26520.json
View File

@ -71,6 +71,11 @@
"url": "https://jdbc.postgresql.org/documentation/head/tomcat.html",
"refsource": "MISC",
"name": "https://jdbc.postgresql.org/documentation/head/tomcat.html"
},
{
"refsource": "DEBIAN",
"name": "DSA-5196",
"url": "https://www.debian.org/security/2022/dsa-5196"
}
]
}

61
2022/27xxx/CVE-2022-27255.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-27255",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-27255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow. This allows an attacker to remotely execute code without authentication via a crafted SIP packet that contains malicious SDP data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://source.android.com/security/bulletin/2022-06-01",
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2022-06-01"
},
{
"refsource": "MISC",
"name": "https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2022-27255.pdf",
"url": "https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2022-27255.pdf"
}
]
}

87
2022/2xxx/CVE-2022-2170.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2170",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-2170",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Microsoft Advertising Universal Event Tracking < 1.0.4 - Admin+ Stored Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Microsoft Advertising Universal Event Tracking (UET)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.0.4",
"version_value": "1.0.4"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Microsoft Advertising Universal Event Tracking (UET) WordPress plugin before 1.0.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. Due to the nature of this plugin, well crafted XSS can also leak into the frontpage."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/6eaef938-ce98-4d57-8a1d-fa9d1ae3d6ed",
"name": "https://wpscan.com/vulnerability/6eaef938-ce98-4d57-8a1d-fa9d1ae3d6ed"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Chowdhury Faizal Ahammed"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2022/2xxx/CVE-2022-2171.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2171",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-2171",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Progressive License <= 1.1.0 - CSRF to Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Progressive License",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.1.0",
"version_value": "1.1.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Progressive License WordPress plugin through 1.1.0 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the settings, this could lead to Stored XSS issue which will be triggered in the frontend as well."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/11937296-7ecf-4b94-b274-06f7990dbede",
"name": "https://wpscan.com/vulnerability/11937296-7ecf-4b94-b274-06f7990dbede"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Daniel Ruf"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2022/2xxx/CVE-2022-2181.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2181",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-2181",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Advanced WordPress Reset < 1.6 - Reflected Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Advanced WordPress Reset",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.6",
"version_value": "1.6"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Advanced WordPress Reset WordPress plugin before 1.6 does not escape some generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/68ddf343-6e69-44a7-bd33-72004053d41e",
"name": "https://wpscan.com/vulnerability/68ddf343-6e69-44a7-bd33-72004053d41e"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "ZhongFu Su(JrXnm) of WuHan University"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

95
2022/2xxx/CVE-2022-2184.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2184",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-2184",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "CAPTCHA 4WP < 7.1.0 - Local File Inclusion via CSRF"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "CAPTCHA 4WP",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7.1.0",
"version_value": "7.1.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CAPTCHA 4WP WordPress plugin before 7.1.0 lets user input reach a sensitive require_once call in one of its admin-side templates. This can be abused by attackers, via a Cross-Site Request Forgery attack to run arbitrary code on the server."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/e777784f-5ba0-4966-be27-e0a0cbbfe056",
"name": "https://wpscan.com/vulnerability/e777784f-5ba0-4966-be27-e0a0cbbfe056"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"lang": "eng"
}
]
},
{
"description": [
{
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "ZhongFu Su(JrXnm) of WuHan University"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2022/2xxx/CVE-2022-2215.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2215",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-2215",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "GiveWP < 2.21.3 - Admin+ Stored Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "GiveWP Donation Plugin and Fundraising Platform",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.21.3",
"version_value": "2.21.3"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GiveWP WordPress plugin before 2.21.3 does not properly sanitise and escape the currency settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/daa9b6c1-1ee1-434c-9f88-fd273b7e20bb",
"name": "https://wpscan.com/vulnerability/daa9b6c1-1ee1-434c-9f88-fd273b7e20bb"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Raad Haddad"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

