admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-06-23 16:47:00 +00:00
parent 2d94f13633
commit 8612d3a02f
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
85 changed files with 1842 additions and 769 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
2021/41xxx/CVE-2021-41432.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-41432",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-41432",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A stored cross-site scripting (XSS) vulnerability exists in FlatPress 1.2.1 that allows for arbitrary execution of JavaScript commands through blog content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/flatpressblog/flatpress/issues/88",
"refsource": "MISC",
"name": "https://github.com/flatpressblog/flatpress/issues/88"
}
]
}

188
2022/23xxx/CVE-2022-23077.json
View File

@ -1,87 +1,109 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vulnerabilitylab@mend.io",
"ID" : "CVE-2022-23077",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "Jan 11, 2022, 3:10:07 PM",
"TITLE" : "Habitica - DOM XSS in login page"
},
"affects" : {
"vendor" : {
"vendor_data" : [ {
"vendor_name" : "habitica",
"product" : {
"product_data" : [ {
"product_name" : "habitica",
"version" : {
"version_data" : [ {
"version_value" : "v4.119.1",
"version_affected" : ">="
}, {
"version_value" : "v4.232.2",
"version_affected" : "<="
} ]
}
} ]
"CVE_data_meta": {
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"ID": "CVE-2022-23077",
"STATE": "PUBLIC",
"DATE_PUBLIC": "Jan 11, 2022, 3:10:07 PM",
"TITLE": "Habitica - DOM XSS in login page"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "habitica",
"product": {
"product_data": [
{
"product_name": "habitica",
"version": {
"version_data": [
{
"version_value": "v4.119.1",
"version_affected": ">="
},
{
"version_value": "v4.232.2",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
} ]
},
"credit": [
{
"lang": "eng",
"value": "Mend Vulnerability Research Team (MVR)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In habitica versions v4.119.0 through v4.232.2 are vulnerable to DOM XSS via the login page."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"version": 3.1,
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.mend.io/vulnerability-database/CVE-2022-23077",
"name": "https://www.mend.io/vulnerability-database/CVE-2022-23077"
},
{
"refsource": "MISC",
"url": "https://github.com/HabitRPG/habitica/commit/5bcfdbe066e8c899f3ecf3fdcdbacc2ecba7f02f",
"name": "https://github.com/HabitRPG/habitica/commit/5bcfdbe066e8c899f3ecf3fdcdbacc2ecba7f02f"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update version to v4.233.0 or later"
}
],
"source": {
"advisory": "https://www.mend.io/vulnerability-database/",
"discovery": "UNKNOWN"
}
},
"credit" : [ {
"lang" : "eng",
"value" : "Mend Vulnerability Research Team (MVR)"
} ],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [ {
"lang" : "eng",
"value" : "In habitica versions v4.119.0 through v4.232.2 are vulnerable to DOM XSS via the login page."
} ]
},
"generator" : {
"engine" : "Vulnogram 0.0.9"
},
"impact" : {
"cvss" : {
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"confidentialityImpact" : "LOW",
"integrityImpact" : "LOW",
"privilegesRequired" : "NONE",
"scope" : "CHANGED",
"userInteraction" : "REQUIRED",
"version" : 3.1,
"baseScore" : 6.1,
"baseSeverity" : "MEDIUM"
}
},
"references" : {
"reference_data" : [ {
"refsource" : "MISC",
"url" : "https://www.mend.io/vulnerability-database/CVE-2022-23077"
}, {
"refsource" : "CONFIRM",
"url" : "https://github.com/HabitRPG/habitica/commit/5bcfdbe066e8c899f3ecf3fdcdbacc2ecba7f02f"
} ]
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "eng",
"value" : "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
} ]
} ]
},
"solution" : [ {
"lang" : "eng",
"value" : "Update version to v4.233.0 or later"
} ],
"source" : {
"advisory" : "https://www.mend.io/vulnerability-database/",
"discovery" : "UNKNOWN"
}
}

