admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-10-06 17:39:23 +00:00
parent 02256b8cf4
commit 8dd4190f91
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
70 changed files with 2576 additions and 877 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2014/6xxx/CVE-2014-6033.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6032. Reason: This candidate is a duplicate of CVE-2014-6032. Notes: All CVE users should reference CVE-2014-6032 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6032. Reason: This candidate is a duplicate of CVE-2014-6032. Notes: All CVE users should reference CVE-2014-6032 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}

61
2021/40xxx/CVE-2021-40556.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-40556",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-40556",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A stack overflow vulnerability exists in the httpd service in ASUS RT-AX56U Router Version 3.0.0.4.386.44266. This vulnerability is caused by the strcat function called by \"caupload\" input handle function allowing the user to enter 0xFFFF bytes into the stack. This vulnerability allows an attacker to execute commands remotely. The vulnerability requires authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.asus.com/tw/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX56U/HelpDesk_BIOS/",
"url": "https://www.asus.com/tw/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX56U/HelpDesk_BIOS/"
},
{
"refsource": "MISC",
"name": "https://x1ng.top/2021/10/14/ASUS%E6%A0%88%E6%BA%A2%E5%87%BA%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/",
"url": "https://x1ng.top/2021/10/14/ASUS%E6%A0%88%E6%BA%A2%E5%87%BA%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/"
}
]
}

174
2022/22xxx/CVE-2022-22503.json
View File

@ -1,90 +1,90 @@
{
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6825995",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6825995",
"title" : "IBM Security Bulletin 6825995 (Robotic Process Automation)"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/227125",
"name" : "ibm-rpa-cve202222503-clickjacking (227125)",
"title" : "X-Force Vulnerability Report"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
]
}
]
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "IBM Robotic Process Automation 21.0.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 227125.",
"lang" : "eng"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
},
"BM" : {
"I" : "L",
"C" : "L",
"UI" : "R",
"PR" : "N",
"A" : "N",
"S" : "C",
"AV" : "N",
"AC" : "L",
"SCORE" : "6.100"
}
}
},
"data_format" : "MITRE",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2022-10-03T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"ID" : "CVE-2022-22503"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"references": {
"reference_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Robotic Process Automation",
"version" : {
"version_data" : [
{
"version_value" : "21.0.0"
}
]
}
}
]
},
"vendor_name" : "IBM"
"name": "https://www.ibm.com/support/pages/node/6825995",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6825995",
"title": "IBM Security Bulletin 6825995 (Robotic Process Automation)"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/227125",
"name": "ibm-rpa-cve202222503-clickjacking (227125)",
"title": "X-Force Vulnerability Report"
}
]
}
},
"data_type" : "CVE"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"data_version": "4.0",
"description": {
"description_data": [
{
"value": "IBM Robotic Process Automation 21.0.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 227125.",
"lang": "eng"
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
},
"BM": {
"I": "L",
"C": "L",
"UI": "R",
"PR": "N",
"A": "N",
"S": "C",
"AV": "N",
"AC": "L",
"SCORE": "6.100"
}
}
},
"data_format": "MITRE",
"CVE_data_meta": {
"DATE_PUBLIC": "2022-10-03T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"ID": "CVE-2022-22503"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Robotic Process Automation",
"version": {
"version_data": [
{
"version_value": "21.0.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_type": "CVE"
}

6
2022/25xxx/CVE-2022-25794.json
View File

@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_value": "All version prior to 1.5.2"
"version_value": "1.5.2"
}
]
}
@ -36,7 +36,7 @@
"description": [
{
"lang": "eng",
"value": "Out-Of-Bounds Read "
"value": "Out-Of-Bounds Read Vulnerability "
}
]
}
@ -55,7 +55,7 @@
"description_data": [
{
"lang": "eng",
"value": "An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.2 and prior may lead to code execution through maliciously crafted ActionScript Byte Code \u201cABC\u201d files or information disclosure. ABC files are created by the Flash compiler and contain executable code. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
"value": "An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.2 and prior may lead to code execution through maliciously crafted ActionScript Byte Code 'ABC' files or information disclosure. ABC files are created by the Flash compiler and contain executable code. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
}
]
}

