admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-12-24 22:00:35 +00:00
parent d6f7daf535
commit 750b39d77f
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
24 changed files with 1385 additions and 835 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
2020/36xxx/CVE-2020-36620.json
View File

@ -1,15 +1,37 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-36620",
"TITLE": "Brondahl EnumStringValues EnumExtensions.cs GetStringValuesWithPreferences_Uncache resource consumption",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Brondahl EnumStringValues up to 4.0.0. It has been declared as problematic. This vulnerability affects the function GetStringValuesWithPreferences_Uncache of the file EnumStringValues/EnumExtensions.cs. The manipulation leads to resource consumption. Upgrading to version 4.0.1 is able to address this issue. The name of the patch is c0fc7806beb24883cc2f9543ebc50c0820297307. It is recommended to upgrade the affected component. VDB-216466 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "In Brondahl EnumStringValues bis 4.0.0 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Das betrifft die Funktion GetStringValuesWithPreferences_Uncache der Datei EnumStringValues/EnumExtensions.cs. Durch Manipulieren mit unbekannten Daten kann eine resource consumption-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 4.0.1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als c0fc7806beb24883cc2f9543ebc50c0820297307 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -22,7 +44,8 @@
"version": {
"version_data": [
{
"version_value": "4.0.1"
"version_value": "4.0",
"version_affected": "="
}
]
}
@ -33,33 +56,6 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Denial of Service -> CWE-400 Resource Consumption"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Brondahl EnumStringValues 4.0.1. It has been declared as problematic. This vulnerability affects the function GetStringValuesWithPreferences_Uncache of the file EnumStringValues/EnumExtensions.cs. The manipulation leads to resource consumption. Upgrading to version 4.0.2 is able to address this issue. The name of the patch is c0fc7806beb24883cc2f9543ebc50c0820297307. It is recommended to upgrade the affected component. VDB-216466 is the identifier assigned to this vulnerability."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "3.5",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
}
},
"references": {
"reference_data": [
{
@ -67,15 +63,31 @@
"refsource": "MISC",
"name": "https://github.com/Brondahl/EnumStringValues/commit/c0fc7806beb24883cc2f9543ebc50c0820297307"
},
{
"url": "https://github.com/Brondahl/EnumStringValues/releases/tag/4.0.2",
"refsource": "MISC",
"name": "https://github.com/Brondahl/EnumStringValues/releases/tag/4.0.2"
},
{
"url": "https://vuldb.com/?id.216466",
"refsource": "MISC",
"name": "https://vuldb.com/?id.216466"
},
{
"url": "https://github.com/Brondahl/EnumStringValues/releases/tag/4.0.1",
"refsource": "MISC",
"name": "https://github.com/Brondahl/EnumStringValues/releases/tag/4.0.1"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"baseSeverity": "LOW"
}
]
}

89
2020/36xxx/CVE-2020-36624.json
View File

@ -1,15 +1,37 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-36624",
"TITLE": "ahorner text-helpers translation.rb reverse tabnabbing",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in ahorner text-helpers up to 1.0.x. It has been declared as critical. This vulnerability affects unknown code of the file lib/text_helpers/translation.rb. The manipulation of the argument link leads to use of web link to untrusted target with window.opener access. The attack can be initiated remotely. Upgrading to version 1.1.0 is able to address this issue. The name of the patch is 184b60ded0e43c985788582aca2d1e746f9405a3. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216520."
},
{
"lang": "deu",
"value": "In ahorner text-helpers bis 1.0.x wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei lib/text_helpers/translation.rb. Durch das Manipulieren des Arguments link mit unbekannten Daten kann eine use of web link to untrusted target with window.opener access-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 1.1.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 184b60ded0e43c985788582aca2d1e746f9405a3 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1022 Use of Web Link to Untrusted Target with window.opener Access",
"cweId": "CWE-1022"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -22,10 +44,8 @@
"version": {
"version_data": [
{
"version_value": "1.1.0"
},
{
"version_value": "1.1.1"
"version_value": "1.0",
"version_affected": "="
}
]
}
@ -36,33 +56,6 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-266 Incorrect Privilege Assignment -> CWE-1022 Use of Web Link to Untrusted Target with window.opener Access"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in ahorner text-helpers 1.1.0/1.1.1. It has been declared as critical. This vulnerability affects unknown code of the file lib/text_helpers/translation.rb. The manipulation of the argument link leads to use of web link to untrusted target with window.opener access. The attack can be initiated remotely. Upgrading to version 1.2.0 is able to address this issue. The name of the patch is 184b60ded0e43c985788582aca2d1e746f9405a3. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216520."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
@ -70,11 +63,6 @@
"refsource": "MISC",
"name": "https://github.com/ahorner/text-helpers/pull/19"
},
{
"url": "https://github.com/ahorner/text-helpers/releases/tag/v1.2.0",
"refsource": "MISC",
"name": "https://github.com/ahorner/text-helpers/releases/tag/v1.2.0"
},
{
"url": "https://github.com/ahorner/text-helpers/commit/184b60ded0e43c985788582aca2d1e746f9405a3",
"refsource": "MISC",
@ -84,6 +72,27 @@
"url": "https://vuldb.com/?id.216520",
"refsource": "MISC",
"name": "https://vuldb.com/?id.216520"
},
{
"url": "https://github.com/ahorner/text-helpers/releases/tag/v1.1.0",
"refsource": "MISC",
"name": "https://github.com/ahorner/text-helpers/releases/tag/v1.1.0"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
}
]
}

95
2021/4xxx/CVE-2021-4250.json
View File

@ -1,15 +1,37 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-4250",
"TITLE": "cgriego active_attr Regex boolean_typecaster.rb call denial of service",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as problematic has been found in cgriego active_attr up to 0.15.2. This affects the function call of the file lib/active_attr/typecasting/boolean_typecaster.rb of the component Regex Handler. The manipulation of the argument value leads to denial of service. The exploit has been disclosed to the public and may be used. Upgrading to version 0.15.3 is able to address this issue. The name of the patch is dab95e5843b01525444b82bd7b336ef1d79377df. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216207."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in cgriego active_attr bis 0.15.2 entdeckt. Sie wurde als problematisch eingestuft. Es geht dabei um die Funktion call der Datei lib/active_attr/typecasting/boolean_typecaster.rb der Komponente Regex Handler. Mit der Manipulation des Arguments value mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 0.15.3 vermag dieses Problem zu l\u00f6sen. Der Patch wird als dab95e5843b01525444b82bd7b336ef1d79377df bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Denial of Service",
"cweId": "CWE-404"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -22,16 +44,16 @@
"version": {
"version_data": [
{
"version_value": "0.15.0"
"version_value": "0.15.0",
"version_affected": "="
},
{
"version_value": "0.15.1"
"version_value": "0.15.1",
"version_affected": "="
},
{
"version_value": "0.15.2"
},
{
"version_value": "0.15.3"
"version_value": "0.15.2",
"version_affected": "="
}
]
}
@ -42,33 +64,6 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Denial of Service"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as problematic has been found in cgriego active_attr up to 0.15.3. This affects the function call of the file lib/active_attr/typecasting/boolean_typecaster.rb of the component Regex Handler. The manipulation of the argument value leads to denial of service. The exploit has been disclosed to the public and may be used. Upgrading to version 0.15.4 is able to address this issue. The name of the patch is dab95e5843b01525444b82bd7b336ef1d79377df. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216207."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "3.5",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
}
},
"references": {
"reference_data": [
{
@ -81,11 +76,6 @@
"refsource": "MISC",
"name": "https://github.com/cgriego/active_attr/pull/185"
},
{
"url": "https://github.com/cgriego/active_attr/releases/tag/v0.15.4",
"refsource": "MISC",
"name": "https://github.com/cgriego/active_attr/releases/tag/v0.15.4"
},
{
"url": "https://github.com/cgriego/active_attr/commit/dab95e5843b01525444b82bd7b336ef1d79377df",
"refsource": "MISC",
@ -95,6 +85,27 @@
"url": "https://vuldb.com/?id.216207",
"refsource": "MISC",
"name": "https://vuldb.com/?id.216207"
},
{
"url": "https://github.com/cgriego/active_attr/releases/tag/v0.15.3",
"refsource": "MISC",
"name": "https://github.com/cgriego/active_attr/releases/tag/v0.15.3"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"baseSeverity": "LOW"
}
]
}

