admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-04-25 17:01:29 +00:00
parent 2f6723660b
commit 772c81b8d7
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
8 changed files with 461 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

85
2022/0xxx/CVE-2022-0477.json
View File

@ -4,15 +4,92 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-0477",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=11.9, <14.5.4"
},
{
"version_value": ">=14.6.0, <14.6.4"
},
{
"version_value": ">=14.7.0, <14.7.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Uncontrolled resource consumption in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/348166",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/348166",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0477.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0477.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue has been discovered in GitLab affecting all versions starting from 11.9 before 14.5.4, all versions starting from 14.6.0 before 14.6.4, all versions starting from 14.7.0 before 14.7.1. GitLab was not correctly handling bulk requests to delete existing packages from the package registries which could result in a Denial of Service under specific conditions."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
}
},
"credit": [
{
"lang": "eng",
"value": "This vulnerability has been discovered internally by the GitLab team"
}
]
}

55
2022/1xxx/CVE-2022-1441.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1441",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "gpac",
"version": {
"version_data": [
{
"version_value": "gpac 2.0.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/gpac/gpac/issues/2175",
"url": "https://github.com/gpac/gpac/issues/2175"
},
{
"refsource": "MISC",
"name": "https://github.com/gpac/gpac/commit/3dbe11b37d65c8472faf0654410068e5500b3adb",
"url": "https://github.com/gpac/gpac/commit/3dbe11b37d65c8472faf0654410068e5500b3adb"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When MP4Box tries to parse a MP4 file, it calls the function `diST_box_read()` to read from video. In this function, it allocates a buffer `str` with fixed length. However, content read from `bs` is controllable by user, so is the length, which causes a buffer overflow."
}
]
}

2
2022/27xxx/CVE-2022-27862.json
View File

@ -44,7 +44,7 @@
"description_data": [
{
"lang": "eng",
"value": "Sensitive Information Exposure in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 on WordPress allows attackers to upload and execute dangerous file types (e.g. PHP shell) via the signature upload on the booking form."
"value": "Arbitrary File Upload leading to RCE in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 on WordPress allows attackers to upload and execute dangerous file types (e.g. PHP shell) via the signature upload on the booking form."
}
]
},

50
2022/28xxx/CVE-2022-28290.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-28290",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclose@cybersecurityworks.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "WordPress Country Selector Plugin",
"version": {
"version_data": [
{
"version_value": "Version 1.6.5"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://cybersecurityworks.com/zerodays/cve-2022-28290-reflected-cross-site-scripting-in-welaunch.html",
"url": "https://cybersecurityworks.com/zerodays/cve-2022-28290-reflected-cross-site-scripting-in-welaunch.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1.6.5. The XSS payload executes whenever the user tries to access the country selector page with the specified payload as a part of the HTTP request"
}
]
}

7
2022/28xxx/CVE-2022-28871.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant before 2022-04-12_01 whereby the fsicapd component used in certain F-Secure products while scanning larger packages/fuzzed files consume too much memory eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker."
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the fsicapd component used in certain F-Secure products while scanning larger packages/fuzzed files consume too much memory eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker."
}
]
},
@ -77,11 +77,6 @@
"refsource": "MISC",
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2022-28871",
"name": "https://www.withsecure.com/en/support/security-advisories/cve-2022-28871"
},
{
"refsource": "MISC",
"name": "https://www.f-secure.com/en/home/support/security-advisories/cve-2022-28871",
"url": "https://www.f-secure.com/en/home/support/security-advisories/cve-2022-28871"
}
]
},

99
2022/29xxx/CVE-2022-29417.json
View File

@ -1,18 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-04-25T10:45:00.000Z",
"ID": "CVE-2022-29417",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress ShortPixel Adaptive Images plugin <= 3.3.1 - Subscriber+ Plugin Settings Update vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ShortPixel Adaptive Images (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 3.3.1",
"version_value": "3.3.1"
}
]
}
}
]
},
"vendor_name": "ShortPixel"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Tien Nguyen Anh (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Plugin Settings Update vulnerability in ShortPixel's ShortPixel Adaptive Images plugin <= 3.3.1 at WordPress allows an attacker with a low user role like a subscriber or higher to change the plugin settings."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/shortpixel-adaptive-images/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/shortpixel-adaptive-images/#developers"
},
{
"name": "https://patchstack.com/database/vulnerability/shortpixel-adaptive-images/wordpress-shortpixel-adaptive-images-plugin-3-3-1-subscriber-plugin-settings-update-vulnerability",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/shortpixel-adaptive-images/wordpress-shortpixel-adaptive-images-plugin-3-3-1-subscriber-plugin-settings-update-vulnerability"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to 3.4.0 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

99
2022/29xxx/CVE-2022-29418.json
View File

@ -1,18 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-04-25T09:42:00.000Z",
"ID": "CVE-2022-29418",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress Night Mode plugin <= 1.0.0 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Night Mode (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 1.0.0",
"version_value": "1.0.0"
}
]
}
}
]
},
"vendor_name": "Mark Daniels"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Ex.Mi (Patchstack)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) in Mark Daniels Night Mode plugin <= 1.0.0 on WordPress via vulnerable parameters: &ntmode_page_setting[enable-me], &ntmode_page_setting[bg-color], &ntmode_page_setting[txt-color], &ntmode_page_setting[anc_color]."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/night-mode/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/night-mode/#developers"
},
{
"name": "https://patchstack.com/database/vulnerability/night-mode/wordpress-night-mode-plugin-1-0-0-authenticated-persistent-cross-site-scripting-xss-vulnerability",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/night-mode/wordpress-night-mode-plugin-1-0-0-authenticated-persistent-cross-site-scripting-xss-vulnerability"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to 1.4.0 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

99
2022/29xxx/CVE-2022-29419.json
View File

@ -1,18 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-04-25T11:34:00.000Z",
"ID": "CVE-2022-29419",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress 3xSocializer plugin <= 0.98.22 - Authenticated SQL Injection (SQLi) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "3xSocializer (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 0.98.22",
"version_value": "0.98.22"
}
]
}
}
]
},
"vendor_name": "Don Crowther"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Lenon Leite (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL Injection (SQLi) vulnerability in Don Crowther's 3xSocializer plugin <= 0.98.22 at WordPress possible for users with a low role like a subscriber or higher."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/3xsocializer/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/3xsocializer/"
},
{
"name": "https://patchstack.com/database/vulnerability/3xsocializer/wordpress-3xsocializer-plugin-0-98-22-authenticated-sql-injection-sqli-vulnerability",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/3xsocializer/wordpress-3xsocializer-plugin-0-98-22-authenticated-sql-injection-sqli-vulnerability"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Deactivate and delete. No patched version is available. This plugin hasn\u2019t been tested with the latest 3 major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress. The last plugin version was released in the 2012 year."
}
],
"source": {
"discovery": "EXTERNAL"
}
}