188
2022/23xxx/CVE-2022-23078.json
View File

@ -1,87 +1,109 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vulnerabilitylab@mend.io",
"ID" : "CVE-2022-23078",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "Jan 11, 2022, 3:10:07 PM",
"TITLE" : "Habitica - Open redirect in login page"
},
"affects" : {
"vendor" : {
"vendor_data" : [ {
"vendor_name" : "habitica",
"product" : {
"product_data" : [ {
"product_name" : "habitica",
"version" : {
"version_data" : [ {
"version_value" : "v4.119.1",
"version_affected" : ">="
}, {
"version_value" : "v4.232.2",
"version_affected" : "<="
} ]
}
} ]
"CVE_data_meta": {
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"ID": "CVE-2022-23078",
"STATE": "PUBLIC",
"DATE_PUBLIC": "Jan 11, 2022, 3:10:07 PM",
"TITLE": "Habitica - Open redirect in login page"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "habitica",
"product": {
"product_data": [
{
"product_name": "habitica",
"version": {
"version_data": [
{
"version_value": "v4.119.1",
"version_affected": ">="
},
{
"version_value": "v4.232.2",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
} ]
},
"credit": [
{
"lang": "eng",
"value": "Mend Vulnerability Research Team (MVR)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In habitica versions v4.119.0 through v4.232.2 are vulnerable to open redirect via the login page."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"version": 3.1,
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://github.com/HabitRPG/habitica/commit/5bcfdbe066e8c899f3ecf3fdcdbacc2ecba7f02f",
"name": "https://github.com/HabitRPG/habitica/commit/5bcfdbe066e8c899f3ecf3fdcdbacc2ecba7f02f"
},
{
"refsource": "MISC",
"url": "https://www.mend.io/vulnerability-database/CVE-2022-23078",
"name": "https://www.mend.io/vulnerability-database/CVE-2022-23078"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')"
}
]
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update version to v4.233.0 or later"
}
],
"source": {
"advisory": "https://www.mend.io/vulnerability-database/",
"discovery": "UNKNOWN"
}
},
"credit" : [ {
"lang" : "eng",
"value" : "Mend Vulnerability Research Team (MVR)"
} ],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [ {
"lang" : "eng",
"value" : "In habitica versions v4.119.0 through v4.232.2 are vulnerable to open redirect via the login page."
} ]
},
"generator" : {
"engine" : "Vulnogram 0.0.9"
},
"impact" : {
"cvss" : {
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"confidentialityImpact" : "LOW",
"integrityImpact" : "LOW",
"privilegesRequired" : "NONE",
"scope" : "CHANGED",
"userInteraction" : "REQUIRED",
"version" : 3.1,
"baseScore" : 6.1,
"baseSeverity" : "MEDIUM"
}
},
"references" : {
"reference_data" : [ {
"refsource" : "MISC",
"url" : "https://www.mend.io/vulnerability-database/CVE-2022-23078"
}, {
"refsource" : "CONFIRM",
"url" : "https://github.com/HabitRPG/habitica/commit/5bcfdbe066e8c899f3ecf3fdcdbacc2ecba7f02f"
} ]
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "eng",
"value" : "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')"
} ]
} ]
},
"solution" : [ {
"lang" : "eng",
"value" : "Update version to v4.233.0 or later"
} ],
"source" : {
"advisory" : "https://www.mend.io/vulnerability-database/",
"discovery" : "UNKNOWN"
}
}