92
2021/4xxx/CVE-2021-4259.json
View File

@ -1,20 +1,42 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-4259",
"TITLE": "phpRedisAdmin login.inc.php authHttpDigest wrong operator in string comparison",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in phpRedisAdmin up to 1.16.1. It has been classified as problematic. This affects the function authHttpDigest of the file includes/login.inc.php. The manipulation of the argument response leads to use of wrong operator in string comparison. Upgrading to version 1.16.2 is able to address this issue. The name of the patch is 31aa7661e6db6f4dffbf9a635817832a0a11c7d9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216267."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in phpRedisAdmin bis 1.16.1 ausgemacht. Sie wurde als problematisch eingestuft. Es geht dabei um die Funktion authHttpDigest der Datei includes/login.inc.php. Durch das Manipulieren des Arguments response mit unbekannten Daten kann eine use of wrong operator in string comparison-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 1.16.2 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 31aa7661e6db6f4dffbf9a635817832a0a11c7d9 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-597 Use of Wrong Operator in String Comparison",
"cweId": "CWE-597"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"vendor_name": "n/a",
"product": {
"product_data": [
{
@ -22,16 +44,12 @@
"version": {
"version_data": [
{
"version_value": "1.17.0"
"version_value": "1.16.0",
"version_affected": "="
},
{
"version_value": "1.17.1"
},
{
"version_value": "1.17.2"
},
{
"version_value": "1.17.3"
"version_value": "1.16.1",
"version_affected": "="
}
]
}
@ -42,33 +60,6 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-597 Use of Wrong Operator in String Comparison"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in phpRedisAdmin up to 1.17.3. It has been classified as problematic. This affects the function authHttpDigest of the file includes/login.inc.php. The manipulation of the argument response leads to use of wrong operator in string comparison. The name of the patch is 31aa7661e6db6f4dffbf9a635817832a0a11c7d9. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216267."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "5.0",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
@ -80,6 +71,27 @@
"url": "https://vuldb.com/?id.216267",
"refsource": "MISC",
"name": "https://vuldb.com/?id.216267"
},
{
"url": "https://github.com/erikdubbelboer/phpRedisAdmin/releases/tag/v1.16.2",
"refsource": "MISC",
"name": "https://github.com/erikdubbelboer/phpRedisAdmin/releases/tag/v1.16.2"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5,
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5,
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
}
]
}

71
2022/47xxx/CVE-2022-47932.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-47932",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-47932",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Brave Browser before 1.43.34 allowed a remote attacker to cause a denial of service via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This vulnerability is caused by an incomplete fix for CVE-2022-47933."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/brave/brave-core/commit/e73309665508c17e48a67e302d3ab02a38d3ef50",
"refsource": "MISC",
"name": "https://github.com/brave/brave-core/commit/e73309665508c17e48a67e302d3ab02a38d3ef50"
},
{
"url": "https://github.com/brave/brave-core/pull/14211",
"refsource": "MISC",
"name": "https://github.com/brave/brave-core/pull/14211"
},
{
"url": "https://github.com/brave/brave-browser/issues/24093",
"refsource": "MISC",
"name": "https://github.com/brave/brave-browser/issues/24093"
},
{
"url": "https://hackerone.com/reports/1636430",
"refsource": "MISC",
"name": "https://hackerone.com/reports/1636430"
}
]
}

76
2022/47xxx/CVE-2022-47933.json
View File

@ -1,17 +1,81 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-47933",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-47933",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Brave Browser before 1.42.51 allowed a remote attacker to cause a denial of service via a crafted HTML file that references the IPFS scheme. This vulnerability is caused by an uncaught exception in the function ipfs::OnBeforeURLRequest_IPFSRedirectWork() in ipfs_redirect_network_delegate_helper.cc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/brave/brave-core/commit/7ef8cb2f232abdf59ec9c3c99a086a14b972bc56",
"refsource": "MISC",
"name": "https://github.com/brave/brave-core/commit/7ef8cb2f232abdf59ec9c3c99a086a14b972bc56"
},
{
"url": "https://github.com/brave/brave-core/pull/13989",
"refsource": "MISC",
"name": "https://github.com/brave/brave-core/pull/13989"
},
{
"url": "https://github.com/brave/brave-browser/issues/23646",
"refsource": "MISC",
"name": "https://github.com/brave/brave-browser/issues/23646"
},
{
"url": "https://github.com/brave/brave-browser/issues/24378",
"refsource": "MISC",
"name": "https://github.com/brave/brave-browser/issues/24378"
},
{
"url": "https://hackerone.com/reports/1610343",
"refsource": "MISC",
"name": "https://hackerone.com/reports/1610343"
}
]
}

76
2022/47xxx/CVE-2022-47934.json
View File

@ -1,17 +1,81 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-47934",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-47934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Brave Browser before 1.43.88 allowed a remote attacker to cause a denial of service in private and guest windows via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This is caused by an incomplete fix for CVE-2022-47932 and CVE-2022-47934."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/brave/brave-core/commit/82d8e39043e691e0492519126437275511ee87e8",
"refsource": "MISC",
"name": "https://github.com/brave/brave-core/commit/82d8e39043e691e0492519126437275511ee87e8"
},
{
"url": "https://github.com/brave/brave-browser/issues/24211",
"refsource": "MISC",
"name": "https://github.com/brave/brave-browser/issues/24211"
},
{
"url": "https://github.com/brave/brave-browser/issues/25106",
"refsource": "MISC",
"name": "https://github.com/brave/brave-browser/issues/25106"
},
{
"url": "https://github.com/brave/brave-core/pull/14313",
"refsource": "MISC",
"name": "https://github.com/brave/brave-core/pull/14313"
},
{
"url": "https://hackerone.com/reports/1646204",
"refsource": "MISC",
"name": "https://hackerone.com/reports/1646204"
}
]
}