89
2022/2xxx/CVE-2022-2241.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2241",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-2241",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Featured Image from URL < 4.0.0 - Arbitrary Settings Update to Stored XSS via CSRF"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Featured Image from URL (FIFU)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.0.0",
"version_value": "4.0.0"
}
]
}
}
]
}
}
]
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Featured Image from URL (FIFU) WordPress plugin before 4.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of validation, sanitisation and escaping in some of them, it could also lead to Stored XSS issues"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/8670d196-972b-491b-8d9b-25994a345f57",
"name": "https://wpscan.com/vulnerability/8670d196-972b-491b-8d9b-25994a345f57"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Raad Haddad"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2022/2xxx/CVE-2022-2245.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2245",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-2245",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Counter Box < 1.2.1 - Arbitrary Counter Activation/Deactivation via CSRF"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Counter Box WordPress plugin for countdown, timer, counter",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.2.1",
"version_value": "1.2.1"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Counter Box WordPress plugin before 1.2.1 is lacking CSRF check when activating and deactivating counters, which could allow attackers to make a logged in admin perform such actions via CSRF attacks"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/33705003-1f82-4b0c-9b4b-d4de75da309c",
"name": "https://wpscan.com/vulnerability/33705003-1f82-4b0c-9b4b-d4de75da309c"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Raad Haddad"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

89
2022/2xxx/CVE-2022-2260.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2260",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-2260",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "GiveWP < 2.21.3 - DoS via CSRF"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "GiveWP Donation Plugin and Fundraising Platform",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.21.3",
"version_value": "2.21.3"
}
]
}
}
]
}
}
]
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GiveWP WordPress plugin before 2.21.3 does not have CSRF in place when exporting data, and does not validate the exporting parameters such as dates, which could allow attackers to make a logged in admin DoS the web server via a CSRF attack as the plugin will try to retrieve data from the database many times which leads to overwhelm the target's CPU."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/831b3afa-8fa3-4cb7-8374-36d0c368292f",
"name": "https://wpscan.com/vulnerability/831b3afa-8fa3-4cb7-8374-36d0c368292f"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Raad Haddad"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

4
2022/2xxx/CVE-2022-2268.json
View File

@ -56,7 +56,7 @@
{
"description": [
{
"value": "CWE-94 Improper Control of Generation of Code ('Code Injection')",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "eng"
}
]
@ -72,4 +72,4 @@
"source": {
"discovery": "EXTERNAL"
}
}
}

87
2022/2xxx/CVE-2022-2273.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2273",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-2273",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Simple Membership < 4.1.3 - Membership Privilege Escalation"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Simple Membership",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.1.3",
"version_value": "4.1.3"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Simple Membership WordPress plugin before 4.1.3 does not properly validate the membership_level parameter when editing a profile, allowing members to escalate to a higher membership level by using a crafted POST request."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/724729d9-1c4a-485c-9c90-a27664c47c84",
"name": "https://wpscan.com/vulnerability/724729d9-1c4a-485c-9c90-a27664c47c84"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-269 Improper Privilege Management",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Jet Infosystems"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2022/2xxx/CVE-2022-2278.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2278",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-2278",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Featured Image from URL < 4.0.1 - Admin+ Stored Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Featured Image from URL (FIFU)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.0.1",
"version_value": "4.0.1"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Featured Image from URL (FIFU) WordPress plugin before 4.0.1 does not validate, sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/4481731d-4dbf-4bfa-b4cc-64f10bb7e7bf",
"name": "https://wpscan.com/vulnerability/4481731d-4dbf-4bfa-b4cc-64f10bb7e7bf"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Raad Haddad"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2022/2xxx/CVE-2022-2305.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2305",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-2305",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "WordPress Popup <= 1.9.3.8 - Admin+ Stored Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Popups WordPress Popup",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.9.3.8",
"version_value": "1.9.3.8"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WordPress Popup WordPress plugin through 1.9.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/ea0180cd-e018-43ea-88b9-fa8e71bf34bf",
"name": "https://wpscan.com/vulnerability/ea0180cd-e018-43ea-88b9-fa8e71bf34bf"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Raad Haddad"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2022/2xxx/CVE-2022-2317.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2317",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-2317",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Simple Membership < 4.1.3 - Unauthenticated Membership Privilege Escalation"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Simple Membership",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.1.3",
"version_value": "4.1.3"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Simple Membership WordPress plugin before 4.1.3 allows user to change their membership at the registration stage due to insufficient checking of a user supplied parameter."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/77b7ca19-294c-4480-8f57-6fddfc67fffb",
"name": "https://wpscan.com/vulnerability/77b7ca19-294c-4480-8f57-6fddfc67fffb"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-269 Improper Privilege Management",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Jet Infosystems"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2022/2xxx/CVE-2022-2325.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2325",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-2325",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Invitation Based Registrations <= 2.2.84 - Admin+ Stored Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Invitation Based Registrations",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2.2.84",
"version_value": "2.2.84"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Invitation Based Registrations WordPress plugin through 2.2.84 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/c8dcd7a7-5ad4-452c-a6a5-2362986656e4",
"name": "https://wpscan.com/vulnerability/c8dcd7a7-5ad4-452c-a6a5-2362986656e4"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "FengTao"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2022/2xxx/CVE-2022-2328.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2328",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-2328",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Flexi Quote Rotator <= 0.9.4 - Admin+ Stored Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Flexi Quote Rotator",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0.9.4",
"version_value": "0.9.4"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Flexi Quote Rotator WordPress plugin through 0.9.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/dbac391b-fc48-4e5e-b63a-2b3ddb0d5552",
"name": "https://wpscan.com/vulnerability/dbac391b-fc48-4e5e-b63a-2b3ddb0d5552"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Daniel Ruf"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

