admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-10-18 11:00:34 +00:00
parent f627693b11
commit 604543a6df
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
10 changed files with 161 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
2021/3xxx/CVE-2021-3305.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3305",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-3305",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Beijing Feishu Technology Co., Ltd Feishu v3.40.3 was discovered to contain an untrusted search path vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://beijing.com",
"refsource": "MISC",
"name": "http://beijing.com"
},
{
"url": "http://feishu.com",
"refsource": "MISC",
"name": "http://feishu.com"
},
{
"refsource": "MISC",
"name": "https://github.com/liong007/Feishu/issues/1",
"url": "https://github.com/liong007/Feishu/issues/1"
}
]
}

2
2022/31xxx/CVE-2022-31122.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "Wire is an encrypted communication and collaboration platform. Versions prior to 2022-07-12/Chart 4.19.0 are subject to Token Recipient Confusion. If an attacker has certain details of SAML IdP metadata, and configures their own SAML on the same backend, the attacker can delete all SAML authenticated accounts of a targeted team, Authenticate as a user of the attacked team and create arbitrary accounts in the context of the team if it is not managed by SCIM. This issue is fixed in wire-server 2022-07-12 and is already deployed on all Wire managed services. On-premise instances of wire-server need to be updated to 2022-07-12/Chart 4.19.0, so that their backends are no longer affected. As a workaround, the risk of an attack can be reduced by disabling SAML configuration for teams (galley.config.settings.featureFlags.sso). Helm overrides are located in `values/wire-server/values.yaml` Note that the ability to configure SAML SSO as a team is disabled by default for on-premise installations."
"value": "Wire is an encrypted communication and collaboration platform. Versions prior to 2022-07-12/Chart 4.19.0 are subject to Token Recipient Confusion. If an attacker has certain details of SAML IdP metadata, and configures their own SAML on the same backend, the attacker can delete all SAML authenticated accounts of a targeted team, Authenticate as a user of the attacked team and create arbitrary accounts in the context of the team if it is not managed by SCIM. This issue is fixed in wire-server 2022-07-12 and is already deployed on all Wire managed services. On-premise instances of wire-server need to be updated to 2022-07-12/Chart 4.19.0, so that their backends are no longer affected. As a workaround, the risk of an attack can be reduced by disabling SAML configuration for teams (galley.config.settings.featureFlags.sso). Helm overrides are located in `values/wire-server/values.yaml` Note that the ability to configure SAML SSO as a team is disabled by default for on-premise installations."
}
]
},

12
2022/3xxx/CVE-2022-3579.json
View File

@ -49,7 +49,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as critical was found in SourceCodester Cashier Queuing System 1.0. This vulnerability affects unknown code of the file \/queuing\/login.php of the component Login Page. The manipulation of the argument username\/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-211186 is the identifier assigned to this vulnerability."
"value": "A vulnerability classified as critical was found in SourceCodester Cashier Queuing System 1.0. This vulnerability affects unknown code of the file /queuing/login.php of the component Login Page. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-211186 is the identifier assigned to this vulnerability."
}
]
},
@ -57,16 +57,20 @@
"cvss": {
"version": "3.1",
"baseScore": "6.3",
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L"
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/github.com\/DisguisedRoot\/Exploit\/blob\/main\/SQLInj\/POC"
"url": "https://github.com/DisguisedRoot/Exploit/blob/main/SQLInj/POC",
"refsource": "MISC",
"name": "https://github.com/DisguisedRoot/Exploit/blob/main/SQLInj/POC"
},
{
"url": "https:\/\/vuldb.com\/?id.211186"
"url": "https://vuldb.com/?id.211186",
"refsource": "MISC",
"name": "https://vuldb.com/?id.211186"
}
]
}

6
2022/3xxx/CVE-2022-3580.json
View File

@ -57,13 +57,15 @@
"cvss": {
"version": "3.1",
"baseScore": "2.4",
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:H\/UI:R\/S:U\/C:N\/I:L\/A:N"
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/vuldb.com\/?id.211187"
"url": "https://vuldb.com/?id.211187",
"refsource": "MISC",
"name": "https://vuldb.com/?id.211187"
}
]
}