188
2022/23xxx/CVE-2022-23079.json
View File

@ -1,87 +1,109 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vulnerabilitylab@mend.io",
"ID" : "CVE-2022-23079",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "Jan 11, 2022, 3:10:07 PM",
"TITLE" : "motoradmin - host header Injection in the reset password functionality "
},
"affects" : {
"vendor" : {
"vendor_data" : [ {
"vendor_name" : "motor-admin",
"product" : {
"product_data" : [ {
"product_name" : "motor-admin",
"version" : {
"version_data" : [ {
"version_value" : "0.0.1",
"version_affected" : ">="
}, {
"version_value" : "0.2.56",
"version_affected" : "<="
} ]
}
} ]
"CVE_data_meta": {
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"ID": "CVE-2022-23079",
"STATE": "PUBLIC",
"DATE_PUBLIC": "Jan 11, 2022, 3:10:07 PM",
"TITLE": "motoradmin - host header Injection in the reset password functionality "
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "motor-admin",
"product": {
"product_data": [
{
"product_name": "motor-admin",
"version": {
"version_data": [
{
"version_value": "0.0.1",
"version_affected": ">="
},
{
"version_value": "0.2.56",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
} ]
},
"credit": [
{
"lang": "eng",
"value": "Mend Vulnerability Research Team (MVR)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In motor-admin versions 0.0.1 through 0.2.56 are vulnerable to host header injection in the password reset functionality where malicious actor can send fake password reset email to arbitrary victim."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"version": 3.1,
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.mend.io/vulnerability-database/CVE-2022-23079",
"name": "https://www.mend.io/vulnerability-database/CVE-2022-23079"
},
{
"refsource": "MISC",
"url": "https://github.com/motor-admin/motor-admin/commit/a461b7507940a1fa062836daa89c82404fe3ecf9",
"name": "https://github.com/motor-admin/motor-admin/commit/a461b7507940a1fa062836daa89c82404fe3ecf9"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-116 Improper Encoding or Escaping of Output"
}
]
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update version to 0.2.61 or later"
}
],
"source": {
"advisory": "https://www.mend.io/vulnerability-database/",
"discovery": "UNKNOWN"
}
},
"credit" : [ {
"lang" : "eng",
"value" : "Mend Vulnerability Research Team (MVR)"
} ],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [ {
"lang" : "eng",
"value" : "In motor-admin versions 0.0.1 through 0.2.56 are vulnerable to host header injection in the password reset functionality where malicious actor can send fake password reset email to arbitrary victim."
} ]
},
"generator" : {
"engine" : "Vulnogram 0.0.9"
},
"impact" : {
"cvss" : {
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "REQUIRED",
"version" : 3.1,
"baseScore" : 8.8,
"baseSeverity" : "HIGH"
}
},
"references" : {
"reference_data" : [ {
"refsource" : "MISC",
"url" : "https://www.mend.io/vulnerability-database/CVE-2022-23079"
}, {
"refsource" : "CONFIRM",
"url" : "https://github.com/motor-admin/motor-admin/commit/a461b7507940a1fa062836daa89c82404fe3ecf9"
} ]
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "eng",
"value" : "CWE-116 Improper Encoding or Escaping of Output"
} ]
} ]
},
"solution" : [ {
"lang" : "eng",
"value" : "Update version to 0.2.61 or later"
} ],
"source" : {
"advisory" : "https://www.mend.io/vulnerability-database/",
"discovery" : "UNKNOWN"
}
}

188
2022/23xxx/CVE-2022-23080.json
View File

@ -1,87 +1,109 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vulnerabilitylab@mend.io",
"ID" : "CVE-2022-23080",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "Jan 11, 2022, 3:10:07 PM",
"TITLE" : "directus - SSRF which leads to internal port scan"
},
"affects" : {
"vendor" : {
"vendor_data" : [ {
"vendor_name" : "directus",
"product" : {
"product_data" : [ {
"product_name" : "directus",
"version" : {
"version_data" : [ {
"version_value" : "v9.0.0-beta.10",
"version_affected" : ">="
}, {
"version_value" : "v9.6.0",
"version_affected" : "<="
} ]
}
} ]
"CVE_data_meta": {
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"ID": "CVE-2022-23080",
"STATE": "PUBLIC",
"DATE_PUBLIC": "Jan 11, 2022, 3:10:07 PM",
"TITLE": "directus - SSRF which leads to internal port scan"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "directus",
"product": {
"product_data": [
{
"product_name": "directus",
"version": {
"version_data": [
{
"version_value": "v9.0.0-beta.10",
"version_affected": ">="
},
{
"version_value": "v9.6.0",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
} ]
},
"credit": [
{
"lang": "eng",
"value": "Mend Vulnerability Research Team (MVR)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery (SSRF) in the media upload functionality which allows a low privileged user to perform internal network port scans."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"version": 3.1,
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.mend.io/vulnerability-database/CVE-2022-23080",
"name": "https://www.mend.io/vulnerability-database/CVE-2022-23080"
},
{
"refsource": "MISC",
"url": "https://github.com/directus/directus/commit/6da3f1ed5034115b1da00440008351bf0d808d83",
"name": "https://github.com/directus/directus/commit/6da3f1ed5034115b1da00440008351bf0d808d83"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918 Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update version to v9.7.0 or later"
}
],
"source": {
"advisory": "https://www.mend.io/vulnerability-database/",
"discovery": "UNKNOWN"
}
},
"credit" : [ {
"lang" : "eng",
"value" : "Mend Vulnerability Research Team (MVR)"
} ],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [ {
"lang" : "eng",
"value" : "In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery (SSRF) in the media upload functionality which allows a low privileged user to perform internal network port scans."
} ]
},
"generator" : {
"engine" : "Vulnogram 0.0.9"
},
"impact" : {
"cvss" : {
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"confidentialityImpact" : "LOW",
"integrityImpact" : "NONE",
"privilegesRequired" : "LOW",
"scope" : "CHANGED",
"userInteraction" : "NONE",
"version" : 3.1,
"baseScore" : 5.0,
"baseSeverity" : "MEDIUM"
}
},
"references" : {
"reference_data" : [ {
"refsource" : "MISC",
"url" : "https://www.mend.io/vulnerability-database/CVE-2022-23080"
}, {
"refsource" : "CONFIRM",
"url" : "https://github.com/directus/directus/commit/6da3f1ed5034115b1da00440008351bf0d808d83"
} ]
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "eng",
"value" : "CWE-918 Server-Side Request Forgery (SSRF)"
} ]
} ]
},
"solution" : [ {
"lang" : "eng",
"value" : "Update version to v9.7.0 or later"
} ],
"source" : {
"advisory" : "https://www.mend.io/vulnerability-database/",
"discovery" : "UNKNOWN"
}
}