61
2022/26xxx/CVE-2022-26235.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26235",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-26235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was discovered in the Remisol Advance v2.0.12.1 and below for the Normand Message Server. On installation, the permissions set by Remisol Advance allow non-privileged users to overwrite and/or manipulate executables and libraries that run as the elevated SYSTEM user on Windows."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.beckmancoulter.com/products/clinical-information-management-tools/remisol-advance",
"refsource": "MISC",
"name": "https://www.beckmancoulter.com/products/clinical-information-management-tools/remisol-advance"
},
{
"refsource": "MISC",
"name": "https://pastebin.com/amgw9pE7",
"url": "https://pastebin.com/amgw9pE7"
}
]
}

61
2022/26xxx/CVE-2022-26237.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26237",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-26237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The default privileges for the running service Normand Viewer Service in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.beckmancoulter.com/products/clinical-information-management-tools/remisol-advance",
"refsource": "MISC",
"name": "https://www.beckmancoulter.com/products/clinical-information-management-tools/remisol-advance"
},
{
"refsource": "MISC",
"name": "https://pastebin.com/DREqM7AT",
"url": "https://pastebin.com/DREqM7AT"
}
]
}

61
2022/26xxx/CVE-2022-26239.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26239",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-26239",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The default privileges for the running service Normand License Manager in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows unprivileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.beckmancoulter.com/products/clinical-information-management-tools/remisol-advance",
"refsource": "MISC",
"name": "https://www.beckmancoulter.com/products/clinical-information-management-tools/remisol-advance"
},
{
"refsource": "MISC",
"name": "https://pastebin.com/1QEHrj01",
"url": "https://pastebin.com/1QEHrj01"
}
]
}

61
2022/26xxx/CVE-2022-26240.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26240",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-26240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The default privileges for the running service Normand Message Buffer in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.beckmancoulter.com/products/clinical-information-management-tools/remisol-advance",
"refsource": "MISC",
"name": "https://www.beckmancoulter.com/products/clinical-information-management-tools/remisol-advance"
},
{
"refsource": "MISC",
"name": "https://pastebin.com/Bsy6KTxJ",
"url": "https://pastebin.com/Bsy6KTxJ"
}
]
}

2
2022/2xxx/CVE-2022-2637.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation.\nThis issue affects:\nHitachi Storage Plug-in for VMware vCenter\n04.8.0."
"value": "Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects: Hitachi Storage Plug-in for VMware vCenter 04.8.0."
}
]
},

7
2022/2xxx/CVE-2022-2975.json
View File

@ -80,8 +80,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://download.avaya.com/css/public/documents/101083688"
"refsource": "MISC",
"url": "https://download.avaya.com/css/public/documents/101083688",
"name": "https://download.avaya.com/css/public/documents/101083688"
}
]
},
@ -94,4 +95,4 @@
],
"discovery": "EXTERNAL"
}
}
}

55
2022/2xxx/CVE-2022-2986.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2986",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "patrick@puiterwijk.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "moodle",
"version": {
"version_data": [
{
"version_value": "moodle 4.0.3 and moodle 3.11.9"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CSRF"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2121360",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2121360"
},
{
"refsource": "MISC",
"name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75326",
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75326"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Enabling and disabling installed H5P libraries did not include the necessary token to prevent a CSRF risk."
}
]
}

4
2022/31xxx/CVE-2022-31252.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@suse.de",
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2022-09-02T00:00:00.000Z",
"ID": "CVE-2022-31252",
"STATE": "PUBLIC",
@ -87,7 +87,7 @@
"description_data": [
{
"lang": "eng",
"value": "A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolution.\nThis issue affects:\nSUSE Linux Enterprise Server 12-SP5\npermissions versions prior to 20170707.\nopenSUSE Leap 15.3\npermissions versions prior to 20200127.\nopenSUSE Leap 15.4\npermissions versions prior to 20201225.\nopenSUSE Leap Micro 5.2\npermissions versions prior to 20181225."
"value": "A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolution. This issue affects: SUSE Linux Enterprise Server 12-SP5 permissions versions prior to 20170707. openSUSE Leap 15.3 permissions versions prior to 20200127. openSUSE Leap 15.4 permissions versions prior to 20201225. openSUSE Leap Micro 5.2 permissions versions prior to 20181225."
}
]
},