112
2022/4xxx/CVE-2022-4495.json
View File

@ -1,20 +1,42 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4495",
"TITLE": "collective.dms.basecontent column.py renderCell cross site scripting",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as problematic, has been found in collective.dms.basecontent up to 1.6. This issue affects the function renderCell of the file src/collective/dms/basecontent/browser/column.py. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.7 is able to address this issue. The name of the patch is 6c4d616fcc771822a14ebae5e23f3f6d96d134bd. It is recommended to upgrade the affected component. The identifier VDB-215813 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in collective.dms.basecontent bis 1.6 entdeckt. Sie wurde als problematisch eingestuft. Betroffen davon ist die Funktion renderCell der Datei src/collective/dms/basecontent/browser/column.py. Durch Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 1.7 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 6c4d616fcc771822a14ebae5e23f3f6d96d134bd bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"vendor_name": "n/a",
"product": {
"product_data": [
{
@ -22,7 +44,32 @@
"version": {
"version_data": [
{
"version_value": "1.7"
"version_value": "1.0",
"version_affected": "="
},
{
"version_value": "1.1",
"version_affected": "="
},
{
"version_value": "1.2",
"version_affected": "="
},
{
"version_value": "1.3",
"version_affected": "="
},
{
"version_value": "1.4",
"version_affected": "="
},
{
"version_value": "1.5",
"version_affected": "="
},
{
"version_value": "1.6",
"version_affected": "="
}
]
}
@ -33,33 +80,6 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as problematic, has been found in collective.dms.basecontent 1.7. This issue affects the function renderCell of the file src/collective/dms/basecontent/browser/column.py. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.10 is able to address this issue. The name of the patch is 6c4d616fcc771822a14ebae5e23f3f6d96d134bd. It is recommended to upgrade the affected component. The identifier VDB-215813 was assigned to this vulnerability."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "3.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
}
},
"references": {
"reference_data": [
{
@ -67,15 +87,31 @@
"refsource": "MISC",
"name": "https://github.com/collective/collective.dms.basecontent/commit/6c4d616fcc771822a14ebae5e23f3f6d96d134bd"
},
{
"url": "https://github.com/collective/collective.dms.basecontent/releases/tag/1.10",
"refsource": "MISC",
"name": "https://github.com/collective/collective.dms.basecontent/releases/tag/1.10"
},
{
"url": "https://vuldb.com/?id.215813",
"refsource": "MISC",
"name": "https://vuldb.com/?id.215813"
},
{
"url": "https://github.com/collective/collective.dms.basecontent/releases/tag/1.7",
"refsource": "MISC",
"name": "https://github.com/collective/collective.dms.basecontent/releases/tag/1.7"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
}
]
}

107
2022/4xxx/CVE-2022-4521.json
View File

@ -1,15 +1,37 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4521",
"TITLE": "WSO2 carbon-registry Request Parameter cross site scripting",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as problematic has been found in WSO2 carbon-registry up to 4.8.6. This affects an unknown part of the component Request Parameter Handler. The manipulation of the argument parentPath/path/username/path/profile_menu leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 4.8.7 is able to address this issue. The name of the patch is 9f967abfde9317bee2cda469dbc09b57d539f2cc. It is recommended to upgrade the affected component. The identifier VDB-215901 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in WSO2 carbon-registry bis 4.8.6 entdeckt. Sie wurde als problematisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Komponente Request Parameter Handler. Durch Manipulation des Arguments parentPath/path/username/path/profile_menu mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Ein Aktualisieren auf die Version 4.8.7 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 9f967abfde9317bee2cda469dbc09b57d539f2cc bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -22,28 +44,32 @@
"version": {
"version_data": [
{
"version_value": "4.8.0"
"version_value": "4.8.0",
"version_affected": "="
},
{
"version_value": "4.8.1"
"version_value": "4.8.1",
"version_affected": "="
},
{
"version_value": "4.8.2"
"version_value": "4.8.2",
"version_affected": "="
},
{
"version_value": "4.8.3"
"version_value": "4.8.3",
"version_affected": "="
},
{
"version_value": "4.8.4"
"version_value": "4.8.4",
"version_affected": "="
},
{
"version_value": "4.8.5"
"version_value": "4.8.5",
"version_affected": "="
},
{
"version_value": "4.8.6"
},
{
"version_value": "4.8.7"
"version_value": "4.8.6",
"version_affected": "="
}
]
}
@ -54,40 +80,8 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as problematic has been found in WSO2 carbon-registry up to 4.8.7. This affects an unknown part of the component Request Parameter Handler. The manipulation of the argument parentPath/path/username/path/profile_menu leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 4.8.12 is able to address this issue. The name of the patch is 9f967abfde9317bee2cda469dbc09b57d539f2cc. It is recommended to upgrade the affected component. The identifier VDB-215901 was assigned to this vulnerability."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "3.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/wso2/carbon-registry/releases/tag/v4.8.12",
"refsource": "MISC",
"name": "https://github.com/wso2/carbon-registry/releases/tag/v4.8.12"
},
{
"url": "https://github.com/wso2/carbon-registry/pull/399",
"refsource": "MISC",
@ -102,6 +96,27 @@
"url": "https://vuldb.com/?id.215901",
"refsource": "MISC",
"name": "https://vuldb.com/?id.215901"
},
{
"url": "https://github.com/wso2/carbon-registry/releases/tag/v4.8.7",
"refsource": "MISC",
"name": "https://github.com/wso2/carbon-registry/releases/tag/v4.8.7"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
}
]
}

89
2022/4xxx/CVE-2022-4524.json
View File

@ -1,15 +1,37 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4524",
"TITLE": "Roots soil Plugin CleanUpModule.php language_attributes cross site scripting",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as problematic, was found in Roots soil Plugin up to 4.0.x. Affected is the function language_attributes of the file src/Modules/CleanUpModule.php. The manipulation of the argument language leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 4.1.0 is able to address this issue. The name of the patch is 0c9151e00ab047da253e5cdbfccb204dd423269d. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215904."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in Roots soil Plugin bis 4.0.x gefunden. Sie wurde als problematisch eingestuft. Betroffen hiervon ist die Funktion language_attributes der Datei src/Modules/CleanUpModule.php. Durch das Manipulieren des Arguments language mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Ein Aktualisieren auf die Version 4.1.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 0c9151e00ab047da253e5cdbfccb204dd423269d bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -22,10 +44,8 @@
"version": {
"version_data": [
{
"version_value": "4.0"
},
{
"version_value": "4.1"
"version_value": "4.0",
"version_affected": "="
}
]
}
@ -36,33 +56,6 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as problematic, was found in Roots soil Plugin up to 4.1.0. Affected is the function language_attributes of the file src/Modules/CleanUpModule.php. The manipulation of the argument language leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 4.1.1 is able to address this issue. The name of the patch is 0c9151e00ab047da253e5cdbfccb204dd423269d. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215904."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "3.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
}
},
"references": {
"reference_data": [
{
@ -70,11 +63,6 @@
"refsource": "MISC",
"name": "https://github.com/roots/soil/pull/285"
},
{
"url": "https://github.com/roots/soil/releases/tag/4.1.1",
"refsource": "MISC",
"name": "https://github.com/roots/soil/releases/tag/4.1.1"
},
{
"url": "https://github.com/roots/soil/commit/0c9151e00ab047da253e5cdbfccb204dd423269d",
"refsource": "MISC",
@ -84,6 +72,27 @@
"url": "https://vuldb.com/?id.215904",
"refsource": "MISC",
"name": "https://vuldb.com/?id.215904"
},
{
"url": "https://github.com/roots/soil/releases/tag/4.1.0",
"refsource": "MISC",
"name": "https://github.com/roots/soil/releases/tag/4.1.0"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
}
]
}