188
2022/23xxx/CVE-2022-23081.json
View File

@ -1,87 +1,109 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vulnerabilitylab@mend.io",
"ID" : "CVE-2022-23081",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "Jan 11, 2022, 3:10:07 PM",
"TITLE" : "Openlibrary - Reflected XSS"
},
"affects" : {
"vendor" : {
"vendor_data" : [ {
"vendor_name" : "openlibrary",
"product" : {
"product_data" : [ {
"product_name" : "openlibrary",
"version" : {
"version_data" : [ {
"version_value" : "deploy-2019-10-16/sponsorship",
"version_affected" : ">="
}, {
"version_value" : "deploy-2021-12-22",
"version_affected" : "<="
} ]
}
} ]
"CVE_data_meta": {
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"ID": "CVE-2022-23081",
"STATE": "PUBLIC",
"DATE_PUBLIC": "Jan 11, 2022, 3:10:07 PM",
"TITLE": "Openlibrary - Reflected XSS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "openlibrary",
"product": {
"product_data": [
{
"product_name": "openlibrary",
"version": {
"version_data": [
{
"version_value": "deploy-2019-10-16/sponsorship",
"version_affected": ">="
},
{
"version_value": "deploy-2021-12-22",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
} ]
},
"credit": [
{
"lang": "eng",
"value": "Mend Vulnerability Research Team (MVR)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are vulnerable to Reflected XSS."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"version": 3.1,
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.mend.io/vulnerability-database/CVE-2022-23081",
"name": "https://www.mend.io/vulnerability-database/CVE-2022-23081"
},
{
"refsource": "MISC",
"url": "https://github.com/internetarchive/openlibrary/pull/6597/commits/5460c8e8b517ef83c6a3b33654ba43ef0cbf051e",
"name": "https://github.com/internetarchive/openlibrary/pull/6597/commits/5460c8e8b517ef83c6a3b33654ba43ef0cbf051e"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update version to deploy-2022-06-09 or later"
}
],
"source": {
"advisory": "https://www.mend.io/vulnerability-database/",
"discovery": "UNKNOWN"
}
},
"credit" : [ {
"lang" : "eng",
"value" : "Mend Vulnerability Research Team (MVR)"
} ],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [ {
"lang" : "eng",
"value" : "In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are vulnerable to Reflected XSS. "
} ]
},
"generator" : {
"engine" : "Vulnogram 0.0.9"
},
"impact" : {
"cvss" : {
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"confidentialityImpact" : "LOW",
"integrityImpact" : "LOW",
"privilegesRequired" : "NONE",
"scope" : "CHANGED",
"userInteraction" : "REQUIRED",
"version" : 3.1,
"baseScore" : 6.1,
"baseSeverity" : "MEDIUM"
}
},
"references" : {
"reference_data" : [ {
"refsource" : "MISC",
"url" : "https://www.mend.io/vulnerability-database/CVE-2022-23081"
}, {
"refsource" : "CONFIRM",
"url" : "https://github.com/internetarchive/openlibrary/pull/6597/commits/5460c8e8b517ef83c6a3b33654ba43ef0cbf051e"
} ]
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "eng",
"value" : "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
} ]
} ]
},
"solution" : [ {
"lang" : "eng",
"value" : "Update version to deploy-2022-06-09 or later"
} ],
"source" : {
"advisory" : "https://www.mend.io/vulnerability-database/",
"discovery" : "UNKNOWN"
}
}