188
2022/32xxx/CVE-2022-32171.json
View File

@ -1,87 +1,109 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vulnerabilitylab@mend.io",
"ID" : "CVE-2022-32171",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "Sep 28, 2022, 12:00:00 AM",
"TITLE" : "Zinc - Stored XSS"
},
"affects" : {
"vendor" : {
"vendor_data" : [ {
"vendor_name" : "zinc",
"product" : {
"product_data" : [ {
"product_name" : "zinc",
"version" : {
"version_data" : [ {
"version_value" : "v0.1.9",
"version_affected" : ">="
}, {
"version_value" : "v0.3.1",
"version_affected" : "<="
} ]
}
} ]
"CVE_data_meta": {
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"ID": "CVE-2022-32171",
"STATE": "PUBLIC",
"DATE_PUBLIC": "Sep 28, 2022, 12:00:00 AM",
"TITLE": "Zinc - Stored XSS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "zinc",
"product": {
"product_data": [
{
"product_name": "zinc",
"version": {
"version_data": [
{
"version_value": "v0.1.9",
"version_affected": ">="
},
{
"version_value": "v0.3.1",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
} ]
},
"credit": [
{
"lang": "eng",
"value": "Mend Vulnerability Research Team (MVR)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross-Site Scripting when using the delete user functionality. When an authenticated user deletes a user having a XSS payload in the user id field, the javascript payload will be executed and allow an attacker to access the user\u2019s credentials."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"version": 3.1,
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://github.com/zinclabs/zinc/commit/3376c248bade163430f9347742428f0a82cd322d",
"name": "https://github.com/zinclabs/zinc/commit/3376c248bade163430f9347742428f0a82cd322d"
},
{
"refsource": "MISC",
"url": "https://www.mend.io/vulnerability-database/CVE-2022-32171",
"name": "https://www.mend.io/vulnerability-database/CVE-2022-32171"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update version to v0.3.2 or later"
}
],
"source": {
"advisory": "https://www.mend.io/vulnerability-database/",
"discovery": "UNKNOWN"
}
},
"credit" : [ {
"lang" : "eng",
"value" : "Mend Vulnerability Research Team (MVR)"
} ],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [ {
"lang" : "eng",
"value" : "In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross-Site Scripting when using the delete user functionality. When an authenticated user deletes a user having a XSS payload in the user id field, the javascript payload will be executed and allow an attacker to access the users credentials."
} ]
},
"generator" : {
"engine" : "Vulnogram 0.0.9"
},
"impact" : {
"cvss" : {
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"confidentialityImpact" : "LOW",
"integrityImpact" : "LOW",
"privilegesRequired" : "LOW",
"scope" : "CHANGED",
"userInteraction" : "REQUIRED",
"version" : 3.1,
"baseScore" : 5.4,
"baseSeverity" : "MEDIUM"
}
},
"references" : {
"reference_data" : [ {
"refsource" : "MISC",
"url" : "https://www.mend.io/vulnerability-database/CVE-2022-32171"
}, {
"refsource" : "CONFIRM",
"url" : "https://github.com/zinclabs/zinc/commit/3376c248bade163430f9347742428f0a82cd322d"
} ]
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "eng",
"value" : "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
} ]
} ]
},
"solution" : [ {
"lang" : "eng",
"value" : "Update version to v0.3.2 or later"
} ],
"source" : {
"advisory" : "https://www.mend.io/vulnerability-database/",
"discovery" : "UNKNOWN"
}
}