89
2022/2xxx/CVE-2022-2369.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2369",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-2369",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "YaySMTP < 2.2.1 - Subscriber+ Logs Disclosure"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "YaySMTP Simple WP SMTP Mail",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.2.1",
"version_value": "2.2.1"
}
]
}
}
]
}
}
]
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The YaySMTP WordPress plugin before 2.2.1 does not have capability check in an AJAX action, allowing any logged in users, such as subscriber to view the Logs of the plugin"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/9ec8d318-9d25-4868-94c6-7c16444c275d",
"name": "https://wpscan.com/vulnerability/9ec8d318-9d25-4868-94c6-7c16444c275d"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-862 Missing Authorization",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Rafshanzani Suhada"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2022/2xxx/CVE-2022-2370.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2370",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-2370",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "YaySMTP < 2.2.1 - Subscriber+ SMTP Credentials Leak"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "YaySMTP Simple WP SMTP Mail",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.2.1",
"version_value": "2.2.1"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The YaySMTP WordPress plugin before 2.2.1 does not have capability check before displaying the Mailer Credentials in JS code for the settings, allowing any authenticated users, such as subscriber to retrieve them"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/bedda2a9-6c52-478e-b17a-7a4488419334",
"name": "https://wpscan.com/vulnerability/bedda2a9-6c52-478e-b17a-7a4488419334"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-862 Missing Authorization",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Rafshanzani Suhada"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

55
2022/2xxx/CVE-2022-2509.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2509",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "GnuTLS",
"version": {
"version_data": [
{
"version_value": "gnutls 3.7.7(Fixed)"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Double Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-2509",
"url": "https://access.redhat.com/security/cve/CVE-2022-2509"
},
{
"refsource": "MISC",
"name": "https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html",
"url": "https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function."
}
]
}

