diff --git a/2021/22xxx/CVE-2021-22141.json b/2021/22xxx/CVE-2021-22141.json index 1c01b577c1d..50db0a94b19 100644 --- a/2021/22xxx/CVE-2021-22141.json +++ b/2021/22xxx/CVE-2021-22141.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", "data_format": "MITRE", + "data_type": "CVE", "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@elastic.co", "ID": "CVE-2021-22141", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Elastic", + "product": { + "product_data": [ + { + "product_name": "Kibana", + "version": { + "version_data": [ + { + "version_value": "All versions of Kibana before 7.13.0 and 6.8.16." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-601: URL Redirection to Untrusted Site" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.elastic.co/community/security/", + "refsource": "MISC", + "name": "https://www.elastic.co/community/security/" + }, + { + "url": "https://discuss.elastic.co/t/elastic-stack-7-13-0-and-6-8-16-security-update/273964", + "refsource": "MISC", + "name": "https://discuss.elastic.co/t/elastic-stack-7-13-0-and-6-8-16-security-update/273964" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16. If a logged in user visits a maliciously crafted URL, it could result in Kibana redirecting the user to an arbitrary website." } ] } diff --git a/2021/31xxx/CVE-2021-31739.json b/2021/31xxx/CVE-2021-31739.json index c316f055840..e6decf30a2d 100644 --- a/2021/31xxx/CVE-2021-31739.json +++ b/2021/31xxx/CVE-2021-31739.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-31739", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-31739", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The SEPPmail solution is vulnerable to a Cross-Site Scripting vulnerability (XSS), because user input is not correctly encoded in HTML attributes when returned by the server.SEPPmail 11.1.10 allows XSS via a recipient address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.pentagrid.ch/en/blog/multiple-vulnerabilities-in-seppmail/", + "refsource": "MISC", + "name": "https://www.pentagrid.ch/en/blog/multiple-vulnerabilities-in-seppmail/" } ] } diff --git a/2021/37xxx/CVE-2021-37936.json b/2021/37xxx/CVE-2021-37936.json index 08d103b3061..97ce45dfde4 100644 --- a/2021/37xxx/CVE-2021-37936.json +++ b/2021/37xxx/CVE-2021-37936.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", "data_format": "MITRE", + "data_type": "CVE", "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@elastic.co", "ID": "CVE-2021-37936", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Elastic", + "product": { + "product_data": [ + { + "product_name": "Kibana", + "version": { + "version_data": [ + { + "version_value": "versions before 7.14.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.elastic.co/community/security/", + "refsource": "MISC", + "name": "https://www.elastic.co/community/security/" + }, + { + "url": "https://discuss.elastic.co/t/elastic-stack-7-14-1-security-update/283077", + "refsource": "MISC", + "name": "https://discuss.elastic.co/t/elastic-stack-7-14-1-security-update/283077" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "It was discovered that Kibana was not sanitizing document fields containing HTML snippets. Using this vulnerability, an attacker with the ability to write documents to an elasticsearch index could inject HTML. When the Discover app highlighted a search term containing the HTML, it would be rendered for the user." } ] } diff --git a/2022/31xxx/CVE-2022-31694.json b/2022/31xxx/CVE-2022-31694.json index 024397061e2..11ff6555f6f 100644 --- a/2022/31xxx/CVE-2022-31694.json +++ b/2022/31xxx/CVE-2022-31694.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-31694", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMware InstallBuilder", + "version": { + "version_data": [ + { + "version_value": "All InstallBuilder for Qt versions prior to version 22.10.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Uncontrolled Search Path Element" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.installbuilder.com/2022/11/installbuilder-22100-released.html", + "url": "https://blog.installbuilder.com/2022/11/installbuilder-22100-released.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "InstallBuilder Qt installers built with versions previous to 22.10 try to load DLLs from the installer binary parent directory when displaying popups. This may allow an attacker to plant a malicious DLL in the installer parent directory to allow executing code with the privileges of the installer (when the popup triggers the loading of the library). Exploiting these type of vulnerabilities generally require that an attacker has access to a vulnerable machine to plant the malicious DLL." } ] } diff --git a/2022/34xxx/CVE-2022-34827.json b/2022/34xxx/CVE-2022-34827.json index c16e30edc5c..a1a20dacfe8 100644 --- a/2022/34xxx/CVE-2022-34827.json +++ b/2022/34xxx/CVE-2022-34827.