188
2022/32xxx/CVE-2022-32172.json
View File

@ -1,87 +1,109 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vulnerabilitylab@mend.io",
"ID" : "CVE-2022-32172",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "Sep 28, 2022, 12:00:00 AM",
"TITLE" : "Zinc - Cross-Site Scripting"
},
"affects" : {
"vendor" : {
"vendor_data" : [ {
"vendor_name" : "zinc",
"product" : {
"product_data" : [ {
"product_name" : "zinc",
"version" : {
"version_data" : [ {
"version_value" : "v0.1.9",
"version_affected" : ">="
}, {
"version_value" : "v0.3.1",
"version_affected" : "<="
} ]
}
} ]
"CVE_data_meta": {
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"ID": "CVE-2022-32172",
"STATE": "PUBLIC",
"DATE_PUBLIC": "Sep 28, 2022, 12:00:00 AM",
"TITLE": "Zinc - Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "zinc",
"product": {
"product_data": [
{
"product_name": "zinc",
"version": {
"version_data": [
{
"version_value": "v0.1.9",
"version_affected": ">="
},
{
"version_value": "v0.3.1",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
} ]
},
"credit": [
{
"lang": "eng",
"value": "Mend Vulnerability Research Team (MVR)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross-Site Scripting when using the delete template functionality. When an authenticated user deletes a template with a XSS payload in the name field, the Javascript payload will be executed and allow an attacker to access the user\u2019s credentials."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"version": 3.1,
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.mend.io/vulnerability-database/CVE-2022-32172",
"name": "https://www.mend.io/vulnerability-database/CVE-2022-32172"
},
{
"refsource": "MISC",
"url": "https://github.com/zinclabs/zinc/commit/3376c248bade163430f9347742428f0a82cd322d",
"name": "https://github.com/zinclabs/zinc/commit/3376c248bade163430f9347742428f0a82cd322d"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update version to v0.3.2 or later"
}
],
"source": {
"advisory": "https://www.mend.io/vulnerability-database/",
"discovery": "UNKNOWN"
}
},
"credit" : [ {
"lang" : "eng",
"value" : "Mend Vulnerability Research Team (MVR)"
} ],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [ {
"lang" : "eng",
"value" : "In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross-Site Scripting when using the delete template functionality. When an authenticated user deletes a template with a XSS payload in the name field, the Javascript payload will be executed and allow an attacker to access the users credentials."
} ]
},
"generator" : {
"engine" : "Vulnogram 0.0.9"
},
"impact" : {
"cvss" : {
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"confidentialityImpact" : "LOW",
"integrityImpact" : "LOW",
"privilegesRequired" : "LOW",
"scope" : "CHANGED",
"userInteraction" : "REQUIRED",
"version" : 3.1,
"baseScore" : 5.4,
"baseSeverity" : "MEDIUM"
}
},
"references" : {
"reference_data" : [ {
"refsource" : "MISC",
"url" : "https://www.mend.io/vulnerability-database/CVE-2022-32172"
}, {
"refsource" : "CONFIRM",
"url" : "https://github.com/zinclabs/zinc/commit/3376c248bade163430f9347742428f0a82cd322d"
} ]
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "eng",
"value" : "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
} ]
} ]
},
"solution" : [ {
"lang" : "eng",
"value" : "Update version to v0.3.2 or later"
} ],
"source" : {
"advisory" : "https://www.mend.io/vulnerability-database/",
"discovery" : "UNKNOWN"
}
}

186
2022/36xxx/CVE-2022-36774.json
View File

@ -1,96 +1,96 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "File Manipulation",
"lang" : "eng"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6826013 (Robotic Process Automation)",
"name" : "https://www.ibm.com/support/pages/node/6826013",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6826013"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/233575",
"name" : "ibm-rpa-cve202236774-file-manipulation (233575)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
"problemtype": {
"problemtype_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "21.0.0"
},
{
"version_value" : "21.0.1"
},
{
"version_value" : "21.0.2"
}
]
},
"product_name" : "Robotic Process Automation"
}
]
},
"vendor_name" : "IBM"
"description": [
{
"value": "File Manipulation",
"lang": "eng"
}
]
}
]
}
},
"data_format" : "MITRE",
"CVE_data_meta" : {
"ID" : "CVE-2022-36774",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2022-10-03T00:00:00"
},
"impact" : {
"cvssv3" : {
"BM" : {
"C" : "N",
"I" : "H",
"S" : "U",
"UI" : "N",
"A" : "N",
"PR" : "N",
"AV" : "A",
"AC" : "L",
"SCORE" : "6.500"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to man in the middle attacks through manipulation of the client proxy configuration. IBM X-Force ID: 233575.",
"lang" : "eng"
}
]
},
"data_version" : "4.0"
}
]
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6826013 (Robotic Process Automation)",
"name": "https://www.ibm.com/support/pages/node/6826013",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6826013"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/233575",
"name": "ibm-rpa-cve202236774-file-manipulation (233575)",
"refsource": "XF",
"title": "X-Force Vulnerability Report"
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "21.0.0"
},
{
"version_value": "21.0.1"
},
{
"version_value": "21.0.2"
}
]
},
"product_name": "Robotic Process Automation"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-36774",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2022-10-03T00:00:00"
},
"impact": {
"cvssv3": {
"BM": {
"C": "N",
"I": "H",
"S": "U",
"UI": "N",
"A": "N",
"PR": "N",
"AV": "A",
"AC": "L",
"SCORE": "6.500"
},
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
}
},
"description": {
"description_data": [
{
"value": "IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to man in the middle attacks through manipulation of the client proxy configuration. IBM X-Force ID: 233575.",
"lang": "eng"
}
]
},
"data_version": "4.0"
}