92
2022/4xxx/CVE-2022-4525.json
View File

@ -1,15 +1,37 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4525",
"TITLE": "National Sleep Research Resource sleepdata.org cross site scripting",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been found in National Sleep Research Resource sleepdata.org up to 58.x and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 59.0.0.rc is able to address this issue. The name of the patch is da44a3893b407087829b006d09339780919714cd. It is recommended to upgrade the affected component. The identifier VDB-215905 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "In National Sleep Research Resource sleepdata.org bis 58.x wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion. Durch Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 59.0.0.rc vermag dieses Problem zu l\u00f6sen. Der Patch wird als da44a3893b407087829b006d09339780919714cd bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -22,13 +44,8 @@
"version": {
"version_data": [
{
"version_value": "59.0.0.ra"
},
{
"version_value": "59.0.0.rb"
},
{
"version_value": "59.0.0.rc"
"version_value": "58.x",
"version_affected": "="
}
]
}
@ -39,33 +56,6 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been found in National Sleep Research Resource sleepdata.org up to 59.0.0.rc and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 59.0.0 is able to address this issue. The name of the patch is da44a3893b407087829b006d09339780919714cd. It is recommended to upgrade the affected component. The identifier VDB-215905 was assigned to this vulnerability."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "3.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
}
},
"references": {
"reference_data": [
{
@ -73,15 +63,31 @@
"refsource": "MISC",
"name": "https://github.com/nsrr/sleepdata.org/commit/da44a3893b407087829b006d09339780919714cd"
},
{
"url": "https://github.com/nsrr/sleepdata.org/releases/tag/v59.0.0",
"refsource": "MISC",
"name": "https://github.com/nsrr/sleepdata.org/releases/tag/v59.0.0"
},
{
"url": "https://vuldb.com/?id.215905",
"refsource": "MISC",
"name": "https://vuldb.com/?id.215905"
},
{
"url": "https://github.com/nsrr/sleepdata.org/releases/tag/59.0.0.rc",
"refsource": "MISC",
"name": "https://github.com/nsrr/sleepdata.org/releases/tag/59.0.0.rc"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
}
]
}

115
2022/4xxx/CVE-2022-4527.json
View File

@ -1,20 +1,42 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4527",
"TITLE": "collective.task table.py AssignedGroupColumn cross site scripting",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in collective.task up to 3.0.8. It has been classified as problematic. This affects the function renderCell/AssignedGroupColumn of the file src/collective/task/browser/table.py. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 3.0.9 is able to address this issue. The name of the patch is 1aac7f83fa2c2b41d59ba02748912953461f3fac. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215907."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in collective.task bis 3.0.8 ausgemacht. Sie wurde als problematisch eingestuft. Es geht dabei um die Funktion renderCell/AssignedGroupColumn der Datei src/collective/task/browser/table.py. Durch Beeinflussen mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Ein Aktualisieren auf die Version 3.0.9 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 1aac7f83fa2c2b41d59ba02748912953461f3fac bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"vendor_name": "n/a",
"product": {
"product_data": [
{
@ -22,34 +44,40 @@
"version": {
"version_data": [
{
"version_value": "3.0.0"
"version_value": "3.0.0",
"version_affected": "="
},
{
"version_value": "3.0.1"
"version_value": "3.0.1",
"version_affected": "="
},
{
"version_value": "3.0.2"
"version_value": "3.0.2",
"version_affected": "="
},
{
"version_value": "3.0.3"
"version_value": "3.0.3",
"version_affected": "="
},
{
"version_value": "3.0.4"
"version_value": "3.0.4",
"version_affected": "="
},
{
"version_value": "3.0.5"
"version_value": "3.0.5",
"version_affected": "="
},
{
"version_value": "3.0.6"
"version_value": "3.0.6",
"version_affected": "="
},
{
"version_value": "3.0.7"
"version_value": "3.0.7",
"version_affected": "="
},
{
"version_value": "3.0.8"
},
{
"version_value": "3.0.9"
"version_value": "3.0.8",
"version_affected": "="
}
]
}
@ -60,33 +88,6 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in collective.task up to 3.0.9. It has been classified as problematic. This affects the function renderCell/AssignedGroupColumn of the file src/collective/task/browser/table.py. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 3.0.10 is able to address this issue. The name of the patch is 1aac7f83fa2c2b41d59ba02748912953461f3fac. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215907."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "3.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
}
},
"references": {
"reference_data": [
{
@ -94,15 +95,31 @@
"refsource": "MISC",
"name": "https://github.com/collective/collective.task/commit/1aac7f83fa2c2b41d59ba02748912953461f3fac"
},
{
"url": "https://github.com/collective/collective.task/releases/tag/3.0.10",
"refsource": "MISC",
"name": "https://github.com/collective/collective.task/releases/tag/3.0.10"
},
{
"url": "https://vuldb.com/?id.215907",
"refsource": "MISC",
"name": "https://vuldb.com/?id.215907"
},
{
"url": "https://github.com/collective/collective.task/releases/tag/3.0.9",
"refsource": "MISC",
"name": "https://github.com/collective/collective.task/releases/tag/3.0.9"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
}
]
}