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-34827", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-34827", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Carel Boss Mini 1.5.0 has Improper Access Control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/mandiant/Vulnerability-Disclosures", + "refsource": "MISC", + "name": "https://github.com/mandiant/Vulnerability-Disclosures" + }, + { + "refsource": "MISC", + "name": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0040/MNDT-2022-0040.md", + "url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0040/MNDT-2022-0040.md" } ] } diff --git a/2022/38xxx/CVE-2022-38871.json b/2022/38xxx/CVE-2022-38871.json index 332a7fd63aa..e85fcb24c49 100644 --- a/2022/38xxx/CVE-2022-38871.json +++ b/2022/38xxx/CVE-2022-38871.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-38871", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-38871", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Free5gc v3.0.5, the AMF breaks due to malformed NAS messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/free5gc/free5gc/issues/198", + "refsource": "MISC", + "name": "https://github.com/free5gc/free5gc/issues/198" } ] } diff --git a/2022/40xxx/CVE-2022-40698.json b/2022/40xxx/CVE-2022-40698.json index 11e6428593e..24ea5109558 100644 --- a/2022/40xxx/CVE-2022-40698.json +++ b/2022/40xxx/CVE-2022-40698.json @@ -1,18 +1,100 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-10-21T13:24:00.000Z", "ID": "CVE-2022-40698", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress Quiz And Survey Master plugin <= 7.3.10 - Cross-Site Scripting (XSS) vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Quiz And Survey Master (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 7.3.10", + "version_value": "7.3.10" + } + ] + } + } + ] + }, + "vendor_name": "ExpressTech" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Thura Moe Myint (Patchstack Alliance)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-7-3-10-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-7-3-10-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to 7.3.11 or higher version." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41839.json b/2022/41xxx/CVE-2022-41839.json index 1321905fe4d..ef7d721fbaf 100644 --- a/2022/41xxx/CVE-2022-41839.json +++ b/2022/41xxx/CVE-2022-41839.json @@ -1,18 +1,100 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-11-07T13:59:00.000Z", "ID": "CVE-2022-41839", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress LoginPress plugin <= 1.6.2 - Broken Access Control vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "LoginPress | Custom Login Page Customizer (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 1.6.2", + "version_value": "1.6.2" + } + ] + } + } + ] + }, + "vendor_name": "WPBrigade" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Nguyen Anh Tien (Patchstack Alliance)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Broken Access Control vulnerability in WordPress LoginPress plugin <= 1.6.2 on WordPress leading to unauth. changing of Opt-In or Opt-Out tracking settings." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-264 Permissions, Privileges, and Access Controls" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://patchstack.com/database/vulnerability/loginpress/wordpress-loginpress-plugin-1-6-2-broken-access-control-vulnerability?_s_id=cve", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/loginpress/wordpress-loginpress-plugin-1-6-2-broken-access-control-vulnerability?_s_id=cve" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to 1.6.3 or a higher version." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41880.json b/2022/41xxx/CVE-2022-41880.json index a54f941a323..3d7059ed843 100644 --- a/2022/41xxx/CVE-2022-41880.json +++ b/2022/41xxx/CVE-2022-41880.json @@ -41,7 +41,7 @@ "description_data": [ { "lang": "eng", - "value": "TensorFlow is an open source platform for machine learning. When the `BaseCandidateSamplerOp` function receives a value in `true_classes` larger than `range_max`, a heap oob read occurs. We have patched the issue in GitHub commit b389f5c944cadfdfe599b3f1e4026e036f30d2d4. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range." + "value": "TensorFlow is an open source platform for machine learning. When the `BaseCandidateSamplerOp` function receives a value in `true_classes` larger than `range_max`, a heap oob read occurs. We have patched the issue in GitHub commit b389f5c944cadfdfe599b3f1e4026e036f30d2d4. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range." } ] }, diff --git a/2022/41xxx/CVE-2022-41883.json b/2022/41xxx/CVE-2022-41883.json index 205e1084e94..3ca74ae1da9 100644 --- a/2022/41xxx/CVE-2022-41883.json +++ b/2022/41xxx/CVE-2022-41883.json @@ -41,7 +41,7 @@ "description_data": [ { "lang": "eng", - "value": "TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing number of inputs, the executor will crash. We have patched the issue in GitHub commit f5381e0e10b5a61344109c1b7c174c68110f7629. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.\n" + "value": "TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing number of inputs, the executor will crash. We have patched the issue in GitHub commit f5381e0e10b5a61344109c1b7c174c68110f7629. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range." } ] }, diff --git a/2022/41xxx/CVE-2022-41884.json b/2022/41xxx/CVE-2022-41884.json index 6905ca712fb..b58cb6bcfe5 100644 --- a/2022/41xxx/CVE-2022-41884.json +++ b/2022/41xxx/CVE-2022-41884.json @@ -41,7 +41,7 @@ "description_data": [ { "lang": "eng", - "value": "TensorFlow is an open source platform for machine learning. If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. We have patched the issue in GitHub commit 2b56169c16e375c521a3bc8ea658811cc0793784. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.\n" + "value": "TensorFlow is an open source platform for machine learning. If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. We have patched the issue in GitHub commit 2b56169c16e375c521a3bc8ea658811cc0793784. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range." } ] }, diff --git a/2022/41xxx/CVE-2022-41885.json b/2022/41xxx/CVE-2022-41885.json index a18234c744b..55af8da813f 100644 --- a/2022/41xxx/CVE-2022-41885.json +++ b/2022/41xxx/CVE-2022-41885.json @@ -41,7 +41,7 @@ "description_data": [ { "lang": "eng", - "value": "TensorFlow is an open source platform for machine learning. When `tf.raw_ops.FusedResizeAndPadConv2D` is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.\n" + "value": "TensorFlow is an open source platform for machine learning. When `tf.raw_ops.FusedResizeAndPadConv2D` is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range." } ] }, diff --git a/2022/41xxx/CVE-2022-41886.json b/2022/41xxx/CVE-2022-41886.json index f3132710676..724e590a627 100644 --- a/2022/41xxx/CVE-2022-41886.json +++ b/2022/41xxx/CVE-2022-41886.json @@ -41,7 +41,7 @@ "description_data": [ { "lang": "eng", - "value": "TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ImageProjectiveTransformV2` is given a large output shape, it overflows. We have patched the issue in GitHub commit 8faa6ea692985dbe6ce10e1a3168e0bd60a723ba. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.\n" + "value": "TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ImageProjectiveTransformV2` is given a large output shape, it overflows. We have patched the issue in GitHub commit 8faa6ea692985dbe6ce10e1a3168e0bd60a723ba. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range." } ] }, diff --git a/2022/41xxx/CVE-2022-41889.json b/2022/41xxx/CVE-2022-41889.json index 28aa572bfe0..8addf68e533 100644 --- a/2022/41xxx/CVE-2022-41889.json +++ b/2022/41xxx/CVE-2022-41889.json @@ -75,6 +75,11 @@ }, "references": { "reference_data": [ + { + "name": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/generate_box_proposals_op.cu.cc", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/generate_box_proposals_op.cu.cc" + }, { "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xxcj-rhqg-m46g", "refsource": "CONFIRM", @@ -84,11 +89,6 @@ "name": "https://github.com/tensorflow/tensorflow/commit/e9e95553e5411834d215e6770c81a83a3d0866ce", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/e9e95553e5411834d215e6770c81a83a3d0866ce" - }, - { - "name": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/generate_box_proposals_op.cu.cc", - "refsource": "MISC", - "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/generate_box_proposals_op.cu.cc" } ] }, diff --git a/2022/41xxx/CVE-2022-41894.json b/2022/41xxx/CVE-2022-41894.json index 84b356e2110..6dea6b28d3f 100644 --- a/2022/41xxx/CVE-2022-41894.json +++ b/2022/41xxx/CVE-2022-41894.json @@ -41,7 +41,7 @@ "description_data": [ { "lang": "eng", - "value": "TensorFlow is an open source platform for machine learning. The reference kernel of the `CONV_3D_TRANSPOSE` TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result. Instead of `data_ptr += num_channels;` it should be `data_ptr += output_num_channels;` as if the number of input channels is different than the number of output channels, the wrong result will be returned and a buffer overflow will occur if num_channels > output_num_channels. An attacker can craft a model with a specific number of input channels. It is then possible to write specific values through the bias of the layer outside the bounds of the buffer. This attack only works if the reference kernel resolver is used in the interpreter. We have patched the issue in GitHub commit 72c0bdcb25305b0b36842d746cc61d72658d2941. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.