176
2022/2xxx/CVE-2022-2522.json
View File

@ -1,89 +1,99 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2522",
"STATE": "PUBLIC",
"TITLE": "Heap-based Buffer Overflow in vim/vim"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vim/vim",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "9.0.0060"
}
]
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2522",
"STATE": "PUBLIC",
"TITLE": "Heap-based Buffer Overflow in vim/vim"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vim/vim",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "9.0.0060"
}
]
}
}
]
},
"vendor_name": "vim"
}
}
]
},
"vendor_name": "vim"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0060."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122 Heap-based Buffer Overflow"
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0060."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22"
},
{
"name": "https://github.com/vim/vim/commit/5fa9f23a63651a8abdb074b4fc2ec9b1adc6b089",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/5fa9f23a63651a8abdb074b4fc2ec9b1adc6b089"
}
]
},
"source": {
"advisory": "3a2d83af-9542-4d93-8784-98b115135a22",
"discovery": "EXTERNAL"
}
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122 Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22"
},
{
"name": "https://github.com/vim/vim/commit/5fa9f23a63651a8abdb074b4fc2ec9b1adc6b089",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/5fa9f23a63651a8abdb074b4fc2ec9b1adc6b089"
},
{
"refsource": "MISC",
"name": "https://github.com/vim/vim/commit/b9e717367c395490149495cf375911b5d9de889e",
"url": "https://github.com/vim/vim/commit/b9e717367c395490149495cf375911b5d9de889e"
},
{
"refsource": "MISC",
"name": "https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22/",
"url": "https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22/"
}
]
},
"source": {
"advisory": "3a2d83af-9542-4d93-8784-98b115135a22",
"discovery": "EXTERNAL"
}
}

101
2022/2xxx/CVE-2022-2571.json
View File

@ -1,18 +1,89 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2571",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2571",
"STATE": "PUBLIC",
"TITLE": "Heap-based Buffer Overflow in vim/vim"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vim/vim",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "9.0.0101"
}
]
}
}
]
},
"vendor_name": "vim"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122 Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/2e5a1dc4-2dfb-4e5f-8c70-e1ede21f3571",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/2e5a1dc4-2dfb-4e5f-8c70-e1ede21f3571"
},
{
"name": "https://github.com/vim/vim/commit/a6f9e300161f4cb54713da22f65b261595e8e614",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/a6f9e300161f4cb54713da22f65b261595e8e614"
}
]
},
"source": {
"advisory": "2e5a1dc4-2dfb-4e5f-8c70-e1ede21f3571",
"discovery": "EXTERNAL"
}
}

101
2022/2xxx/CVE-2022-2580.json
View File

@ -1,18 +1,89 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2580",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2580",
"STATE": "PUBLIC",
"TITLE": "Heap-based Buffer Overflow in vim/vim"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vim/vim",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "9.0.0102"
}
]
}
}
]
},
"vendor_name": "vim"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122 Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/c5f2f1d4-0441-4881-b19c-055acaa16249",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/c5f2f1d4-0441-4881-b19c-055acaa16249"
},
{
"name": "https://github.com/vim/vim/commit/1e56bda9048a9625bce6e660938c834c5c15b07d",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/1e56bda9048a9625bce6e660938c834c5c15b07d"
}
]
},
"source": {
"advisory": "c5f2f1d4-0441-4881-b19c-055acaa16249",
"discovery": "EXTERNAL"
}
}

101
2022/2xxx/CVE-2022-2581.json
View File

@ -1,18 +1,89 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2581",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2581",
"STATE": "PUBLIC",
"TITLE": "Out-of-bounds Read in vim/vim"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vim/vim",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "9.0.0104"
}
]
}
}
]
},
"vendor_name": "vim"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/0bedbae2-82ae-46ae-aa68-1c28b309b60b",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/0bedbae2-82ae-46ae-aa68-1c28b309b60b"
},
{
"name": "https://github.com/vim/vim/commit/f50940531dd57135fe60aa393ac9d3281f352d88",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/f50940531dd57135fe60aa393ac9d3281f352d88"
}
]
},
"source": {
"advisory": "0bedbae2-82ae-46ae-aa68-1c28b309b60b",
"discovery": "EXTERNAL"
}
}

101
2022/2xxx/CVE-2022-2589.json
View File

@ -1,18 +1,89 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2589",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2589",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Reflected in beancount/fava"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "beancount/fava",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "1.22.3"
}
]
}
}
]
},
"vendor_name": "beancount"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/8705800d-cf2f-433d-9c3e-dbef6a3f7e08",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/8705800d-cf2f-433d-9c3e-dbef6a3f7e08"
},
{
"name": "https://github.com/beancount/fava/commit/68bbb6e39319deb35ab9f18d0b6aa9fa70472539",
"refsource": "MISC",
"url": "https://github.com/beancount/fava/commit/68bbb6e39319deb35ab9f18d0b6aa9fa70472539"
}
]
},
"source": {
"advisory": "8705800d-cf2f-433d-9c3e-dbef6a3f7e08",
"discovery": "EXTERNAL"
}
}