184
2022/4xxx/CVE-2022-4560.json
View File

@ -1,20 +1,42 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4560",
"TITLE": "Joget wflow-core UniversalTheme.java getInternalJsCssLib cross site scripting",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Joget up to 7.0.31. It has been rated as problematic. This issue affects the function getInternalJsCssLib of the file wflow-core/src/main/java/org/joget/plugin/enterprise/UniversalTheme.java of the component wflow-core. The manipulation of the argument key leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 7.0.32 is able to address this issue. The name of the patch is ecf8be8f6f0cb725c18536ddc726d42a11bdaa1b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215963."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in Joget bis 7.0.31 ausgemacht. Sie wurde als problematisch eingestuft. Betroffen davon ist die Funktion getInternalJsCssLib der Datei wflow-core/src/main/java/org/joget/plugin/enterprise/UniversalTheme.java der Komponente wflow-core. Dank der Manipulation des Arguments key mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 7.0.32 vermag dieses Problem zu l\u00f6sen. Der Patch wird als ecf8be8f6f0cb725c18536ddc726d42a11bdaa1b bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"vendor_name": "n/a",
"product": {
"product_data": [
{
@ -22,103 +44,132 @@
"version": {
"version_data": [
{
"version_value": "7.0.0"
"version_value": "7.0.0",
"version_affected": "="
},
{
"version_value": "7.0.1"
"version_value": "7.0.1",
"version_affected": "="
},
{
"version_value": "7.0.2"
"version_value": "7.0.2",
"version_affected": "="
},
{
"version_value": "7.0.3"
"version_value": "7.0.3",
"version_affected": "="
},
{
"version_value": "7.0.4"
"version_value": "7.0.4",
"version_affected": "="
},
{
"version_value": "7.0.5"
"version_value": "7.0.5",
"version_affected": "="
},
{
"version_value": "7.0.6"
"version_value": "7.0.6",
"version_affected": "="
},
{
"version_value": "7.0.7"
"version_value": "7.0.7",
"version_affected": "="
},
{
"version_value": "7.0.8"
"version_value": "7.0.8",
"version_affected": "="
},
{
"version_value": "7.0.9"
"version_value": "7.0.9",
"version_affected": "="
},
{
"version_value": "7.0.10"
"version_value": "7.0.10",
"version_affected": "="
},
{
"version_value": "7.0.11"
"version_value": "7.0.11",
"version_affected": "="
},
{
"version_value": "7.0.12"
"version_value": "7.0.12",
"version_affected": "="
},
{
"version_value": "7.0.13"
"version_value": "7.0.13",
"version_affected": "="
},
{
"version_value": "7.0.14"
"version_value": "7.0.14",
"version_affected": "="
},
{
"version_value": "7.0.15"
"version_value": "7.0.15",
"version_affected": "="
},
{
"version_value": "7.0.16"
"version_value": "7.0.16",
"version_affected": "="
},
{
"version_value": "7.0.17"
"version_value": "7.0.17",
"version_affected": "="
},
{
"version_value": "7.0.18"
"version_value": "7.0.18",
"version_affected": "="
},
{
"version_value": "7.0.19"
"version_value": "7.0.19",
"version_affected": "="
},
{
"version_value": "7.0.20"
"version_value": "7.0.20",
"version_affected": "="
},
{
"version_value": "7.0.21"
"version_value": "7.0.21",
"version_affected": "="
},
{
"version_value": "7.0.22"
"version_value": "7.0.22",
"version_affected": "="
},
{
"version_value": "7.0.23"
"version_value": "7.0.23",
"version_affected": "="
},
{
"version_value": "7.0.24"
"version_value": "7.0.24",
"version_affected": "="
},
{
"version_value": "7.0.25"
"version_value": "7.0.25",
"version_affected": "="
},
{
"version_value": "7.0.26"
"version_value": "7.0.26",
"version_affected": "="
},
{
"version_value": "7.0.27"
"version_value": "7.0.27",
"version_affected": "="
},
{
"version_value": "7.0.28"
"version_value": "7.0.28",
"version_affected": "="
},
{
"version_value": "7.0.29"
"version_value": "7.0.29",
"version_affected": "="
},
{
"version_value": "7.0.30"
"version_value": "7.0.30",
"version_affected": "="
},
{
"version_value": "7.0.31"
},
{
"version_value": "7.0.32"
"version_value": "7.0.31",
"version_affected": "="
}
]
}
@ -129,33 +180,6 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Joget up to 7.0.32. It has been rated as problematic. This issue affects the function getInternalJsCssLib of the file wflow-core/src/main/java/org/joget/plugin/enterprise/UniversalTheme.java of the component wflow-core. The manipulation of the argument key leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 8.0-BETA is able to address this issue. The name of the patch is ecf8be8f6f0cb725c18536ddc726d42a11bdaa1b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215963."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "3.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
}
},
"references": {
"reference_data": [
{
@ -163,15 +187,31 @@
"refsource": "MISC",
"name": "https://github.com/jogetworkflow/jw-community/commit/ecf8be8f6f0cb725c18536ddc726d42a11bdaa1b"
},
{
"url": "https://github.com/jogetworkflow/jw-community/releases/tag/8.0-BETA",
"refsource": "MISC",
"name": "https://github.com/jogetworkflow/jw-community/releases/tag/8.0-BETA"
},
{
"url": "https://vuldb.com/?id.215963",
"refsource": "MISC",
"name": "https://vuldb.com/?id.215963"
},
{
"url": "https://github.com/jogetworkflow/jw-community/releases/tag/7.0.32",
"refsource": "MISC",
"name": "https://github.com/jogetworkflow/jw-community/releases/tag/7.0.32"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
}
]
}

86
2022/4xxx/CVE-2022-4564.json
View File

@ -1,15 +1,37 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4564",
"TITLE": "University of Central Florida Materia API Controller api.php before cross-site request forgery",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as problematic has been found in University of Central Florida Materia up to 9.0.0. This affects the function before of the file fuel/app/classes/controller/api.php of the component API Controller. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 9.0.1-alpha1 is able to address this issue. The name of the patch is af259115d2e8f17068e61902151ee8a9dbac397b. It is recommended to upgrade the affected component. The identifier VDB-215973 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in University of Central Florida Materia bis 9.0.0 entdeckt. Sie wurde als problematisch eingestuft. Dabei betrifft es die Funktion before der Datei fuel/app/classes/controller/api.php der Komponente API Controller. Durch Beeinflussen mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 9.0.1-alpha1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als af259115d2e8f17068e61902151ee8a9dbac397b bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -22,7 +44,8 @@
"version": {
"version_data": [
{
"version_value": "9.0.1-alpha1"
"version_value": "9.0",
"version_affected": "="
}
]
}
@ -33,33 +56,6 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization -> CWE-862 Missing Authorization -> CWE-352 Cross-Site Request Forgery"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as problematic has been found in University of Central Florida Materia up to 9.0.1-alpha1. This affects the function before of the file fuel/app/classes/controller/api.php of the component API Controller. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 9.0.2-alpha2 is able to address this issue. The name of the patch is af259115d2e8f17068e61902151ee8a9dbac397b. It is recommended to upgrade the affected component. The identifier VDB-215973 was assigned to this vulnerability."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "4.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
}
},
"references": {
"reference_data": [
{
@ -67,11 +63,6 @@
"refsource": "MISC",
"name": "https://github.com/ucfopen/Materia/pull/1371"
},
{
"url": "https://github.com/ucfopen/Materia/releases/tag/v9.0.2-alpha2",
"refsource": "MISC",
"name": "https://github.com/ucfopen/Materia/releases/tag/v9.0.2-alpha2"
},
{
"url": "https://github.com/ucfopen/Materia/commit/af259115d2e8f17068e61902151ee8a9dbac397b",
"refsource": "MISC",
@ -81,6 +72,27 @@
"url": "https://vuldb.com/?id.215973",
"refsource": "MISC",
"name": "https://vuldb.com/?id.215973"
},
{
"url": "https://github.com/ucfopen/Materia/releases/tag/v9.0.1-alpha1",
"refsource": "MISC",
"name": "https://github.com/ucfopen/Materia/releases/tag/v9.0.1-alpha1"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
}
]
}