65
2022/37xxx/CVE-2022-37888.json
View File

@ -4,14 +4,73 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-37888",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-alert@hpe.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;",
"version": {
"version_data": [
{
"version_value": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"version_value": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"version_value": "Aruba InstantOS 8.6.x: 8.6.0.18 and below"
},
{
"version_value": "Aruba InstantOS 8.7.x: 8.7.1.9 and below"
},
{
"version_value": "Aruba InstantOS 8.10.x: 8.10.0.1 and below"
},
{
"version_value": "ArubaOS 10.3.x: 10.3.1.0 and below"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities."
}
]
}

10
2022/38xxx/CVE-2022-38538.json
View File

@ -56,6 +56,16 @@
"url": "https://github.com/hhyo/Archery/blob/v1.8.5/sql/urls.py#L145",
"refsource": "MISC",
"name": "https://github.com/hhyo/Archery/blob/v1.8.5/sql/urls.py#L145"
},
{
"refsource": "MISC",
"name": "https://announcements.bybit.com/en-US/article/bybit-improves-the-security-of-the-open-source-community-blt626818c0ee8c48a6/",
"url": "https://announcements.bybit.com/en-US/article/bybit-improves-the-security-of-the-open-source-community-blt626818c0ee8c48a6/"
},
{
"refsource": "MISC",
"name": "https://github.com/hhyo/Archery/issues/1841",
"url": "https://github.com/hhyo/Archery/issues/1841"
}
]
}

10
2022/38xxx/CVE-2022-38540.json
View File

@ -56,6 +56,16 @@
"url": "https://github.com/hhyo/Archery/blob/v1.8.5/sql/urls.py#L148",
"refsource": "MISC",
"name": "https://github.com/hhyo/Archery/blob/v1.8.5/sql/urls.py#L148"
},
{
"refsource": "MISC",
"name": "https://announcements.bybit.com/en-US/article/bybit-improves-the-security-of-the-open-source-community-blt626818c0ee8c48a6/",
"url": "https://announcements.bybit.com/en-US/article/bybit-improves-the-security-of-the-open-source-community-blt626818c0ee8c48a6/"
},
{
"refsource": "MISC",
"name": "https://github.com/hhyo/Archery/issues/1841",
"url": "https://github.com/hhyo/Archery/issues/1841"
}
]
}

192
2022/38xxx/CVE-2022-38709.json
View File

@ -1,99 +1,99 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Cross-Site Scripting",
"lang" : "eng"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6826011 (Robotic Process Automation)",
"name" : "https://www.ibm.com/support/pages/node/6826011",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6826011"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-rpa-cve202238709-xss (234291)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/234291",
"refsource" : "XF"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"problemtype": {
"problemtype_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "21.0.0"
},
{
"version_value" : "21.0.1"
},
{
"version_value" : "21.0.2"
},
{
"version_value" : "21.0.3"
}
]
},
"product_name" : "Robotic Process Automation"
}
]
}
"description": [
{
"value": "Cross-Site Scripting",
"lang": "eng"
}
]
}
]
}
},
"data_type" : "CVE",
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "H"
},
"BM" : {
"A" : "N",
"PR" : "N",
"UI" : "R",
"S" : "C",
"I" : "L",
"C" : "L",
"SCORE" : "6.100",
"AC" : "L",
"AV" : "N"
}
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 for Cloud Pak is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 234291."
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2022-10-03T00:00:00",
"ID" : "CVE-2022-38709"
},
"data_format" : "MITRE"
}
]
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6826011 (Robotic Process Automation)",
"name": "https://www.ibm.com/support/pages/node/6826011",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6826011"
},
{
"title": "X-Force Vulnerability Report",
"name": "ibm-rpa-cve202238709-xss (234291)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/234291",
"refsource": "XF"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "21.0.0"
},
{
"version_value": "21.0.1"
},
{
"version_value": "21.0.2"
},
{
"version_value": "21.0.3"
}
]
},
"product_name": "Robotic Process Automation"
}
]
}
}
]
}
},
"data_type": "CVE",
"data_version": "4.0",
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"RL": "O",
"E": "H"
},
"BM": {
"A": "N",
"PR": "N",
"UI": "R",
"S": "C",
"I": "L",
"C": "L",
"SCORE": "6.100",
"AC": "L",
"AV": "N"
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 for Cloud Pak is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 234291."
}
]
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2022-10-03T00:00:00",
"ID": "CVE-2022-38709"
},
"data_format": "MITRE"
}