18
2022/2xxx/CVE-2022-2592.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2592",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/2xxx/CVE-2022-2593.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2593",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/2xxx/CVE-2022-2594.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2594",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

89
2022/2xxx/CVE-2022-2595.json Normal file
View File

@ -0,0 +1,89 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2595",
"STATE": "PUBLIC",
"TITLE": "Improper Authorization in kromitgmbh/titra"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kromitgmbh/titra",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "0.79.1"
}
]
}
}
]
},
"vendor_name": "kromitgmbh"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Authorization in GitHub repository kromitgmbh/titra prior to 0.79.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/1c6afb84-2025-46d8-9e9f-cbfc20e5d04d",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/1c6afb84-2025-46d8-9e9f-cbfc20e5d04d"
},
{
"name": "https://github.com/kromitgmbh/titra/commit/fe8c3cdeb70e53b9f38f1022186ab16324d332c5",
"refsource": "MISC",
"url": "https://github.com/kromitgmbh/titra/commit/fe8c3cdeb70e53b9f38f1022186ab16324d332c5"
}
]
},
"source": {
"advisory": "1c6afb84-2025-46d8-9e9f-cbfc20e5d04d",
"discovery": "EXTERNAL"
}
}

89
2022/2xxx/CVE-2022-2596.json Normal file
View File

@ -0,0 +1,89 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2596",
"STATE": "PUBLIC",
"TITLE": "Denial of Service in node-fetch/node-fetch"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "node-fetch/node-fetch",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "3.2.10"
}
]
}
}
]
},
"vendor_name": "node-fetch"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Denial of Service in GitHub repository node-fetch/node-fetch prior to 3.2.10."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/a7e6a136-0a4b-46c4-ad20-802f1dd60bf7",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/a7e6a136-0a4b-46c4-ad20-802f1dd60bf7"
},
{
"name": "https://github.com/node-fetch/node-fetch/commit/28802387292baee467e042e168d92597b5bbbe3d",
"refsource": "MISC",
"url": "https://github.com/node-fetch/node-fetch/commit/28802387292baee467e042e168d92597b5bbbe3d"
}
]
},
"source": {
"advisory": "a7e6a136-0a4b-46c4-ad20-802f1dd60bf7",
"discovery": "EXTERNAL"
}
}

18
2022/2xxx/CVE-2022-2597.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2597",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

89
2022/2xxx/CVE-2022-2598.json Normal file
View File

@ -0,0 +1,89 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2598",
"STATE": "PUBLIC",
"TITLE": "Undefined Behavior for Input to API in vim/vim"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vim/vim",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "9.0.0100"
}
]
}
}
]
},
"vendor_name": "vim"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Undefined Behavior for Input to API in GitHub repository vim/vim prior to 9.0.0100."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-475 Undefined Behavior for Input to API"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/2f08363a-47a2-422d-a7de-ce96a89ad08e",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/2f08363a-47a2-422d-a7de-ce96a89ad08e"
},
{
"name": "https://github.com/vim/vim/commit/4e677b9c40ccbc5f090971b31dc2fe07bf05541d",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/4e677b9c40ccbc5f090971b31dc2fe07bf05541d"
}
]
},
"source": {
"advisory": "2f08363a-47a2-422d-a7de-ce96a89ad08e",
"discovery": "EXTERNAL"
}
}

18
2022/2xxx/CVE-2022-2599.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2599",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/2xxx/CVE-2022-2600.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2600",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