92
2022/4xxx/CVE-2022-4588.json
View File

@ -1,15 +1,37 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4588",
"TITLE": "Boston Sleep slice Layout cross site scripting",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as problematic, was found in Boston Sleep slice up to 84.1.x. Affected is an unknown function of the component Layout Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 84.2.0 is able to address this issue. The name of the patch is 6523bb17d889e2ab13d767f38afefdb37083f1d0. It is recommended to upgrade the affected component. VDB-216174 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in Boston Sleep slice bis 84.1.x gefunden. Sie wurde als problematisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Komponente Layout Handler. Mit der Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Ein Aktualisieren auf die Version 84.2.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 6523bb17d889e2ab13d767f38afefdb37083f1d0 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -22,13 +44,12 @@
"version": {
"version_data": [
{
"version_value": "84.0"
"version_value": "84.0",
"version_affected": "="
},
{
"version_value": "84.1"
},
{
"version_value": "84.2"
"version_value": "84.1",
"version_affected": "="
}
]
}
@ -39,33 +60,6 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as problematic, was found in Boston Sleep slice up to 84.2.0. Affected is an unknown function of the component Layout Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 85.0.0 is able to address this issue. The name of the patch is 6523bb17d889e2ab13d767f38afefdb37083f1d0. It is recommended to upgrade the affected component. VDB-216174 is the identifier assigned to this vulnerability."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "2.4",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"
}
},
"references": {
"reference_data": [
{
@ -73,15 +67,31 @@
"refsource": "MISC",
"name": "https://github.com/sleepepi/slice/commit/6523bb17d889e2ab13d767f38afefdb37083f1d0"
},
{
"url": "https://github.com/sleepepi/slice/releases/tag/v85.0.0",
"refsource": "MISC",
"name": "https://github.com/sleepepi/slice/releases/tag/v85.0.0"
},
{
"url": "https://vuldb.com/?id.216174",
"refsource": "MISC",
"name": "https://vuldb.com/?id.216174"
},
{
"url": "https://github.com/sleepepi/slice/releases/tag/v84.2.0",
"refsource": "MISC",
"name": "https://github.com/sleepepi/slice/releases/tag/v84.2.0"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 2.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 2.4,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
}
]
}

116
2022/4xxx/CVE-2022-4589.json
View File

@ -1,15 +1,37 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4589",
"TITLE": "cyface Terms and Conditions Module views.py returnTo redirect",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been found in cyface Terms and Conditions Module up to 2.0.9 and classified as problematic. Affected by this vulnerability is the function returnTo of the file termsandconditions/views.py. The manipulation leads to open redirect. The attack can be launched remotely. Upgrading to version 2.0.10 is able to address this issue. The name of the patch is 03396a1c2e0af95e12a45c5faef7e47a4b513e1a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216175."
},
{
"lang": "deu",
"value": "In cyface Terms and Conditions Module bis 2.0.9 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Es geht um die Funktion returnTo der Datei termsandconditions/views.py. Durch die Manipulation mit unbekannten Daten kann eine open redirect-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 2.0.10 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 03396a1c2e0af95e12a45c5faef7e47a4b513e1a bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 Open Redirect",
"cweId": "CWE-601"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -22,37 +44,44 @@
"version": {
"version_data": [
{
"version_value": "2.0.0"
"version_value": "2.0.0",
"version_affected": "="
},
{
"version_value": "2.0.1"
"version_value": "2.0.1",
"version_affected": "="
},
{
"version_value": "2.0.2"
"version_value": "2.0.2",
"version_affected": "="
},
{
"version_value": "2.0.3"
"version_value": "2.0.3",
"version_affected": "="
},
{
"version_value": "2.0.4"
"version_value": "2.0.4",
"version_affected": "="
},
{
"version_value": "2.0.5"
"version_value": "2.0.5",
"version_affected": "="
},
{
"version_value": "2.0.6"
"version_value": "2.0.6",
"version_affected": "="
},
{
"version_value": "2.0.7"
"version_value": "2.0.7",
"version_affected": "="
},
{
"version_value": "2.0.8"
"version_value": "2.0.8",
"version_affected": "="
},
{
"version_value": "2.0.9"
},
{
"version_value": "2.0.10"
"version_value": "2.0.9",
"version_affected": "="
}
]
}
@ -63,33 +92,6 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 Open Redirect"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been found in cyface Terms and Conditions Module up to 2.0.10 and classified as problematic. Affected by this vulnerability is the function returnTo of the file termsandconditions/views.py. The manipulation leads to open redirect. The attack can be launched remotely. Upgrading to version 2.0.11 is able to address this issue. The name of the patch is 03396a1c2e0af95e12a45c5faef7e47a4b513e1a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216175."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "5.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
@ -97,11 +99,6 @@
"refsource": "MISC",
"name": "https://github.com/cyface/django-termsandconditions/pull/239"
},
{
"url": "https://github.com/cyface/django-termsandconditions/releases/tag/v2.0.11",
"refsource": "MISC",
"name": "https://github.com/cyface/django-termsandconditions/releases/tag/v2.0.11"
},
{
"url": "https://github.com/cyface/django-termsandconditions/commit/03396a1c2e0af95e12a45c5faef7e47a4b513e1a",
"refsource": "MISC",
@ -111,6 +108,27 @@
"url": "https://vuldb.com/?id.216175",
"refsource": "MISC",
"name": "https://vuldb.com/?id.216175"
},
{
"url": "https://github.com/cyface/django-termsandconditions/releases/tag/v2.0.10",
"refsource": "MISC",
"name": "https://github.com/cyface/django-termsandconditions/releases/tag/v2.0.10"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
}
]
}

