admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-03-28 13:01:29 +00:00
parent 0387ab9031
commit 6a203f305e
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
3 changed files with 214 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
2021/43xxx/CVE-2021-43725.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-43725",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-43725",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below, which allows remote attackers to inject arbitrary web script or HTML via the data[performredirect] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/spotweb/spotweb/issues/718",
"refsource": "MISC",
"name": "https://github.com/spotweb/spotweb/issues/718"
},
{
"url": "https://github.com/spotweb/spotweb/commit/2bfa001689aae96009688a193c64478647ba45a1",
"refsource": "MISC",
"name": "https://github.com/spotweb/spotweb/commit/2bfa001689aae96009688a193c64478647ba45a1"
}
]
}

110
2022/0xxx/CVE-2022-0342.json
View File

@ -1 +1,109 @@
{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ASSIGNER":"PSIRT@zyxel.com.tw","ID":"CVE-2022-0342"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Zyxel","product":{"product_data":[{"product_name":"USG/ZyWALL series firmware","version":{"version_data":[{"version_value":"4.20 through 4.70"}]}},{"product_name":"USG FLEX series firmware","version":{"version_data":[{"version_value":"4.50 through 5.20"}]}},{"product_name":"ATP series firmware","version":{"version_data":[{"version_value":"4.32 through 5.20"}]}},{"product_name":"VPN series firmware","version":{"version_data":[{"version_value":"4.30 through 5.20"}]}},{"product_name":"NSG series firmware","version":{"version_data":[{"version_value":"1.20 through 1.33 Patch 4"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-287: Improper Authentication"}]}]},"references":{"reference_data":[{"refsource":"CONFIRM","name":"https://www.zyxel.com/support/Zyxel-security-advisory-for-authentication-bypass-vulnerability-of-firewalls.shtml","url":"https://www.zyxel.com/support/Zyxel-security-advisory-for-authentication-bypass-vulnerability-of-firewalls.shtml"}]},"impact":{"cvss":{"baseScore":"9.8","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},"description":{"description_data":[{"lang":"eng","value":"An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device."}]}}
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@zyxel.com.tw",
"ID": "CVE-2022-0342",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Zyxel",
"product": {
"product_data": [
{
"product_name": "USG/ZyWALL series firmware",
"version": {
"version_data": [
{
"version_value": "4.20 through 4.70"
}
]
}
},
{
"product_name": "USG FLEX series firmware",
"version": {
"version_data": [
{
"version_value": "4.50 through 5.20"
}
]
}
},
{
"product_name": "ATP series firmware",
"version": {
"version_data": [
{
"version_value": "4.32 through 5.20"
}
]
}
},
{
"product_name": "VPN series firmware",
"version": {
"version_data": [
{
"version_value": "4.30 through 5.20"
}
]
}
},
{
"product_name": "NSG series firmware",
"version": {
"version_data": [
{
"version_value": "1.20 through 1.33 Patch 4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.zyxel.com/support/Zyxel-security-advisory-for-authentication-bypass-vulnerability-of-firewalls.shtml",
"url": "https://www.zyxel.com/support/Zyxel-security-advisory-for-authentication-bypass-vulnerability-of-firewalls.shtml"
}
]
},
"impact": {
"cvss": {
"baseScore": "9.8",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device."
}
]
}
}

56
2022/23xxx/CVE-2022-23884.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-23884",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-23884",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Mojang Bedrock Dedicated Server 1.18.2 is affected by an integer overflow leading to a bound check bypass caused by PurchaseReceiptPacket::_read (packet deserializer)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://s3.bmp.ovh/imgs/2022/01/962e0c75f5969cfb.png",
"refsource": "MISC",
"name": "https://s3.bmp.ovh/imgs/2022/01/962e0c75f5969cfb.png"
}
]
}