10
2022/26xxx/CVE-2022-26708.json
View File

@ -45,6 +45,16 @@
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT213253",
"url": "https://support.apple.com/kb/HT213253"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT213258",
"url": "https://support.apple.com/kb/HT213258"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT213254",

10
2022/26xxx/CVE-2022-26775.json
View File

@ -56,6 +56,16 @@
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT213253",
"url": "https://support.apple.com/kb/HT213253"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT213258",
"url": "https://support.apple.com/kb/HT213258"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT213254",

10
2022/26xxx/CVE-2022-26776.json
View File

@ -56,6 +56,16 @@
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT213253",
"url": "https://support.apple.com/kb/HT213253"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT213258",
"url": "https://support.apple.com/kb/HT213258"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT213254",

4
2022/29xxx/CVE-2022-29299.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2022-29299",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-20660. Reason: This candidate is a reservation duplicate of CVE-2021-20660. Notes: All CVE users should reference CVE-2021-20660 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}

4
2022/29xxx/CVE-2022-29301.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2022-29301",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-20660. Reason: This candidate is a reservation duplicate of CVE-2021-20660. Notes: All CVE users should reference CVE-2021-20660 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}

166
2022/2xxx/CVE-2022-2174.json
View File

@ -1,89 +1,89 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2174",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Reflected in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "1.2.18"
}
]
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2174",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Reflected in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "1.2.18"
}
]
}
}
]
},
"vendor_name": "microweber"
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/ac68e3fc-8cf1-4a62-90ee-95c4b2bad607",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/ac68e3fc-8cf1-4a62-90ee-95c4b2bad607"
},
{
"name": "https://github.com/microweber/microweber/commit/c51285f791e48e536111cd57a9544ccbf7f33961",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/c51285f791e48e536111cd57a9544ccbf7f33961"
}
]
},
"source": {
"advisory": "ac68e3fc-8cf1-4a62-90ee-95c4b2bad607",
"discovery": "EXTERNAL"
}
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/ac68e3fc-8cf1-4a62-90ee-95c4b2bad607",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/ac68e3fc-8cf1-4a62-90ee-95c4b2bad607"
},
{
"name": "https://github.com/microweber/microweber/commit/c51285f791e48e536111cd57a9544ccbf7f33961",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/c51285f791e48e536111cd57a9544ccbf7f33961"
}
]
},
"source": {
"advisory": "ac68e3fc-8cf1-4a62-90ee-95c4b2bad607",
"discovery": "EXTERNAL"
}
}

101
2022/2xxx/CVE-2022-2175.json
View File

@ -1,89 +1,18 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2175",
"STATE": "PUBLIC",
"TITLE": "Buffer Over-read in vim/vim"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vim/vim",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "8.2"
}
]
}
}
]
},
"vendor_name": "vim"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer Over-read in GitHub repository vim/vim prior to 8.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-126 Buffer Over-read"
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2175",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/7f0481c2-8b57-4324-b47c-795d1ea67e55",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/7f0481c2-8b57-4324-b47c-795d1ea67e55"
},
{
"name": "https://github.com/vim/vim/commit/6046aded8da002b08d380db29de2ba0268b6616e",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/6046aded8da002b08d380db29de2ba0268b6616e"
}
]
},
"source": {
"advisory": "7f0481c2-8b57-4324-b47c-795d1ea67e55",
"discovery": "EXTERNAL"
}
}
}

18
2022/2xxx/CVE-2022-2180.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2180",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/2xxx/CVE-2022-2181.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2181",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/2xxx/CVE-2022-2182.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2182",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

2
2022/31xxx/CVE-2022-31289.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "https://ossindex.sonatype.org/ Sonatype Nexus Repository Manager OSS 3.37.3-02 is affected by: Incorrect Access Control. The impact is: Authentication Bypass (remote). The component is: Admin Panel. The attack vector is: With the help of response manipulation Attacker can bypass the login panel and view the dashboard menus, No user interaction is required. \u00b6\u00b6 1. Go to https://nexus.e-goi.com 2. Click on the Sign In button. 3. Enter the password as admin:admin. 4. Intercept the request in Burp Suite. 5. Capture the Response of the Request. 6. Change the Status Code from 403 Forbidden to 200 OK. 7. You will see the dashboard which provides the admin access."
"value": "** DISPUTED ** https://ossindex.sonatype.org/ Sonatype Nexus Repository Manager OSS 3.37.3-02 is affected by: Incorrect Access Control. The impact is: Authentication Bypass (remote). The component is: Admin Panel. The attack vector is: With the help of response manipulation Attacker can bypass the login panel and view the dashboard menus, No user interaction is required. 1. Go to https://nexus.e-goi.com 2. Click on the Sign In button. 3. Enter the password as admin:admin. 4. Intercept the request in Burp Suite. 5. Capture the Response of the Request. 6. Change the Status Code from 403 Forbidden to 200 OK. 7. You will see the dashboard which provides the admin access. NOTE: third parties claim that the server application has not actually authenticated the request and no administrative actions are permitted which would not make this issue a vulnerability."
}
]
},