94
2022/4xxx/CVE-2022-4604.json
View File

@ -1,20 +1,42 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4604",
"TITLE": "wp-english-wp-admin Plugin english-wp-admin.php register_endpoints cross-site request forgery",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as problematic was found in wp-english-wp-admin Plugin up to 1.5.1. Affected by this vulnerability is the function register_endpoints of the file english-wp-admin.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. Upgrading to version 1.5.2 is able to address this issue. The name of the patch is ad4ba171c974c65c3456e7c6228f59f40783b33d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216199."
},
{
"lang": "deu",
"value": "In wp-english-wp-admin Plugin bis 1.5.1 wurde eine problematische Schwachstelle entdeckt. Hierbei betrifft es die Funktion register_endpoints der Datei english-wp-admin.php. Mittels dem Manipulieren mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Ein Aktualisieren auf die Version 1.5.2 vermag dieses Problem zu l\u00f6sen. Der Patch wird als ad4ba171c974c65c3456e7c6228f59f40783b33d bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"vendor_name": "n/a",
"product": {
"product_data": [
{
@ -22,13 +44,12 @@
"version": {
"version_data": [
{
"version_value": "1.5.0"
"version_value": "1.5.0",
"version_affected": "="
},
{
"version_value": "1.5.1"
},
{
"version_value": "1.5.2"
"version_value": "1.5.1",
"version_affected": "="
}
]
}
@ -39,33 +60,6 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization -> CWE-862 Missing Authorization -> CWE-352 Cross-Site Request Forgery"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as problematic was found in wp-english-wp-admin Plugin up to 1.5.2. Affected by this vulnerability is the function register_endpoints of the file english-wp-admin.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. Upgrading to version 1.5.3 is able to address this issue. The name of the patch is ad4ba171c974c65c3456e7c6228f59f40783b33d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216199."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "4.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
}
},
"references": {
"reference_data": [
{
@ -73,15 +67,31 @@
"refsource": "MISC",
"name": "https://github.com/khromov/wp-english-wp-admin/commit/ad4ba171c974c65c3456e7c6228f59f40783b33d"
},
{
"url": "https://github.com/khromov/wp-english-wp-admin/releases/tag/1.5.3",
"refsource": "MISC",
"name": "https://github.com/khromov/wp-english-wp-admin/releases/tag/1.5.3"
},
{
"url": "https://vuldb.com/?id.216199",
"refsource": "MISC",
"name": "https://vuldb.com/?id.216199"
},
{
"url": "https://github.com/khromov/wp-english-wp-admin/releases/tag/1.5.2",
"refsource": "MISC",
"name": "https://github.com/khromov/wp-english-wp-admin/releases/tag/1.5.2"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
}
]
}

93
2022/4xxx/CVE-2022-4607.json
View File

@ -1,15 +1,37 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4607",
"TITLE": "3D City Database OGC Web Feature Service xml external entity reference",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in 3D City Database OGC Web Feature Service up to 5.2.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to xml external entity reference. Upgrading to version 5.2.1 is able to address this issue. The name of the patch is 246f4e2a97ad81491c00a7ed72ce5e7c7f75050a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216215."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in 3D City Database OGC Web Feature Service bis 5.2.0 ausgemacht. Sie wurde als problematisch eingestuft. Davon betroffen ist unbekannter Code. Durch Beeinflussen mit unbekannten Daten kann eine xml external entity reference-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 5.2.1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 246f4e2a97ad81491c00a7ed72ce5e7c7f75050a bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611 XML External Entity Reference",
"cweId": "CWE-611"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -22,10 +44,16 @@
"version": {
"version_data": [
{
"version_value": "5.2.0"
"version_value": "5.0",
"version_affected": "="
},
{
"version_value": "5.2.1"
"version_value": "5.1",
"version_affected": "="
},
{
"version_value": "5.2",
"version_affected": "="
}
]
}
@ -36,33 +64,6 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-610 Externally Controlled Reference -> CWE-611 XML External Entity Reference"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in 3D City Database OGC Web Feature Service up to 5.2.1. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to xml external entity reference. Upgrading to version 5.3.0 is able to address this issue. The name of the patch is 246f4e2a97ad81491c00a7ed72ce5e7c7f75050a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216215."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "5.5",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
@ -70,11 +71,6 @@
"refsource": "MISC",
"name": "https://github.com/3dcitydb/web-feature-service/pull/12"
},
{
"url": "https://github.com/3dcitydb/web-feature-service/releases/tag/v5.3.0",
"refsource": "MISC",
"name": "https://github.com/3dcitydb/web-feature-service/releases/tag/v5.3.0"
},
{
"url": "https://github.com/3dcitydb/web-feature-service/commit/246f4e2a97ad81491c00a7ed72ce5e7c7f75050a",
"refsource": "MISC",
@ -84,6 +80,27 @@
"url": "https://vuldb.com/?id.216215",
"refsource": "MISC",
"name": "https://vuldb.com/?id.216215"
},
{
"url": "https://github.com/3dcitydb/web-feature-service/releases/tag/v5.2.1",
"refsource": "MISC",
"name": "https://github.com/3dcitydb/web-feature-service/releases/tag/v5.2.1"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.5,
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.5,
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
}
]
}

100
2022/4xxx/CVE-2022-4632.json
View File

@ -1,20 +1,42 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4632",
"TITLE": "Auto Upload Images cross site scripting",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been found in Auto Upload Images up to 3.3.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.3.1 is able to address this issue. The name of the patch is 895770ee93887ec78429c78ffdfb865bee6f9436. It is recommended to upgrade the affected component. The identifier VDB-216481 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "In Auto Upload Images bis 3.3.0 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t. Dank Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Ein Aktualisieren auf die Version 3.3.1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 895770ee93887ec78429c78ffdfb865bee6f9436 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"vendor_name": "n/a",
"product": {
"product_data": [
{
@ -22,7 +44,20 @@
"version": {
"version_data": [
{
"version_value": "3.3.1"
"version_value": "3.0",
"version_affected": "="
},
{
"version_value": "3.1",
"version_affected": "="
},
{
"version_value": "3.2",
"version_affected": "="
},
{
"version_value": "3.3",
"version_affected": "="
}
]
}
@ -33,33 +68,6 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been found in Auto Upload Images 3.3.1 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.3.2 is able to address this issue. The name of the patch is 895770ee93887ec78429c78ffdfb865bee6f9436. It is recommended to upgrade the affected component. The identifier VDB-216481 was assigned to this vulnerability."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "3.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
}
},
"references": {
"reference_data": [
{
@ -67,15 +75,31 @@
"refsource": "MISC",
"name": "https://github.com/airani/wp-auto-upload/commit/895770ee93887ec78429c78ffdfb865bee6f9436"
},
{
"url": "https://github.com/airani/wp-auto-upload/releases/tag/v3.3.2",
"refsource": "MISC",
"name": "https://github.com/airani/wp-auto-upload/releases/tag/v3.3.2"
},
{
"url": "https://vuldb.com/?id.216481",
"refsource": "MISC",
"name": "https://vuldb.com/?id.216481"
},
{
"url": "https://github.com/airani/wp-auto-upload/releases/tag/v3.3.1",
"refsource": "MISC",
"name": "https://github.com/airani/wp-auto-upload/releases/tag/v3.3.1"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
}
]
}

