admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-09-16 20:00:35 +00:00
parent ba940e527c
commit 813632b575
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
4 changed files with 104 additions and 131 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

121
2017/20xxx/CVE-2017-20047.json
View File

@ -4,129 +4,14 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-20047",
"TITLE": "AXIS P1204/P3225/P3367/M3045/M3005/M3007 cross site scripting",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "product-security@axis.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "AXIS",
"product": {
"product_data": [
{
"product_name": "P1204",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "P3225",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "P3367",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "M3045",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "M3005",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "M3007",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting"
}
]
}
]
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as problematic was found in AXIS P1204, P3225, P3367, M3045, M3005 and M3007. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component."
}
]
},
"credit": "David Wearing",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "4.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
}
},
"references": {
"reference_data": [
{
"url": "http://seclists.org/fulldisclosure/2017/Mar/41",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2017/Mar/41"
},
{
"url": "https://seclists.org/fulldisclosure/2017/Mar/41",
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2017/Mar/41"
},
{
"url": "https://vuldb.com/?id.98911",
"refsource": "MISC",
"name": "https://vuldb.com/?id.98911"
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This CVE has been rejected as out of scope in accordance to the Vulnerability Policy of Axis: https://www.axis.com/dam/public/76/fe/26/axis-vulnerability-management-policy-en-US-375421.pdf. Notes: none."
}
]
}

56
2020/25xxx/CVE-2020-25491.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25491",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-25491",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "6Kare Emakin 5.0.341.0 is affected by Cross Site Scripting (XSS) via the /rpc/membership/setProfile DisplayName field, which is mishandled when rendering the Activity Stream page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://gist.github.com/mhmtayberk/969add4b6c77f122a3a3a0cb00e2975b",
"url": "https://gist.github.com/mhmtayberk/969add4b6c77f122a3a3a0cb00e2975b"
}
]
}

2
2022/35xxx/CVE-2022-35952.json
View File

@ -41,7 +41,7 @@
"description_data": [
{
"lang": "eng",
"value": "TensorFlow is an open source platform for machine learning. The `UnbatchGradOp` function takes an argument `id` that is assumed to be a scalar. A nonscalar `id` can trigger a `CHECK` failure and crash the program. It also requires its argument `batch_index` to contain three times the number of elements as indicated in its `batch_index.dim_size(0)`. An incorrect `batch_index` can trigger a `CHECK` failure and crash the program. We have patched the issue in GitHub commit 5f945fc6409a3c1e90d6970c9292f805f6e6ddf2. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.\n"
"value": "TensorFlow is an open source platform for machine learning. The `UnbatchGradOp` function takes an argument `id` that is assumed to be a scalar. A nonscalar `id` can trigger a `CHECK` failure and crash the program. It also requires its argument `batch_index` to contain three times the number of elements as indicated in its `batch_index.dim_size(0)`. An incorrect `batch_index` can trigger a `CHECK` failure and crash the program. We have patched the issue in GitHub commit 5f945fc6409a3c1e90d6970c9292f805f6e6ddf2. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue."
}
]
},

56
2022/38xxx/CVE-2022-38611.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-38611",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-38611",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Incorrect access control in Watchdog Anti-Virus v1.4.158 allows attackers to perform a DLL hijacking attack and execute arbitrary code via a crafted binary."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gist.github.com/dru1d-foofus/835423de77c3522d53b9e7bdf5a28dfe",
"refsource": "MISC",
"name": "https://gist.github.com/dru1d-foofus/835423de77c3522d53b9e7bdf5a28dfe"
}
]
}