\n" + "value": "TensorFlow is an open source platform for machine learning. The reference kernel of the `CONV_3D_TRANSPOSE` TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result. Instead of `data_ptr += num_channels;` it should be `data_ptr += output_num_channels;` as if the number of input channels is different than the number of output channels, the wrong result will be returned and a buffer overflow will occur if num_channels > output_num_channels. An attacker can craft a model with a specific number of input channels. It is then possible to write specific values through the bias of the layer outside the bounds of the buffer. This attack only works if the reference kernel resolver is used in the interpreter. We have patched the issue in GitHub commit 72c0bdcb25305b0b36842d746cc61d72658d2941. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range." } ] }, diff --git a/2022/41xxx/CVE-2022-41895.json b/2022/41xxx/CVE-2022-41895.json index bd591c4a604..1e7079c7d9d 100644 --- a/2022/41xxx/CVE-2022-41895.json +++ b/2022/41xxx/CVE-2022-41895.json @@ -75,6 +75,11 @@ }, "references": { "reference_data": [ + { + "name": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/mirror_pad_op.cc", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/mirror_pad_op.cc" + }, { "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gq2j-cr96-gvqx", "refsource": "CONFIRM", @@ -84,11 +89,6 @@ "name": "https://github.com/tensorflow/tensorflow/commit/717ca98d8c3bba348ff62281fdf38dcb5ea1ec92", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/717ca98d8c3bba348ff62281fdf38dcb5ea1ec92" - }, - { - "name": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/mirror_pad_op.cc", - "refsource": "MISC", - "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/mirror_pad_op.cc" } ] }, diff --git a/2022/41xxx/CVE-2022-41897.json b/2022/41xxx/CVE-2022-41897.json index 934e2cd2268..0b8a2d0b477 100644 --- a/2022/41xxx/CVE-2022-41897.json +++ b/2022/41xxx/CVE-2022-41897.json @@ -41,7 +41,7 @@ "description_data": [ { "lang": "eng", - "value": "TensorFlow is an open source platform for machine learning. If `FractionMaxPoolGrad` is given outsize inputs `row_pooling_sequence` and `col_pooling_sequence`, TensorFlow will crash. We have patched the issue in GitHub commit d71090c3e5ca325bdf4b02eb236cfb3ee823e927. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.\n" + "value": "TensorFlow is an open source platform for machine learning. If `FractionMaxPoolGrad` is given outsize inputs `row_pooling_sequence` and `col_pooling_sequence`, TensorFlow will crash. We have patched the issue in GitHub commit d71090c3e5ca325bdf4b02eb236cfb3ee823e927. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range." } ] }, diff --git a/2022/41xxx/CVE-2022-41898.json b/2022/41xxx/CVE-2022-41898.json index d67518cb95d..06bc9580ce8 100644 --- a/2022/41xxx/CVE-2022-41898.json +++ b/2022/41xxx/CVE-2022-41898.json @@ -41,7 +41,7 @@ "description_data": [ { "lang": "eng", - "value": "TensorFlow is an open source platform for machine learning. If `SparseFillEmptyRowsGrad` is given empty inputs, TensorFlow will crash. We have patched the issue in GitHub commit af4a6a3c8b95022c351edae94560acc61253a1b8. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.\n" + "value": "TensorFlow is an open source platform for machine learning. If `SparseFillEmptyRowsGrad` is given empty inputs, TensorFlow will crash. We have patched the issue in GitHub commit af4a6a3c8b95022c351edae94560acc61253a1b8. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range." } ] }, diff --git a/2022/41xxx/CVE-2022-41900.json b/2022/41xxx/CVE-2022-41900.json index b6568d30d21..2282219cf47 100644 --- a/2022/41xxx/CVE-2022-41900.json +++ b/2022/41xxx/CVE-2022-41900.json @@ -41,7 +41,7 @@ "description_data": [ { "lang": "eng", - "value": "TensorFlow is an open source platform for machine learning. The security vulnerability results in FractionalMax(AVG)Pool with illegal pooling_ratio. Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or remote code execution. We have patched the issue in GitHub commit 216525144ee7c910296f5b05d214ca1327c9ce48. The fix will be included in TensorFlow 2.11.0. We will also cherry pick this commit on TensorFlow 2.10.1.\n" + "value": "TensorFlow is an open source platform for machine learning. The security vulnerability results in FractionalMax(AVG)Pool with illegal pooling_ratio. Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or remote code execution. We have patched the issue in GitHub commit 216525144ee7c910296f5b05d214ca1327c9ce48. The fix will be included in TensorFlow 2.11.0. We will also cherry pick this commit on TensorFlow 2.10.1." } ] }, diff --git a/2022/41xxx/CVE-2022-41911.json b/2022/41xxx/CVE-2022-41911.json index f569250861c..9d2a27c70fa 100644 --- a/2022/41xxx/CVE-2022-41911.json +++ b/2022/41xxx/CVE-2022-41911.json @@ -41,7 +41,7 @@ "description_data": [ { "lang": "eng", - "value": "TensorFlow is an open source platform for machine learning. When printing a tensor, we get it's data as a `const char*` array (since that's the underlying storage) and then we typecast it to the element type. However, conversions from `char` to `bool` are undefined if the `char` is not `0` or `1`, so sanitizers/fuzzers will crash. The issue has been patched in GitHub commit `1be74370327`. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.10.1, TensorFlow 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.\n" + "value": "TensorFlow is an open source platform for machine learning. When printing a tensor, we get it's data as a `const char*` array (since that's the underlying storage) and then we typecast it to the element type. However, conversions from `char` to `bool` are undefined if the `char` is not `0` or `1`, so sanitizers/fuzzers will crash. The issue has been patched in GitHub commit `1be74370327`. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.10.1, TensorFlow 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range." } ] }, diff --git a/2022/42xxx/CVE-2022-42883.json b/2022/42xxx/CVE-2022-42883.json index a23fe02826e..7ee096bc974 100644 --- a/2022/42xxx/CVE-2022-42883.json +++ b/2022/42xxx/CVE-2022-42883.json @@ -1,18 +1,100 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-10-21T13:07:00.000Z", "ID": "CVE-2022-42883", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress Quiz And Survey Master plugin <= 7.3.10 - Sensitive Information Disclosure vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Quiz And Survey Master (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 7.3.10", + "version_value": "7.3.10" + } + ] + } + } + ] + }, + "vendor_name": "ExpressTech" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Thura Moe Myint (Patchstack Red Team project)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sensitive Information Disclosure vulnerability discovered by Quiz And Survey Master plugin <= 7.3.10 on WordPress." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Information Exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-7-3-10-sensitive-information-disclosure-vulnerability?_s_id=cve", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-7-3-10-sensitive-information-disclosure-vulnerability?_s_id=cve" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to 7.3.11 or higher version." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/44xxx/CVE-2022-44634.json b/2022/44xxx/CVE-2022-44634.json index 63d72aa8bde..4bccd574b70 100644 --- a/2022/44xxx/CVE-2022-44634.json +++ b/2022/44xxx/CVE-2022-44634.json @@ -1,18 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-11-10T10:26:00.000Z", "ID": "CVE-2022-44634", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress S2W \u2013 Import Shopify to WooCommerce plugin <= 1.1.12 - Auth. Arbitrary File Read vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "S2W \u2013 Import Shopify to WooCommerce (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 1.1.12", + "version_value": "1.1.12" + } + ] + } + } + ] + }, + "vendor_name": "VillaTheme" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Tomasz Staszyszyn (Patchstack Alliance)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Auth. (admin+) Arbitrary File Read vulnerability in S2W \u2013 Import Shopify to WooCommerce plugin <= 1.1.12 on WordPress." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Local File Inclusion (LFI)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://patchstack.com/database/vulnerability/import-shopify-to-woocommerce/wordpress-s2w-import-shopify-to-woocommerce-plugin-1-1-12-auth-local-file-inclusion-lfi-vulnerability?_s_id=cve", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/import-shopify-to-woocommerce/wordpress-s2w-import-shopify-to-woocommerce-plugin-1-1-12-auth-local-file-inclusion-lfi-vulnerability?_s_id=cve" + }, + { + "name": "https://wordpress.org/plugins/import-shopify-to-woocommerce/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/import-shopify-to-woocommerce/#developers" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to 1.1.13 or a higher version." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/45xxx/CVE-2022-45073.json b/2022/45xxx/CVE-2022-45073.json index 4f183a1a519..5dd97663757 100644 --- a/2022/45xxx/CVE-2022-45073.json +++ b/2022/45xxx/CVE-2022-45073.json @@ -1,18 +1,100 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-11-09T14:36:00.000Z", "ID": "CVE-2022-45073", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress REST API Authentication plugin <= 2.4.0 - Cross-Site Request Forgery (CSRF) vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WordPress REST API Authentication (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 2.4.0", + "version_value": "2.4.0" + } + ] + } + } + ] + }, + "vendor_name": "miniOrange" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Lana Codes (Patchstack Alliance)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in REST API Authentication plugin <= 2.4.0 on WordPress." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://patchstack.com/database/vulnerability/wp-rest-api-authentication/wordpress-rest-api-authentication-plugin-2-4-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/wp-rest-api-authentication/wordpress-rest-api-authentication-plugin-2-4-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to 2.4.1 or higher version." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/45xxx/CVE-2022-45082.json b/2022/45xxx/CVE-2022-45082.json index 58e224bd71e..aea83ee357b 100644 --- a/2022/45xxx/CVE-2022-45082.json +++ b/2022/45xxx/CVE-2022-45082.json @@ -1,18 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-09-29T14:00:00.000Z", "ID": "CVE-2022-45082", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress Accordions plugin <= 2.0.3 - Multiple Auth. Stored Cross-Site Scripting (XSS) vulnerabilities" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Accordions \u2013 Multiple Accordions or FAQs Builder (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 2.0.3", + "version_value": "2.0.3" + } + ] + } + } + ] + }, + "vendor_name": "Biplob Adhikari" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Vlad Vector (Patchstack)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilities in Accordions plugin <= 2.0.3 on WordPress via &addons-style-name and &accordions_or_faqs_license_key." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.4, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/accordions-or-faqs/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/accordions-or-faqs/#developers" + }, + { + "name": "https://patchstack.com/database/vulnerability/accordions-or-faqs/wordpress-accordions-plugin-2-0-3-multiple-auth-stored-cross-site-scripting-xss-vulnerabilities?_s_id=cve", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/accordions-or-faqs/wordpress-accordions-plugin-2-0-3-multiple-auth-stored-cross-site-scripting-xss-vulnerabilities?_s_id=cve" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to 2.1.0 or higher version." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/45xxx/CVE-2022-45132.json b/2022/45xxx/CVE-2022-45132.json index 40bca8bdf4c..6a0d35173bc 100644 --- a/2022/45xxx/CVE-2022-45132.json +++ b/2022/45xxx/CVE-2022-45132.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-45132", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-45132", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger remote code execution in the LAVA server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://podalirius.net/en/articles/python-vulnerabilities-code-execution-in-jinja-templates/", + "refsource": "MISC", + "name": "https://podalirius.net/en/articles/python-vulnerabilities-code-execution-in-jinja-templates/" + }, + { + "refsource": "MISC", + "name": "https://lists.lavasoftware.org/archives/list/lava-announce@lists.lavasoftware.org/thread/WHXGQMIZAPW3GCQEXYHC32N2ZAAAIYCY/", + "url": "https://lists.lavasoftware.org/archives/list/lava-announce@lists.lavasoftware.org/thread/WHXGQMIZAPW3GCQEXYHC32N2ZAAAIYCY/" } ] } diff --git a/2022/45xxx/CVE-2022-45369.json b/2022/45xxx/CVE-2022-45369.json index f178f94c6c3..d672aabb854 100644 --- a/2022/45xxx/CVE-2022-45369.json +++ b/2022/45xxx/CVE-2022-45369.json @@ -1,18 +1,100 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-11-18T11:03:00.000Z", "ID": "CVE-2022-45369", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress Plugin for Google Reviews plugin <= 2.2.2 - Auth. Broken Access Control vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Plugin for Google Reviews (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 2.2.2", + "version_value": "2.2.2" + } + ] + } + } + ] + }, + "vendor_name": "RichPlugins" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Tien Nguyen Anh (Patchstack Alliance)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Auth. (subscriber+) Broken Access Control vulnerability in Plugin for Google Reviews plugin <= 2.2.2 on WordPress." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-264 Permissions, Privileges, and Access Controls" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://patchstack.com/database/vulnerability/widget-google-reviews/wordpress-plugin-for-google-reviews-plugin-2-2-2-auth-broken-access-control-vulnerability?_s_id=cve", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/widget-google-reviews/wordpress-plugin-for-google-reviews-plugin-2-2-2-auth-broken-access-control-vulnerability?_s_id=cve" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to 2.2.3 or higher version." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/45xxx/CVE-2022-45475.json b/2022/45xxx/CVE-2022-45475.json new file mode 100644 index 00000000000..d40d58b3ab2 --- /dev/null +++ b/2022/45xxx/CVE-2022-45475.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-45475", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/45xxx/CVE-2022-45476.json b/2022/45xxx/CVE-2022-45476.json new file mode 100644 index 00000000000..656f409ce4f --- /dev/null +++ b/2022/45xxx/CVE-2022-45476.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-45476", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file