100
2022/4xxx/CVE-2022-4633.json
View File

@ -1,20 +1,42 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4633",
"TITLE": "Auto Upload Images Settings setting-page.php cross-site request forgery",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Auto Upload Images up to 3.3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file src/setting-page.php of the component Settings Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 3.3.1 is able to address this issue. The name of the patch is 895770ee93887ec78429c78ffdfb865bee6f9436. It is recommended to upgrade the affected component. VDB-216482 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in Auto Upload Images bis 3.3.0 gefunden. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Datei src/setting-page.php der Komponente Settings Handler. Mit der Manipulation mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Ein Aktualisieren auf die Version 3.3.1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 895770ee93887ec78429c78ffdfb865bee6f9436 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"vendor_name": "n/a",
"product": {
"product_data": [
{
@ -22,7 +44,20 @@
"version": {
"version_data": [
{
"version_value": "3.3.1"
"version_value": "3.0",
"version_affected": "="
},
{
"version_value": "3.1",
"version_affected": "="
},
{
"version_value": "3.2",
"version_affected": "="
},
{
"version_value": "3.3",
"version_affected": "="
}
]
}
@ -33,33 +68,6 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization -> CWE-862 Missing Authorization -> CWE-352 Cross-Site Request Forgery"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Auto Upload Images 3.3.1 and classified as problematic. Affected by this issue is some unknown functionality of the file src/setting-page.php of the component Settings Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 3.3.2 is able to address this issue. The name of the patch is 895770ee93887ec78429c78ffdfb865bee6f9436. It is recommended to upgrade the affected component. VDB-216482 is the identifier assigned to this vulnerability."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "4.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
}
},
"references": {
"reference_data": [
{
@ -67,15 +75,31 @@
"refsource": "MISC",
"name": "https://github.com/airani/wp-auto-upload/commit/895770ee93887ec78429c78ffdfb865bee6f9436"
},
{
"url": "https://github.com/airani/wp-auto-upload/releases/tag/v3.3.2",
"refsource": "MISC",
"name": "https://github.com/airani/wp-auto-upload/releases/tag/v3.3.2"
},
{
"url": "https://vuldb.com/?id.216482",
"refsource": "MISC",
"name": "https://vuldb.com/?id.216482"
},
{
"url": "https://github.com/airani/wp-auto-upload/releases/tag/v3.3.1",
"refsource": "MISC",
"name": "https://github.com/airani/wp-auto-upload/releases/tag/v3.3.1"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
}
]
}

116
2022/4xxx/CVE-2022-4637.json
View File

@ -1,20 +1,42 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4637",
"TITLE": "ep3-bs cross site scripting",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as problematic has been found in ep3-bs up to 1.7.x. This affects an unknown part. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.8.0 is able to address this issue. The name of the patch is ef49e709c8adecc3a83cdc6164a67162991d2213. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216495."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in ep3-bs bis 1.7.x entdeckt. Sie wurde als problematisch eingestuft. Es betrifft eine unbekannte Funktion. Durch Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 1.8.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als ef49e709c8adecc3a83cdc6164a67162991d2213 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"vendor_name": "n/a",
"product": {
"product_data": [
{
@ -22,7 +44,36 @@
"version": {
"version_data": [
{
"version_value": "1.8.0"
"version_value": "1.0",
"version_affected": "="
},
{
"version_value": "1.1",
"version_affected": "="
},
{
"version_value": "1.2",
"version_affected": "="
},
{
"version_value": "1.3",
"version_affected": "="
},
{
"version_value": "1.4",
"version_affected": "="
},
{
"version_value": "1.5",
"version_affected": "="
},
{
"version_value": "1.6",
"version_affected": "="
},
{
"version_value": "1.7",
"version_affected": "="
}
]
}
@ -33,33 +84,6 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as problematic has been found in ep3-bs 1.8.0. This affects an unknown part. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.8.1 is able to address this issue. The name of the patch is ef49e709c8adecc3a83cdc6164a67162991d2213. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216495."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "3.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
}
},
"references": {
"reference_data": [
{
@ -67,11 +91,6 @@
"refsource": "MISC",
"name": "https://github.com/tkrebs/ep3-bs/issues/564"
},
{
"url": "https://github.com/tkrebs/ep3-bs/releases/tag/1.8.1",
"refsource": "MISC",
"name": "https://github.com/tkrebs/ep3-bs/releases/tag/1.8.1"
},
{
"url": "https://github.com/tkrebs/ep3-bs/commit/ef49e709c8adecc3a83cdc6164a67162991d2213",
"refsource": "MISC",
@ -81,6 +100,27 @@
"url": "https://vuldb.com/?id.216495",
"refsource": "MISC",
"name": "https://vuldb.com/?id.216495"
},
{
"url": "https://github.com/tkrebs/ep3-bs/releases/tag/1.8.0",
"refsource": "MISC",
"name": "https://github.com/tkrebs/ep3-bs/releases/tag/1.8.0"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
}
]
}

103
2022/4xxx/CVE-2022-4643.json
View File

@ -1,20 +1,42 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4643",
"TITLE": "docconv pdf_ocr.go ConvertPDFImages os command injection",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in docconv up to 1.2.0. It has been declared as critical. This vulnerability affects the function ConvertPDFImages of the file pdf_ocr.go. The manipulation of the argument path leads to os command injection. The attack can be initiated remotely. Upgrading to version 1.2.1 is able to address this issue. The name of the patch is b19021ade3d0b71c89d35cb00eb9e589a121faa5. It is recommended to upgrade the affected component. VDB-216502 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "In docconv bis 1.2.0 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Betroffen ist die Funktion ConvertPDFImages der Datei pdf_ocr.go. Dank der Manipulation des Arguments path mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Ein Aktualisieren auf die Version 1.2.1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als b19021ade3d0b71c89d35cb00eb9e589a121faa5 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"vendor_name": "n/a",
"product": {
"product_data": [
{
@ -22,22 +44,16 @@
"version": {
"version_data": [
{
"version_value": "1.2.1"
"version_value": "1.0",
"version_affected": "="
},
{
"version_value": "1.3.0"
"version_value": "1.1",
"version_affected": "="
},
{
"version_value": "1.3.1"
},
{
"version_value": "1.3.2"
},
{
"version_value": "1.3.3"
},
{
"version_value": "1.3.4"
"version_value": "1.2",
"version_affected": "="
}
]
}
@ -48,33 +64,6 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-78 OS Command Injection"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in docconv up to 1.3.4. It has been declared as critical. This vulnerability affects the function ConvertPDFImages of the file pdf_ocr.go. The manipulation of the argument path leads to os command injection. The attack can be initiated remotely. Upgrading to version 1.3.5 is able to address this issue. The name of the patch is b19021ade3d0b71c89d35cb00eb9e589a121faa5. It is recommended to upgrade the affected component. VDB-216502 is the identifier assigned to this vulnerability."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
@ -82,11 +71,6 @@
"refsource": "MISC",
"name": "https://github.com/sajari/docconv/pull/110"
},
{
"url": "https://github.com/sajari/docconv/releases/tag/v1.3.5",
"refsource": "MISC",
"name": "https://github.com/sajari/docconv/releases/tag/v1.3.5"
},
{
"url": "https://github.com/sajari/docconv/commit/b19021ade3d0b71c89d35cb00eb9e589a121faa5",
"refsource": "MISC",
@ -96,6 +80,27 @@
"url": "https://vuldb.com/?id.216502",
"refsource": "MISC",
"name": "https://vuldb.com/?id.216502"
},
{
"url": "https://github.com/sajari/docconv/releases/tag/v1.2.1",
"refsource": "MISC",
"name": "https://github.com/sajari/docconv/releases/tag/v1.2.1"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
}
]
}

18
2022/4xxx/CVE-2022-4732.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4732",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/4xxx/CVE-2022-4733.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4733",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}