96
2022/30xxx/CVE-2022-30616.json
View File

@ -1,18 +1,96 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-30616",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"impact": {
"cvssv3": {
"BM": {
"UI": "N",
"SCORE": "8.000",
"PR": "H",
"AV": "N",
"A": "H",
"C": "H",
"AC": "H",
"I": "H",
"S": "C"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to elevate their privilege to platform administrator through manipulation of APIs. IBM X-Force ID: 227978.",
"lang": "eng"
}
]
},
"data_format": "MITRE",
"CVE_data_meta": {
"DATE_PUBLIC": "2022-07-29T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2022-30616",
"STATE": "PUBLIC"
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6608430 (Robotic Process Automation)",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6608430",
"name": "https://www.ibm.com/support/pages/node/6608430"
},
{
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"name": "ibm-rpa-cve202230616-priv-esc (227978)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/227978"
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Robotic Process Automation",
"version": {
"version_data": [
{
"version_value": "21.0.0"
},
{
"version_value": "21.0.1"
},
{
"version_value": "21.0.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
}
}

67
2022/30xxx/CVE-2022-30698.json
View File

@ -1,18 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sep@nlnetlabs.nl",
"DATE_PUBLIC": "2022-08-01T00:00:00.000Z",
"ID": "CVE-2022-30698",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Novel \"ghost domain names\" attack by introducing subdomain delegations"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "NLnet Labs",
"product": {
"product_data": [
{
"product_name": "Unbound",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "1.16.1"
}
]
}
}
]
}
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "We would like to thank Xiang Li from the Network and Information Security Lab of Tsinghua University for discovering and disclosing the vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the \"ghost domain names\" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates Unbound's delegation cache. This action can be repeated before expiry of the delegation information by querying Unbound for a second level subdomain which the rogue nameserver provides new delegation information. Since Unbound is a child-centric resolver, the ever-updating child delegation information can keep a rogue domain name resolvable long after revocation. From version 1.16.2 on, Unbound checks the validity of parent delegation records before using cached delegation information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-30698_CVE-2022-30699.txt",
"url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-30698_CVE-2022-30699.txt"
}
]
}
}
}

67
2022/30xxx/CVE-2022-30699.json
View File

@ -1,18 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sep@nlnetlabs.nl",
"DATE_PUBLIC": "2022-08-01T00:00:00.000Z",
"ID": "CVE-2022-30699",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Novel \"ghost domain names\" attack by updating almost expired delegation information"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "NLnet Labs",
"product": {
"product_data": [
{
"product_name": "Unbound",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "1.16.1"
}
]
}
}
]
}
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "We would like to thank Xiang Li from the Network and Information Security Lab of Tsinghua University for discovering and disclosing the vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the \"ghost domain names\" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation information is expired. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries. This action can be repeated when the delegation information is about to expire making the rogue delegation information ever-updating. From version 1.16.2 on, Unbound stores the start time for a query and uses that to decide if the cached delegation information can be overwritten."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-30698_CVE-2022-30699.txt",
"url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-30698_CVE-2022-30699.txt"
}
]
}
}
}

92
2022/33xxx/CVE-2022-33169.json
View File

@ -1,17 +1,95 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-33169",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"DATE_PUBLIC": "2022-07-29T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"data_type": "CVE",
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6608454 (Robotic Process Automation)",
"url": "https://www.ibm.com/support/pages/node/6608454",
"name": "https://www.ibm.com/support/pages/node/6608454"
},
{
"name": "ibm-rpa-cve202233169-sec-bypass (228888)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/228888",
"refsource": "XF",
"title": "X-Force Vulnerability Report"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Robotic Process Automation",
"version": {
"version_data": [
{
"version_value": "21.0.0"
},
{
"version_value": "21.0.1"
},
{
"version_value": "21.0.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass Security"
}
]
}
]
},
"impact": {
"cvssv3": {
"BM": {
"S": "U",
"A": "N",
"C": "N",
"I": "H",
"AC": "H",
"UI": "N",
"AV": "N",
"PR": "L",
"SCORE": "5.300"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to insufficiently protected credentials for users created via a bulk upload. IBM X-Force ID: 228888.",
"lang": "eng"
}
]
}

