admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-06-15 17:01:46 +00:00
parent 4a6114ce2e
commit 8ae7172d19
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
19 changed files with 1462 additions and 114 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

90
2021/39xxx/CVE-2021-39820.json
View File

@ -1,18 +1,96 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2021-09-14T23:00:00.000Z",
"ID": "CVE-2021-39820",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Adobe InDesign Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InDesign",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "16.3"
},
{
"version_affected": "<=",
"version_value": "16.3.2"
},
{
"version_affected": "<=",
"version_value": "None"
},
{
"version_affected": "<=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious TIFF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Network",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Access of Memory Location After End of Buffer (CWE-788)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/indesign/apsb21-73.html",
"name": "https://helpx.adobe.com/security/products/indesign/apsb21-73.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

90
2021/40xxx/CVE-2021-40727.json
View File

@ -1,18 +1,96 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2021-09-14T23:00:00.000Z",
"ID": "CVE-2021-40727",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Adobe InDesign crashes when parsing the TIF file"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InDesign",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "None"
},
{
"version_affected": "<=",
"version_value": "None"
},
{
"version_affected": "<=",
"version_value": "None"
},
{
"version_affected": "<=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Access of Memory Location After End of Buffer (CWE-788"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Access of Memory Location After End of Buffer (CWE-788)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/indesign/apsb21-73.html",
"name": "https://helpx.adobe.com/security/products/indesign/apsb21-73.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

56
2021/40xxx/CVE-2021-40940.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-40940",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-40940",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Monstra 3.0.4 does not filter the case of php, which leads to an unrestricted file upload vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/monstra-cms/monstra/issues/471",
"refsource": "MISC",
"name": "https://github.com/monstra-cms/monstra/issues/471"
}
]
}

58
2022/1xxx/CVE-2022-1342.json
View File

@ -1,17 +1,63 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@devolutions.net",
"DATE_PUBLIC": "2022-04-21T00:00:00",
"ID": "CVE-2022-1342",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Remote Desktop Manager",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "2022.1.24"
}
]
}
}
]
},
"vendor_name": "Devolutions"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data. A caching issue can cause sensitive fields to sometimes stay revealed when closing and reopening a panel, which could lead to involuntarily disclosing sensitive information. This issue affects: Devolutions Remote Desktop Manager 2022.1.24 version and prior versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-549"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://devolutions.net/security/advisories/DEVO-2022-0003",
"name": "https://devolutions.net/security/advisories/DEVO-2022-0003"
}
]
}

56
2022/32xxx/CVE-2022-32101.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-32101",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-32101",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "kkcms v1.3.7 was discovered to contain a SQL injection vulnerability via the cid parameter at /template/wapian/vlist.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.yuque.com/docs/share/e6e66d95-9d58-4dc0-a0ce-f337a16b482f",
"refsource": "MISC",
"name": "https://www.yuque.com/docs/share/e6e66d95-9d58-4dc0-a0ce-f337a16b482f"
}
]
}

113
2022/32xxx/CVE-2022-32151.json
View File

@ -1,18 +1,119 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "prodsec@splunk.com",
"DATE_PUBLIC": "2022-06-14T11:55:00.000Z",
"ID": "CVE-2022-32151",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Splunk Enterprise disabled TLS validation using the CA certificate stores in Python 3 libraries by default"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Splunk Enterprise",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9.0",
"version_value": "9.0"
}
]
}
},
{
"product_name": "Splunk Cloud Platform",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8.2",
"version_value": "8.2.2203"
}
]
}
}
]
},
"vendor_name": "Splunk, Inc"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Chris Green at Splunk"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA) certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203. Python 3 client libraries now verify server certificates by default and use the appropriate CA certificate stores for each library. Apps and add-ons that include their own HTTP libraries are not affected. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295 Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0601.html",
"refsource": "CONFIRM",
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0601.html"
},
{
"name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation",
"refsource": "CONFIRM",
"url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation"
},
{
"name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates",
"refsource": "CONFIRM",
"url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
},
{
"name": "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_simplerequest/",
"refsource": "CONFIRM",
"url": "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_simplerequest/"
}
]
},
"source": {
"advisory": "SVD-2022-0601",
"discovery": "INTERNAL"
}
}

