admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-05-04 18:01:36 +00:00
parent e72ab6c988
commit 73759c1fc4
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
22 changed files with 400 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

83
2022/1xxx/CVE-2022-1584.json
View File

@ -1,18 +1,89 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1584",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Reflected XSS in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "1.2.16"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/69f4ca67-d615-4f25-b2d1-19df7bf1107d",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/69f4ca67-d615-4f25-b2d1-19df7bf1107d"
},
{
"name": "https://github.com/microweber/microweber/commit/527abd148e6b7aff8df92a9f1aa951e5bebac59c",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/527abd148e6b7aff8df92a9f1aa951e5bebac59c"
}
]
},
"source": {
"advisory": "69f4ca67-d615-4f25-b2d1-19df7bf1107d",
"discovery": "EXTERNAL"
}
}

4
2022/20xxx/CVE-2022-20734.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "\r A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, local attacker to view sensitive information on an affected system.\r This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system.\r "
"value": "A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, local attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system."
}
]
},
@ -83,4 +83,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2022/20xxx/CVE-2022-20753.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "\r A vulnerability in web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device.\r This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious input to an affected device. A successful exploit could allow the attacker to execute remote code on the affected device. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.\r "
"value": "A vulnerability in web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious input to an affected device. A successful exploit could allow the attacker to execute remote code on the affected device. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device."
}
]
},
@ -85,4 +85,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2022/20xxx/CVE-2022-20764.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an attacker-controlled destination.\r For more information about these vulnerabilities, see the Details section of this advisory.\r "
"value": "Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an attacker-controlled destination. For more information about these vulnerabilities, see the Details section of this advisory."
}
]
},
@ -85,4 +85,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2022/20xxx/CVE-2022-20770.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "\r On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed:\r \r A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.\r \r For a description of this vulnerability, see the ClamAV blog.\r This advisory will be updated as additional information becomes available.\r "
"value": "On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available."
}
]
},
@ -85,4 +85,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2022/20xxx/CVE-2022-20771.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "\r On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed:\r \r A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.\r \r For a description of this vulnerability, see the ClamAV blog.\r This advisory will be updated as additional information becomes available.\r "
"value": "On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available."
}
]
},
@ -85,4 +85,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2022/20xxx/CVE-2022-20777.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": " Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM.\r For more information about these vulnerabilities, see the Details section of this advisory.\r "
"value": "Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory."
}
]
},
@ -85,4 +85,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2022/20xxx/CVE-2022-20779.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": " Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM.\r For more information about these vulnerabilities, see the Details section of this advisory.\r "
"value": "Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory."
}
]
},
@ -85,4 +85,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2022/20xxx/CVE-2022-20780.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": " Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM.\r For more information about these vulnerabilities, see the Details section of this advisory.\r "
"value": "Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory."
}
]
},
@ -85,4 +85,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2022/20xxx/CVE-2022-20785.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "\r On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed:\r \r A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.\r \r For a description of this vulnerability, see the ClamAV blog.\r This advisory will be updated as additional information becomes available.\r "
"value": "On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available."
}
]
},
@ -85,4 +85,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2022/20xxx/CVE-2022-20794.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an attacker-controlled destination.\r For more information about these vulnerabilities, see the Details section of this advisory.\r "
"value": "Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an attacker-controlled destination. For more information about these vulnerabilities, see the Details section of this advisory."
}
]
},
@ -85,4 +85,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2022/20xxx/CVE-2022-20796.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "\r On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed:\r \r A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device.\r \r For a description of this vulnerability, see the ClamAV blog.\r "
"value": "On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog."
}
]
},
@ -85,4 +85,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2022/20xxx/CVE-2022-20799.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "\r Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device.\r These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system of the affected device. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device.\r "
"value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system of the affected device. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device."
}
]
},
@ -85,4 +85,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2022/20xxx/CVE-2022-20801.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "\r Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device.\r These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system of the affected device. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device.\r "
"value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system of the affected device. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device."
}
]
},
@ -85,4 +85,4 @@
],
"discovery": "INTERNAL"
}
}
}

2
2022/24xxx/CVE-2022-24193.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "CasaOS before v0.2.7 was discovered to contain a command injection vulnerability via the component leave or join zerotier api."
"value": "CasaOS before v0.2.7 was discovered to contain a command injection vulnerability."
}
]
},

84
2022/25xxx/CVE-2022-25786.json
View File

@ -1,18 +1,90 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "VulnerabilityReporting@secomea.com",
"ID": "CVE-2022-25786",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "GateManager debug interface is included in production builds"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GateManager",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "all",
"version_value": "9.7"
}
]
}
}
]
},
"vendor_name": "Secomea"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information. This issue affects: GateManager all versions prior to 9.7."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-420 Unprotected Alternate Channel"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.secomea.com/support/cybersecurity-advisory/",
"name": "https://www.secomea.com/support/cybersecurity-advisory/"
}
]
},
"source": {
"defect": [
"RD-5457"
],
"discovery": "INTERNAL"
}
}

5
2022/27xxx/CVE-2022-27311.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://github.com/amro/gibbon/commit/b2eb99ed304d7491a6d348a5bbdc83a008fc6e0b",
"url": "https://github.com/amro/gibbon/commit/b2eb99ed304d7491a6d348a5bbdc83a008fc6e0b"
},
{
"refsource": "MISC",
"name": "https://github.com/amro/gibbon/commit/cade20ca2438cd1b182dad70cbb77fb895779d10",
"url": "https://github.com/amro/gibbon/commit/cade20ca2438cd1b182dad70cbb77fb895779d10"
}
]
}

61
2022/29xxx/CVE-2022-29942.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-29942",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-29942",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Talend Administration Center has a vulnerability that allows an authenticated user to use the Service Registry 'Add' functionality to perform SSRF HTTP GET requests on URLs in the internal network. The issue is fixed for versions 8.0.x in TPS-5189, versions 7.3.x in TPS-5175, and versions 7.2.x in TPS-5201. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://Talend.com",
"refsource": "MISC",
"name": "https://Talend.com"
},
{
"refsource": "MISC",
"name": "https://www.talend.com/security/incident-response/#CVE-2022-29942",
"url": "https://www.talend.com/security/incident-response/#CVE-2022-29942"
}
]
}

61
2022/29xxx/CVE-2022-29943.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-29943",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-29943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Talend Administration Center has a vulnerability that allows an authenticated user to use XML External Entity (XXE) processing to achieve read access as root on the remote filesystem. The issue is fixed for versions 8.0.x in TPS-5189, versions 7.3.x in TPS-5175, and versions 7.2.x in TPS-5201. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://Talend.com",
"refsource": "MISC",
"name": "https://Talend.com"
},
{
"refsource": "MISC",
"name": "https://www.talend.com/security/incident-response/#CVE-2022-29942",
"url": "https://www.talend.com/security/incident-response/#CVE-2022-29942"
}
]
}

18
2022/30xxx/CVE-2022-30239.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-30239",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/30xxx/CVE-2022-30240.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-30240",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

67
2022/30xxx/CVE-2022-30241.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-30241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The jquery.json-viewer library through 1.4.0 for Node.js does not properly escape characters such as < in a JSON object, as demonstrated by a SCRIPT element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/abodelot/jquery.json-viewer/pull/26",
"refsource": "MISC",
"name": "https://github.com/abodelot/jquery.json-viewer/pull/26"
},
{
"url": "https://www.npmjs.com/package/jquery.json-viewer",
"refsource": "MISC",
"name": "https://www.npmjs.com/package/jquery.json-viewer"
}
]
}
}