7
2022/34xxx/CVE-2022-34115.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId."
"value": "DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId."
}
]
},
@ -56,6 +56,11 @@
"url": "https://github.com/dataease/dataease/issues/2428",
"refsource": "MISC",
"name": "https://github.com/dataease/dataease/issues/2428"
},
{
"refsource": "MISC",
"name": "https://github.com/dataease/dataease/releases/tag/v1.11.2",
"url": "https://github.com/dataease/dataease/releases/tag/v1.11.2"
}
]
}

93
2022/34xxx/CVE-2022-34154.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-08-01T13:21:00.000Z",
"ID": "CVE-2022-34154",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress Enable SVG, WebP & ICO Upload plugin <= 1.0.1 - Authenticated Arbitrary File Upload vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Enable SVG, WebP & ICO Upload (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 1.0.1",
"version_value": "1.0.1"
}
]
}
}
]
},
"vendor_name": "ideasToCode"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Kim Jong Min aka Universe (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Authenticated (author or higher user role) Arbitrary File Upload vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin <= 1.0.1 at WordPress."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary File Upload"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/enable-svg-webp-ico-upload/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/enable-svg-webp-ico-upload/#developers"
},
{
"name": "https://patchstack.com/database/vulnerability/enable-svg-webp-ico-upload/wordpress-enable-svg-webp-ico-upload-plugin-1-0-1-authenticated-arbitrary-file-upload-vulnerability",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/enable-svg-webp-ico-upload/wordpress-enable-svg-webp-ico-upload-plugin-1-0-1-authenticated-arbitrary-file-upload-vulnerability"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

88
2022/34xxx/CVE-2022-34338.json
View File

@ -1,17 +1,95 @@
{
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "21.0.0"
},
{
"version_value": "21.0.1"
},
{
"version_value": "21.0.2"
}
]
},
"product_name": "Robotic Process Automation"
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6608606 (Robotic Process Automation)",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6608606",
"url": "https://www.ibm.com/support/pages/node/6608606"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229962",
"name": "ibm-rpa-cve202234338-info-disc (229962)",
"title": "X-Force Vulnerability Report",
"refsource": "XF"
}
]
},
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"DATE_PUBLIC": "2022-07-29T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2022-34338",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could disclose sensitive information due to improper privilege management for storage provider types. IBM X-Force ID: 229962.",
"lang": "eng"
}
]
},
"impact": {
"cvssv3": {
"BM": {
"S": "C",
"C": "H",
"A": "N",
"AC": "H",
"I": "N",
"UI": "N",
"SCORE": "5.800",
"AV": "N",
"PR": "H"
},
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
}

71
2022/34xxx/CVE-2022-34567.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34567",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-34567",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue in \\Roaming\\Mango\\Plugins of University of Texas Multi-image Analysis GUI (Mango) 4.1 allows attackers to escalate privileges via crafted plugins."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.redteam.tips/mango-vulnerability-disclosure-report/",
"refsource": "MISC",
"name": "https://www.redteam.tips/mango-vulnerability-disclosure-report/"
},
{
"url": "https://ric.uthscsa.edu/mango/index.html",
"refsource": "MISC",
"name": "https://ric.uthscsa.edu/mango/index.html"
},
{
"url": "https://ric.uthscsa.edu/mango/mango.html",
"refsource": "MISC",
"name": "https://ric.uthscsa.edu/mango/mango.html"
},
{
"url": "https://ric.uthscsa.edu/mango/develop.html",
"refsource": "MISC",
"name": "https://ric.uthscsa.edu/mango/develop.html"
}
]
}

84
2022/36xxx/CVE-2022-36301.json
View File

@ -4,15 +4,93 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-36301",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@bosch.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Bosch",
"product": {
"product_data": [
{
"product_name": "BF-OS",
"version": {
"version_data": [
{
"version_value": "3.83",
"version_affected": "<=",
"version_name": "3.0",
"platform": "Bigfish V3 (Linux)"
},
{
"version_value": "3.83",
"version_affected": "<=",
"version_name": "3.0",
"platform": "PR21 (Linux)"
},
{
"version_value": "3.83",
"version_affected": "<=",
"version_name": "3.0",
"platform": "VM (Windows)"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-521 Weak Password Requirements"
}
]
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
}
},
"references": {
"reference_data": [
{
"url": "https://psirt.bosch.com/security-advisories/bosch-sa-013924-bt.html",
"name": "https://psirt.bosch.com/security-advisories/bosch-sa-013924-bt.html",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "BF-OS version 3.x up to and including 3.83 do not enforce strong passwords which may allow a remote attacker to brute-force the device password."
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