128
2022/32xxx/CVE-2022-32152.json
View File

@ -1,18 +1,134 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "prodsec@splunk.com",
"DATE_PUBLIC": "2022-06-14T11:55:00.000Z",
"ID": "CVE-2022-32152",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Splunk Enterprise lacked TLS cert validation for Splunk-to-Splunk communication by default"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Splunk Enterprise",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9.0",
"version_value": "9.0"
}
]
}
},
{
"product_name": "Splunk Cloud Platform",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8.2",
"version_value": "8.2.2203"
}
]
}
}
]
},
"vendor_name": "Splunk"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Chris Green at Splunk"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates were not vulnerable. However, an attacker with administrator credentials could add a peer without a valid certificate and connections from misconfigured nodes without valid certificates did not fail by default. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295 Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation",
"refsource": "CONFIRM",
"url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation"
},
{
"name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates",
"refsource": "CONFIRM",
"url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
},
{
"name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0602.html",
"refsource": "CONFIRM",
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0602.html"
},
{
"name": "https://research.splunk.com/application/splunk_digital_certificates_infrastructure_version/",
"refsource": "CONFIRM",
"url": "https://research.splunk.com/application/splunk_digital_certificates_infrastructure_version/"
},
{
"name": "https://research.splunk.com/application/splunk_digital_certificates_lack_of_encryption/",
"refsource": "CONFIRM",
"url": "https://research.splunk.com/application/splunk_digital_certificates_lack_of_encryption/"
},
{
"name": "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_selfsigned/",
"refsource": "CONFIRM",
"url": "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_selfsigned/"
},
{
"name": "https://research.splunk.com/network/splunk_identified_ssl_tls_certificates/",
"refsource": "CONFIRM",
"url": "https://research.splunk.com/network/splunk_identified_ssl_tls_certificates/"
}
]
},
"source": {
"advisory": "SVD-2022-0602",
"discovery": "INTERNAL"
}
}

128
2022/32xxx/CVE-2022-32153.json
View File

@ -1,18 +1,134 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "prodsec@splunk.com",
"DATE_PUBLIC": "2022-06-14T11:55:00.000Z",
"ID": "CVE-2022-32153",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Splunk Enterprise lacked TLS host name validation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Splunk Enterprise",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9.0",
"version_value": "9.0"
}
]
}
},
{
"product_name": "Splunk Cloud Platform",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8.2",
"version_value": "8.2.2203"
}
]
}
}
]
},
"vendor_name": "Splunk, Inc"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Chris Green at Splunk"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates were not vulnerable. However, an attacker with administrator credentials could add a peer without a valid certificate and connections from misconfigured nodes without valid certificates did not fail by default. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-297 Improper Validation of Certificate with Host Mismatch"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation",
"refsource": "CONFIRM",
"url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation"
},
{
"name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates",
"refsource": "CONFIRM",
"url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
},
{
"name": "https://research.splunk.com/application/splunk_digital_certificates_infrastructure_version/",
"refsource": "CONFIRM",
"url": "https://research.splunk.com/application/splunk_digital_certificates_infrastructure_version/"
},
{
"name": "https://research.splunk.com/application/splunk_digital_certificates_lack_of_encryption/",
"refsource": "CONFIRM",
"url": "https://research.splunk.com/application/splunk_digital_certificates_lack_of_encryption/"
},
{
"name": "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_selfsigned/",
"refsource": "CONFIRM",
"url": "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_selfsigned/"
},
{
"name": "https://research.splunk.com/network/splunk_identified_ssl_tls_certificates/",
"refsource": "CONFIRM",
"url": "https://research.splunk.com/network/splunk_identified_ssl_tls_certificates/"
},
{
"name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0603.html",
"refsource": "CONFIRM",
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0603.html"
}
]
},
"source": {
"advisory": "SVD-2022-0603",
"discovery": "INTERNAL"
}
}