6
2022/3xxx/CVE-2022-3581.json
View File

@ -57,13 +57,15 @@
"cvss": {
"version": "3.1",
"baseScore": "2.4",
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:H\/UI:R\/S:U\/C:N\/I:L\/A:N"
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/vuldb.com\/?id.211188"
"url": "https://vuldb.com/?id.211188",
"refsource": "MISC",
"name": "https://vuldb.com/?id.211188"
}
]
}

10
2022/3xxx/CVE-2022-3582.json
View File

@ -57,16 +57,20 @@
"cvss": {
"version": "3.1",
"baseScore": "4.3",
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:L\/A:N"
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/github.com\/jusstSahil\/CSRF-\/blob\/main\/POC"
"url": "https://github.com/jusstSahil/CSRF-/blob/main/POC",
"refsource": "MISC",
"name": "https://github.com/jusstSahil/CSRF-/blob/main/POC"
},
{
"url": "https:\/\/vuldb.com\/?id.211189"
"url": "https://vuldb.com/?id.211189",
"refsource": "MISC",
"name": "https://vuldb.com/?id.211189"
}
]
}

10
2022/3xxx/CVE-2022-3583.json
View File

@ -57,16 +57,20 @@
"cvss": {
"version": "3.1",
"baseScore": "7.3",
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:L"
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/github.com\/joinia\/webray.com.cn\/blob\/main\/Canteen-Management-System\/Canteensql1.md"
"url": "https://github.com/joinia/webray.com.cn/blob/main/Canteen-Management-System/Canteensql1.md",
"refsource": "MISC",
"name": "https://github.com/joinia/webray.com.cn/blob/main/Canteen-Management-System/Canteensql1.md"
},
{
"url": "https:\/\/vuldb.com\/?id.211192"
"url": "https://vuldb.com/?id.211192",
"refsource": "MISC",
"name": "https://vuldb.com/?id.211192"
}
]
}

10
2022/3xxx/CVE-2022-3584.json
View File

@ -57,16 +57,20 @@
"cvss": {
"version": "3.1",
"baseScore": "6.3",
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L"
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/github.com\/joinia\/webray.com.cn\/blob\/main\/Canteen-Management-System\/Canteensql2.md"
"url": "https://github.com/joinia/webray.com.cn/blob/main/Canteen-Management-System/Canteensql2.md",
"refsource": "MISC",
"name": "https://github.com/joinia/webray.com.cn/blob/main/Canteen-Management-System/Canteensql2.md"
},
{
"url": "https:\/\/vuldb.com\/?id.211193"
"url": "https://vuldb.com/?id.211193",
"refsource": "MISC",
"name": "https://vuldb.com/?id.211193"
}
]
}

12
2022/3xxx/CVE-2022-3585.json
View File

@ -49,7 +49,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as problematic has been found in SourceCodester Simple Cold Storage Management System 1.0. Affected is an unknown function of the file \/csms\/?page=contact_us of the component Contact Us. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-211194 is the identifier assigned to this vulnerability."
"value": "A vulnerability classified as problematic has been found in SourceCodester Simple Cold Storage Management System 1.0. Affected is an unknown function of the file /csms/?page=contact_us of the component Contact Us. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-211194 is the identifier assigned to this vulnerability."
}
]
},
@ -57,16 +57,20 @@
"cvss": {
"version": "3.1",
"baseScore": "4.3",
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:L\/A:N"
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/github.com\/souravkr529\/CSRF-in-Cold-Storage-Management-System\/blob\/main\/PoC"
"url": "https://github.com/souravkr529/CSRF-in-Cold-Storage-Management-System/blob/main/PoC",
"refsource": "MISC",
"name": "https://github.com/souravkr529/CSRF-in-Cold-Storage-Management-System/blob/main/PoC"
},
{
"url": "https:\/\/vuldb.com\/?id.211194"
"url": "https://vuldb.com/?id.211194",
"refsource": "MISC",
"name": "https://vuldb.com/?id.211194"
}
]
}

61
2022/40xxx/CVE-2022-40889.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-40889",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-40889",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Phpok 6.1 has a deserialization vulnerability via framework/phpok_call.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/qinggan/phpok/issues/13",
"refsource": "MISC",
"name": "https://github.com/qinggan/phpok/issues/13"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/T4rnRookie/e644c1dd8e025ab10fc3e3e4bfad2161",
"url": "https://gist.github.com/T4rnRookie/e644c1dd8e025ab10fc3e3e4bfad2161"
}
]
}