61
2022/31xxx/CVE-2022-31361.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-31361",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-31361",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** UNSUPPORTED WHEN ASSIGNED ** Docebo Community Edition v4.0.5 and below was discovered to contain a SQL injection vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.swascan.com/security-advisory-docebo-community-edition/",
"refsource": "MISC",
"name": "https://www.swascan.com/security-advisory-docebo-community-edition/"
},
{
"refsource": "MISC",
"name": "https://blog.formalms.org/about/blog/20-life-after-docebo-the-forma-project-begins.html",
"url": "https://blog.formalms.org/about/blog/20-life-after-docebo-the-forma-project-begins.html"
}
]
}

61
2022/31xxx/CVE-2022-31362.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-31362",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-31362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** UNSUPPORTED WHEN ASSIGNED ** Docebo Community Edition v4.0.5 and below was discovered to contain an arbitrary file upload vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.swascan.com/security-advisory-docebo-community-edition/",
"refsource": "MISC",
"name": "https://www.swascan.com/security-advisory-docebo-community-edition/"
},
{
"refsource": "MISC",
"name": "https://blog.formalms.org/about/blog/20-life-after-docebo-the-forma-project-begins.html",
"url": "https://blog.formalms.org/about/blog/20-life-after-docebo-the-forma-project-begins.html"
}
]
}

56
2022/32xxx/CVE-2022-32124.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-32124",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-32124",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /index/jobfairol/show/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/PAINCLOWN/74cmsSE-Arbitrary-File-Reading/issues/3",
"refsource": "MISC",
"name": "https://github.com/PAINCLOWN/74cmsSE-Arbitrary-File-Reading/issues/3"
}
]
}

56
2022/32xxx/CVE-2022-32125.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-32125",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-32125",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /job."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/PAINCLOWN/74cmsSE-Arbitrary-File-Reading/issues/3",
"refsource": "MISC",
"name": "https://github.com/PAINCLOWN/74cmsSE-Arbitrary-File-Reading/issues/3"
}
]
}

188
2022/32xxx/CVE-2022-32159.json
View File

@ -1,87 +1,109 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vulnerabilitylab@mend.io",
"ID" : "CVE-2022-32159",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "Jun 1, 2022, 4:32:50 AM",
"TITLE" : "Openlibrary - Stored XSS"
},
"affects" : {
"vendor" : {
"vendor_data" : [ {
"vendor_name" : "infogami",
"product" : {
"product_data" : [ {
"product_name" : "infogami",
"version" : {
"version_data" : [ {
"version_value" : "0.2",
"version_affected" : ">="
}, {
"version_value" : "0.4",
"version_affected" : "<="
} ]
}
} ]
"CVE_data_meta": {
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"ID": "CVE-2022-32159",
"STATE": "PUBLIC",
"DATE_PUBLIC": "Jun 1, 2022, 4:32:50 AM",
"TITLE": "Openlibrary - Stored XSS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "infogami",
"product": {
"product_data": [
{
"product_name": "infogami",
"version": {
"version_data": [
{
"version_value": "0.2",
"version_affected": ">="
},
{
"version_value": "0.4",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
} ]
},
"credit": [
{
"lang": "eng",
"value": "Mend Vulnerability Research Team (MVR)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are vulnerable to Stored XSS."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"version": 3.1,
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.mend.io/vulnerability-database/CVE-2022-32159",
"name": "https://www.mend.io/vulnerability-database/CVE-2022-32159"
},
{
"refsource": "MISC",
"url": "https://github.com/internetarchive/infogami/pull/195/commits/ccc2141c5fb093870c9e2742c01336ecca8cd12e",
"name": "https://github.com/internetarchive/infogami/pull/195/commits/ccc2141c5fb093870c9e2742c01336ecca8cd12e"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update version to OL_201908 or later"
}
],
"source": {
"advisory": "https://www.mend.io/vulnerability-database/",
"discovery": "UNKNOWN"
}
},
"credit" : [ {
"lang" : "eng",
"value" : "Mend Vulnerability Research Team (MVR)"
} ],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [ {
"lang" : "eng",
"value" : "In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are vulnerable to Stored XSS.\n"
} ]
},
"generator" : {
"engine" : "Vulnogram 0.0.9"
},
"impact" : {
"cvss" : {
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"confidentialityImpact" : "LOW",
"integrityImpact" : "LOW",
"privilegesRequired" : "LOW",
"scope" : "CHANGED",
"userInteraction" : "REQUIRED",
"version" : 3.1,
"baseScore" : 5.4,
"baseSeverity" : "MEDIUM"
}
},
"references" : {
"reference_data" : [ {
"refsource" : "MISC",
"url" : "https://www.mend.io/vulnerability-database/CVE-2022-32159"
}, {
"refsource" : "CONFIRM",
"url" : "https://github.com/internetarchive/infogami/pull/195/commits/ccc2141c5fb093870c9e2742c01336ecca8cd12e"
} ]
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "eng",
"value" : "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
} ]
} ]
},
"solution" : [ {
"lang" : "eng",
"value" : "Update version to OL_201908 or later"
} ],
"source" : {
"advisory" : "https://www.mend.io/vulnerability-database/",
"discovery" : "UNKNOWN"
}
}