131
2022/32xxx/CVE-2022-32154.json
View File

@ -1,18 +1,137 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "prodsec@splunk.com",
"DATE_PUBLIC": "2022-06-14T11:55:00.000Z",
"ID": "CVE-2022-32154",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Risky commands warnings in Splunk Enterprise Dashboards"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Splunk Enterprise",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9.0",
"version_value": "9.0"
}
]
}
},
{
"product_name": "Splunk Cloud Platform",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8.2",
"version_value": "8.2.2106"
}
]
}
}
]
},
"vendor_name": "Splunk, Inc"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Chris Green at Splunk"
},
{
"lang": "eng",
"value": "Danylo Dmytriiev (DDV_UA)"
},
{
"lang": "eng",
"value": "Anton (therceman)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and potentially risky commands (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) for more information. Note that the attack is browser-based and an attacker cannot exploit it at will."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates",
"refsource": "CONFIRM",
"url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
},
{
"name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html",
"refsource": "CONFIRM",
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html"
},
{
"name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands",
"refsource": "CONFIRM",
"url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands"
},
{
"name": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands/",
"refsource": "CONFIRM",
"url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands/"
},
{
"name": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk/",
"refsource": "CONFIRM",
"url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk/"
},
{
"name": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage/",
"refsource": "CONFIRM",
"url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage/"
}
]
},
"source": {
"advisory": "SVD-2022-0604",
"discovery": "INTERNAL"
}
}

80
2022/32xxx/CVE-2022-32155.json
View File

@ -1,18 +1,86 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "prodsec@splunk.com",
"DATE_PUBLIC": "2022-06-14T11:55:00.000Z",
"ID": "CVE-2022-32155",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Universal Forwarder management services allows remote login by default"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Universal Forwarder",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9.0",
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "Splunk, Inc"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Chris Green at Splunk"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to your environment. In 9.0, the universal forwarder now binds the management port to localhost preventing remote logins by default. If management services are not required in versions before 9.0, set disableDefaultPort = true in server.conf OR allowRemoteLogin = never in server.conf OR mgmtHostPort = localhost in web.conf. See Configure universal forwarder management security (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security) for more information on disabling the remote management services."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": ""
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates",
"refsource": "CONFIRM",
"url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
},
{
"name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0605.html",
"refsource": "CONFIRM",
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0605.html"
},
{
"name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security",
"refsource": "CONFIRM",
"url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security"
}
]
},
"source": {
"advisory": "SVD-2022-0605",
"discovery": "INTERNAL"
}
}

111
2022/32xxx/CVE-2022-32156.json
View File

@ -1,18 +1,117 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "prodsec@splunk.com",
"DATE_PUBLIC": "2022-06-14T11:55:00.000Z",
"ID": "CVE-2022-32156",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Splunk Enterprise and universal forwarder CLI connections lacked TLS cert validation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Splunk Enterprise",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9.0",
"version_value": "9.0"
}
]
}
},
{
"product_name": "Universal Forwarder",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9.0",
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "Splunk, Inc"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Chris Green at Splunk"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface (CLI) did not validate TLS certificates while connecting to a remote Splunk platform instance by default. Splunk peer communications configured properly with valid certificates were not vulnerable. However, connections from misconfigured nodes without valid certificates did not fail by default. After updating to version 9.0, see Configure TLS host name validation for the Splunk CLI (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_TLS_host_name_validation_for_the_Splunk_CLI) to enable the remediation."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295 Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates",
"refsource": "CONFIRM",
"url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
},
{
"name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0606.html",
"refsource": "CONFIRM",
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0606.html"
},
{
"name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_TLS_host_name_validation_for_the_Splunk_CLI",
"refsource": "CONFIRM",
"url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_TLS_host_name_validation_for_the_Splunk_CLI"
}
]
},
"source": {
"advisory": "SVD-2022-0606",
"discovery": "INTERNAL"
}
}

101
2022/32xxx/CVE-2022-32157.json
View File

@ -1,18 +1,107 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "prodsec@splunk.com",
"DATE_PUBLIC": "2022-06-14T11:55:00.000Z",
"ID": "CVE-2022-32157",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Splunk Enterprise deployment servers allow unauthenticated forwarder bundle downloads"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Splunk Enterprise",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9.0",
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "Splunk, Inc"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Nadim Taha at Splunk"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. Remediation requires you to update the deployment server to version 9.0 and Configure authentication for deployment servers and clients (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients). Once enabled, deployment servers can manage only Universal Forwarder versions 9.0 and higher. Though the vulnerability does not directly affect Universal Forwarders, remediation requires updating all Universal Forwarders that the deployment server manages to version 9.0 or higher prior to enabling the remediation."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates",
"refsource": "CONFIRM",
"url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
},
{
"name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0607.html",
"refsource": "CONFIRM",
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0607.html"
},
{
"name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients",
"refsource": "CONFIRM",
"url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients"
},
{
"name": "https://research.splunk.com/application/splunk_process_injection_forwarder_bundle_downloads/",
"refsource": "CONFIRM",
"url": "https://research.splunk.com/application/splunk_process_injection_forwarder_bundle_downloads/"
}
]
},
"source": {
"advisory": "SVD-2022-0607",
"discovery": "INTERNAL"
}
}