84
2022/36xxx/CVE-2022-36302.json
View File

@ -4,15 +4,93 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-36302",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@bosch.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Bosch",
"product": {
"product_data": [
{
"product_name": "BF-OS",
"version": {
"version_data": [
{
"version_value": "3.83",
"version_affected": "<=",
"version_name": "3.0",
"platform": "Bigfish V3 (Linux)"
},
{
"version_value": "3.83",
"version_affected": "<=",
"version_name": "3.0",
"platform": "PR21 (Linux)"
},
{
"version_value": "3.83",
"version_affected": "<=",
"version_name": "3.0",
"platform": "VM (Windows)"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-641 Improper Restriction of Names for Files and Other Resources"
}
]
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
},
"references": {
"reference_data": [
{
"url": "https://psirt.bosch.com/security-advisories/bosch-sa-013924-bt.html",
"name": "https://psirt.bosch.com/security-advisories/bosch-sa-013924-bt.html",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "File path manipulation vulnerability in BF-OS version 3.00 up to and including 3.83 allows an attacker to modify the file path to access different resources, which may contain sensitive information."
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

93
2022/36xxx/CVE-2022-36343.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-08-01T13:16:00.000Z",
"ID": "CVE-2022-36343",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress Enable SVG, WebP & ICO Upload plugin <= 1.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Enable SVG, WebP & ICO Upload (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 1.0.1",
"version_value": "1.0.1"
}
]
}
}
]
},
"vendor_name": "ideasToCode"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Kim Jong Min aka Universe (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin <= 1.0.1 at WordPress."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://patchstack.com/database/vulnerability/enable-svg-webp-ico-upload/wordpress-enable-svg-webp-ico-upload-plugin-1-0-1-authenticated-stored-cross-site-scripting-xss-vulnerability",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/enable-svg-webp-ico-upload/wordpress-enable-svg-webp-ico-upload-plugin-1-0-1-authenticated-stored-cross-site-scripting-xss-vulnerability"
},
{
"name": "https://wordpress.org/plugins/enable-svg-webp-ico-upload/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/enable-svg-webp-ico-upload/#developers"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

104
2022/36xxx/CVE-2022-36799.json
View File

@ -1,18 +1,108 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2022-07-29T00:00:00",
"ID": "CVE-2022-36799",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jira Server",
"version": {
"version_data": [
{
"version_value": "8.13.19",
"version_affected": "<"
},
{
"version_value": "8.14.0",
"version_affected": ">="
},
{
"version_value": "8.20.7",
"version_affected": "<"
},
{
"version_value": "8.21.0",
"version_affected": ">="
},
{
"version_value": "8.22.1",
"version_affected": "<"
}
]
}
},
{
"product_name": "Jira Data Center",
"version": {
"version_data": [
{
"version_value": "8.13.19",
"version_affected": "<"
},
{
"version_value": "8.14.0",
"version_affected": ">="
},
{
"version_value": "8.20.7",
"version_affected": "<"
},
{
"version_value": "8.21.0",
"version_affected": ">="
},
{
"version_value": "8.22.1",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary code via Template Injection leading to Remote Code Execution (RCE) in the Email Templates feature. In this case the security improvement was to protect against using the XStream library to be able to execute arbitrary code in velocity templates. The affected versions are before version 8.13.19, from version 8.14.0 before 8.20.7, and from version 8.21.0 before 8.22.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution (RCE)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jira.atlassian.com/browse/JRASERVER-73582",
"refsource": "MISC",
"name": "https://jira.atlassian.com/browse/JRASERVER-73582"
}
]
}
}
}

Some files were not shown because too many files have changed in this diff Show More