5
2022/32xxx/CVE-2022-32278.json
View File

@ -61,6 +61,11 @@
"refsource": "DEBIAN",
"name": "DSA-5164",
"url": "https://www.debian.org/security/2022/dsa-5164"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220622 [SECURITY] [DLA 3056-1] exo security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00018.html"
}
]
}

7
2022/33xxx/CVE-2022-33987.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "The got package before 12.1.0 for Node.js allows a redirect to a UNIX socket."
"value": "The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket."
}
]
},
@ -61,6 +61,11 @@
"url": "https://github.com/sindresorhus/got/compare/v12.0.3...v12.1.0",
"refsource": "MISC",
"name": "https://github.com/sindresorhus/got/compare/v12.0.3...v12.1.0"
},
{
"refsource": "MISC",
"name": "https://github.com/sindresorhus/got/releases/tag/v11.8.5",
"url": "https://github.com/sindresorhus/got/releases/tag/v11.8.5"
}
]
}

5
2022/34xxx/CVE-2022-34171.json
View File

@ -69,6 +69,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/06/22/3"
}
]
}

5
2022/34xxx/CVE-2022-34173.json
View File

@ -61,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/06/22/3"
}
]
}

5
2022/34xxx/CVE-2022-34175.json
View File

@ -61,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2777",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2777",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/06/22/3"
}
]
}

5
2022/34xxx/CVE-2022-34177.json
View File

@ -65,6 +65,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2705",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2705",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/06/22/3"
}
]
}

5
2022/34xxx/CVE-2022-34178.json
View File

@ -57,6 +57,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2567",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2567",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/06/22/3"
}
]
}

5
2022/34xxx/CVE-2022-34180.json
View File

@ -57,6 +57,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2794",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2794",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/06/22/3"
}
]
}

5
2022/34xxx/CVE-2022-34182.json
View File

@ -61,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2768",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2768",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/06/22/3"
}
]
}

5
2022/34xxx/CVE-2022-34184.json
View File

@ -61,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/06/22/3"
}
]
}

5
2022/34xxx/CVE-2022-34185.json
View File

@ -61,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/06/22/3"
}
]
}

5
2022/34xxx/CVE-2022-34186.json
View File

@ -61,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/06/22/3"
}
]
}

5
2022/34xxx/CVE-2022-34187.json
View File

@ -61,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/06/22/3"
}
]
}

5
2022/34xxx/CVE-2022-34188.json
View File

@ -57,6 +57,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/06/22/3"
}
]
}

5
2022/34xxx/CVE-2022-34189.json
View File

@ -61,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/06/22/3"
}
]
}

5
2022/34xxx/CVE-2022-34190.json
View File

@ -61,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/06/22/3"
}
]
}

5
2022/34xxx/CVE-2022-34191.json
View File

@ -61,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/06/22/3"
}
]
}

5
2022/34xxx/CVE-2022-34193.json
View File

@ -61,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/06/22/3"
}
]
}

5
2022/34xxx/CVE-2022-34195.json
View File

@ -61,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/06/22/3"
}
]
}

5
2022/34xxx/CVE-2022-34196.json
View File

@ -57,6 +57,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/06/22/3"
}
]
}

5
2022/34xxx/CVE-2022-34197.json
View File

@ -61,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/06/22/3"
}
]
}

5
2022/34xxx/CVE-2022-34198.json
View File

@ -61,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/06/22/3"
}
]
}

5
2022/34xxx/CVE-2022-34200.json
View File

@ -61,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2276",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2276",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/06/22/3"
}
]
}