98
2022/32xxx/CVE-2022-32158.json
View File

@ -1,18 +1,104 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "prodsec@splunk.com",
"DATE_PUBLIC": "2022-06-14T11:55:00.000Z",
"ID": "CVE-2022-32158",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Splunk Enterprise deployment servers allow client publishing of forwarder bundles"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Splunk Enterprise",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9.0",
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "Splunk, Inc"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Nadim Taha at Splunk"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Splunk Enterprise deployment servers in versions before 9.0 let clients deploy forwarder bundles to other deployment clients through the deployment server. An attacker that compromised a Universal Forwarder endpoint could use the vulnerability to execute arbitrary code on all other Universal Forwarder endpoints subscribed to the deployment server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates",
"refsource": "CONFIRM",
"url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
},
{
"name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0608.html",
"refsource": "CONFIRM",
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0608.html"
},
{
"summary": "https://research.splunk.com/application/splunk_process_injection_forwarder_bundle_downloads/",
"url": "https://research.splunk.com/application/splunk_process_injection_forwarder_bundle_downloads/",
"category": "self",
"refsource": "MISC",
"name": "https://research.splunk.com/application/splunk_process_injection_forwarder_bundle_downloads/"
}
]
},
"source": {
"advisory": "SVD-2022-0608",
"discovery": "INTERNAL"
}
}

56
2022/32xxx/CVE-2022-32299.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-32299",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-32299",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the id parameter at /App/Lib/Action/Admin/SiteAction.class.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.yuque.com/docs/share/a296c6fe-8af7-4e01-bc14-3ad13d6335ed",
"refsource": "MISC",
"name": "https://www.yuque.com/docs/share/a296c6fe-8af7-4e01-bc14-3ad13d6335ed"
}
]
}

56
2022/32xxx/CVE-2022-32300.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-32300",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-32300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the MailSendID parameter at /App/Lib/Action/Admin/MailAction.class.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.yuque.com/docs/share/bf37643b-9782-4320-9ca9-cf38a331b686",
"refsource": "MISC",
"name": "https://www.yuque.com/docs/share/bf37643b-9782-4320-9ca9-cf38a331b686"
}
]
}

56
2022/32xxx/CVE-2022-32301.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-32301",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-32301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the IdList parameter at /App/Lib/Action/Home/ApiAction.class.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.yuque.com/docs/share/8864c0c7-ad8e-407f-98d3-104d2f2dd13e",
"refsource": "MISC",
"name": "https://www.yuque.com/docs/share/8864c0c7-ad8e-407f-98d3-104d2f2dd13e"
}
]
}

56
2022/32xxx/CVE-2022-32302.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-32302",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-32302",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Theme Park Ticketing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at edit_ticket.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.yuque.com/docs/share/0255145d-8a60-4045-a5d2-fd82232e0faa",
"refsource": "MISC",
"name": "https://www.yuque.com/docs/share/0255145d-8a60-4045-a5d2-fd82232e0faa"
}
]
}

56
2022/32xxx/CVE-2022-32991.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-32991",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-32991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Web Based Quiz System v1.0 was discovered to contain a SQL injection vulnerability via the eid parameter at welcome.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.yuque.com/docs/share/fd95cc4d-2a38-4e5a-9fac-bfa3534f8056",
"refsource": "MISC",
"name": "https://www.yuque.com/docs/share/fd95cc4d-2a38-4e5a-9fac-bfa3534f8056"
}
]
}

56
2022/32xxx/CVE-2022-32992.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-32992",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-32992",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Online Tours And Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the tname parameter at /admin/operations/tax.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.yuque.com/docs/share/d1593cea-f278-4a5e-a6ee-f7a63b641f1d",
"refsource": "MISC",
"name": "https://www.yuque.com/docs/share/d1593cea-f278-4a5e-a6ee-f7a63b641f1d"
}
]
}