admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-11-03 18:00:36 +00:00
parent 540edec517
commit 653108d176
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
15 changed files with 458 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
2022/21xxx/CVE-2022-21618.json
View File

@ -91,6 +91,16 @@
"refsource": "FEDORA",
"name": "FEDORA-2022-1c07902a5e",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-f76014ae17",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXSBV3W6EP6B7XJ63Z2FPVBH6HAPGJ5T/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-d989953883",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R/"
}
]
}

15
2022/21xxx/CVE-2022-21619.json
View File

@ -112,6 +112,21 @@
"refsource": "FEDORA",
"name": "FEDORA-2022-1c07902a5e",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-361f34f2a9",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HNGMDNIHAA73BEX6XPA2IMXJSGOKKYE6/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-f76014ae17",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXSBV3W6EP6B7XJ63Z2FPVBH6HAPGJ5T/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-d989953883",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R/"
}
]
}

15
2022/21xxx/CVE-2022-21624.json
View File

@ -112,6 +112,21 @@
"refsource": "FEDORA",
"name": "FEDORA-2022-1c07902a5e",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-361f34f2a9",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HNGMDNIHAA73BEX6XPA2IMXJSGOKKYE6/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-f76014ae17",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXSBV3W6EP6B7XJ63Z2FPVBH6HAPGJ5T/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-d989953883",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R/"
}
]
}

10
2022/21xxx/CVE-2022-21626.json
View File

@ -99,6 +99,16 @@
"refsource": "FEDORA",
"name": "FEDORA-2022-1c07902a5e",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-361f34f2a9",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HNGMDNIHAA73BEX6XPA2IMXJSGOKKYE6/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-d989953883",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R/"
}
]
}

15
2022/21xxx/CVE-2022-21628.json
View File

@ -112,6 +112,21 @@
"refsource": "FEDORA",
"name": "FEDORA-2022-1c07902a5e",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-361f34f2a9",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HNGMDNIHAA73BEX6XPA2IMXJSGOKKYE6/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-f76014ae17",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXSBV3W6EP6B7XJ63Z2FPVBH6HAPGJ5T/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-d989953883",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R/"
}
]
}

5
2022/37xxx/CVE-2022-37454.json
View File

@ -96,6 +96,11 @@
"refsource": "DEBIAN",
"name": "DSA-5269",
"url": "https://www.debian.org/security/2022/dsa-5269"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-1ecc10276e",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/"
}
]
}

5
2022/39xxx/CVE-2022-39399.json
View File

@ -94,6 +94,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2022-5d494ab9ab",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-f76014ae17",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXSBV3W6EP6B7XJ63Z2FPVBH6HAPGJ5T/"
}
]
}

5
2022/3xxx/CVE-2022-3602.json
View File

@ -236,6 +236,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/3"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221103 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/5"
}
]
}

96
2022/3xxx/CVE-2022-3675.json
View File

@ -1,17 +1,105 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3675",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "patrick@puiterwijk.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Fedora CoreOS supports setting a GRUB bootloader password using a Butane config. When this feature is enabled, GRUB requires a password to access the GRUB command-line, modify kernel command-line arguments, or boot non-default OSTree deployments. Recent Fedora CoreOS releases have a misconfiguration which allows booting non-default OSTree deployments without entering a password. This allows someone with access to the GRUB menu to boot into an older version of Fedora CoreOS, reverting any security fixes that have recently been applied to the machine. A password is still required to modify kernel command-line arguments and to access the GRUB command line."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fedora Project",
"product": {
"product_data": [
{
"product_name": "CoreOS",
"version": {
"version_data": [
{
"version_value": "testing 36.20220906.2.0 and later",
"version_affected": "="
},
{
"version_value": "next 36.20220906.1.0 and later",
"version_affected": "="
},
{
"version_value": "stable 36.20220820.3.0 and later",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/coreos/fedora-coreos-tracker/issues/1333",
"refsource": "MISC",
"name": "https://github.com/coreos/fedora-coreos-tracker/issues/1333"
},
{
"url": "https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/thread/NHUCNH5Y4UH5DPUCXISYXXVA563TLFEJ/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/thread/NHUCNH5Y4UH5DPUCXISYXXVA563TLFEJ/"
},
{
"url": "https://docs.fedoraproject.org/en-US/fedora-coreos/grub-password/",
"refsource": "MISC",
"name": "https://docs.fedoraproject.org/en-US/fedora-coreos/grub-password/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
]
}

5
2022/3xxx/CVE-2022-3786.json
View File

@ -236,6 +236,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/3"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221103 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/5"
}
]
}

79
2022/3xxx/CVE-2022-3852.json
View File

@ -1,17 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3852",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.3. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to delete, and modify calendars as well as the plugin settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "innate-images-llc",
"product": {
"product_data": [
{
"product_name": "VR Calendar",
"version": {
"version_data": [
{
"version_value": "*",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://plugins.trac.wordpress.org/browser/vr-calendar-sync/tags/2.3.2/Admin/Classes/VRCalendarAdmin.class.php#L133",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/vr-calendar-sync/tags/2.3.2/Admin/Classes/VRCalendarAdmin.class.php#L133"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2809350%40vr-calendar-sync&new=2809350%40vr-calendar-sync&sfp_email=&sfph_mail=",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2809350%40vr-calendar-sync&new=2809350%40vr-calendar-sync&sfp_email=&sfph_mail="
},
{
"url": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-3852",
"refsource": "MISC",
"name": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-3852"
}
]
},
"credits": [
{
"lang": "en",
"value": "Marco Wotschka"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

55
2022/42xxx/CVE-2022-42750.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42750",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "help@fluidattacks.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "CandidATS",
"version": {
"version_data": [
{
"version_value": "3.0.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stored cross-site scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://candidats.net/",
"url": "https://candidats.net/"
},
{
"refsource": "MISC",
"name": "https://fluidattacks.com/advisories/castles/",
"url": "https://fluidattacks.com/advisories/castles/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "CandidATS version 3.0.0 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the files uploaded by the user."
}
]
}

55
2022/42xxx/CVE-2022-42751.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42751",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "help@fluidattacks.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "CandidATS",
"version": {
"version_data": [
{
"version_value": "3.0.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://fluidattacks.com/advisories/londra/",
"url": "https://fluidattacks.com/advisories/londra/"
},
{
"refsource": "MISC",
"name": "https://candidats.net/",
"url": "https://candidats.net/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "CandidATS version 3.0.0 allows an external attacker to elevate privileges in the application. This is possible because the application suffers from CSRF. This allows to persuade an administrator to create a new account with administrative permissions."
}
]
}

55
2022/42xxx/CVE-2022-42753.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42753",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "help@fluidattacks.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "SalonERP",
"version": {
"version_data": [
{
"version_value": "3.0.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected cross-site scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://salonerp.sourceforge.io/",
"url": "https://salonerp.sourceforge.io/"
},
{
"refsource": "MISC",
"name": "https://fluidattacks.com/advisories/hardway/",
"url": "https://fluidattacks.com/advisories/hardway/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SalonERP version 3.0.2 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the page parameter against XSS attacks."
}
]
}

56
2022/43xxx/CVE-2022-43372.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-43372",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-43372",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Emlog Pro v1.7.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability at /admin/store.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/emlog/emlog/issues/195",
"refsource": "MISC",
"name": "https://github.com/emlog/emlog/issues/195"
}
]
}