5
2022/34xxx/CVE-2022-34202.json
View File

@ -61,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2066",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2066",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/06/22/3"
}
]
}

5
2022/34xxx/CVE-2022-34203.json
View File

@ -61,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2281",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2281",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/06/22/3"
}
]
}

5
2022/34xxx/CVE-2022-34204.json
View File

@ -61,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2281",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2281",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/06/22/3"
}
]
}

5
2022/34xxx/CVE-2022-34208.json
View File

@ -61,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2248",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2248",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/06/22/3"
}
]
}

5
2022/34xxx/CVE-2022-34209.json
View File

@ -61,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2249",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2249",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/06/22/3"
}
]
}

5
2022/34xxx/CVE-2022-34210.json
View File

@ -61,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2249",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2249",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/06/22/3"
}
]
}

5
2022/34xxx/CVE-2022-34212.json
View File

@ -61,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2279",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2279",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/06/22/3"
}
]
}

5
2022/34xxx/CVE-2022-34213.json
View File

@ -61,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2089",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2089",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/06/22/3"
}
]
}

18
2022/34xxx/CVE-2022-34272.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34272",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/34xxx/CVE-2022-34273.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34273",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/34xxx/CVE-2022-34274.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34274",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/34xxx/CVE-2022-34275.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34275",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/34xxx/CVE-2022-34276.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34276",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/34xxx/CVE-2022-34277.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34277",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/34xxx/CVE-2022-34278.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34278",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/34xxx/CVE-2022-34279.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34279",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/34xxx/CVE-2022-34280.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34280",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/34xxx/CVE-2022-34281.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34281",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/34xxx/CVE-2022-34282.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34282",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/34xxx/CVE-2022-34283.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34283",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/34xxx/CVE-2022-34284.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34284",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/34xxx/CVE-2022-34285.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34285",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/34xxx/CVE-2022-34286.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34286",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/34xxx/CVE-2022-34287.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34287",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/34xxx/CVE-2022-34288.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34288",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/34xxx/CVE-2022-34289.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34289",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/34xxx/CVE-2022-34290.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34290",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/34xxx/CVE-2022-34291.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34291",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/34xxx/CVE-2022-34292.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34292",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/34xxx/CVE-2022-34293.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34293",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/34xxx/CVE-2022-34294.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34294",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

73
2022/34xxx/CVE-2022-34295.json
View File

@ -1,76 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-34295",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34295",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "totd before 1.5.3 does not properly randomize mesg IDs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner",
"refsource": "MISC",
"name": "https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner"
},
{
"url": "http://www.hit.bme.hu/~lencse/publications/JCST-Apr14-2.pdf",
"refsource": "MISC",
"name": "http://www.hit.bme.hu/~lencse/publications/JCST-Apr14-2.pdf"
},
{
"url": "https://github.com/fwdillema/totd/commit/afd8a10a6a21f82a70940d1b43cff48143250399",
"refsource": "MISC",
"name": "https://github.com/fwdillema/totd/commit/afd8a10a6a21f82a70940d1b43cff48143250399"
},
{
"url": "https://github.com/fwdillema/totd/releases/tag/1.5.3",
"refsource": "MISC",
"name": "https://github.com/fwdillema/totd/releases/tag/1.5.3"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

62
2022/34xxx/CVE-2022-34296.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-34296",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Zalando Skipper before 0.13.218, a query predicate could be bypassed via a prepared request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/zalando/skipper/releases/tag/v0.13.218",
"refsource": "MISC",
"name": "https://github.com/zalando/skipper/releases/tag/v0.13.218"
}
]
}
}

18
2022/34xxx/CVE-2022-34297.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34297",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/34xxx/CVE-2022-34322.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34322",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/34xxx/CVE-2022-34323.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34323",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/34xxx/CVE-2022-34324.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34324",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/34xxx/CVE-2022-34325.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34325",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/34xxx/CVE-2022-34326.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34326",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/34xxx/CVE-2022-34327.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34327",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}