2
2022/39xxx/CVE-2022-39222.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex instances with public clients (and by extension, clients accepting tokens issued by those Dex instances) are affected by this vulnerability if they are running a version prior to 2.35.0. An attacker can exploit this vulnerability by making a victim navigate to a malicious website and guiding them through the OIDC flow, stealing the OAuth authorization code in the process. The authorization code then can be exchanged by the attacker for a token, gaining access to applications accepting that token. Version 2.35.0 has introduced a fix for this issue. Users are advised to upgrade. There are no known workarounds for this issue.\n"
"value": "Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex instances with public clients (and by extension, clients accepting tokens issued by those Dex instances) are affected by this vulnerability if they are running a version prior to 2.35.0. An attacker can exploit this vulnerability by making a victim navigate to a malicious website and guiding them through the OIDC flow, stealing the OAuth authorization code in the process. The authorization code then can be exchanged by the attacker for a token, gaining access to applications accepting that token. Version 2.35.0 has introduced a fix for this issue. Users are advised to upgrade. There are no known workarounds for this issue."
}
]
},

2
2022/39xxx/CVE-2022-39273.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "FlyteAdmin is the control plane for the data processing platform Flyte. Users who enable the default Flytes authorization server without changing the default clientid hashes will be exposed to the public internet. In an effort to make enabling authentication easier for Flyte administrators, the default configuration for Flyte Admin allows access for Flyte Propeller even after turning on authentication via a hardcoded hashed password. This password is also set on the default Flyte Propeller configmap in the various Flyte Helm charts. Users who enable auth but do not override this setting in Flyte Admins configuration may unbeknownst to them be allowing public traffic in by way of this default password with attackers effectively impersonating propeller. This only applies to users who have not specified the ExternalAuthorizationServer setting. Usage of an external auth server automatically turns off this default configuration and are not susceptible to this vulnerability. This issue has been addressed in version 1.1.44. Users should manually set the staticClients in the selfAuthServer section of their configuration if they intend to rely on Admins internal auth server. Again, users who use an external auth server are automatically protected from this vulnerability."
"value": "FlyteAdmin is the control plane for the data processing platform Flyte. Users who enable the default Flyte\u2019s authorization server without changing the default clientid hashes will be exposed to the public internet. In an effort to make enabling authentication easier for Flyte administrators, the default configuration for Flyte Admin allows access for Flyte Propeller even after turning on authentication via a hardcoded hashed password. This password is also set on the default Flyte Propeller configmap in the various Flyte Helm charts. Users who enable auth but do not override this setting in Flyte Admin\u2019s configuration may unbeknownst to them be allowing public traffic in by way of this default password with attackers effectively impersonating propeller. This only applies to users who have not specified the ExternalAuthorizationServer setting. Usage of an external auth server automatically turns off this default configuration and are not susceptible to this vulnerability. This issue has been addressed in version 1.1.44. Users should manually set the staticClients in the selfAuthServer section of their configuration if they intend to rely on Admin\u2019s internal auth server. Again, users who use an external auth server are automatically protected from this vulnerability."
}
]
},

2
2022/39xxx/CVE-2022-39274.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "LoRaMac-node is a reference implementation and documentation of a LoRa network node. Versions of LoRaMac-node prior to 4.7.0 are vulnerable to a buffer overflow. Improper size validation of the incoming radio frames can lead to an 65280-byte out-of-bounds write. The function `ProcessRadioRxDone` implicitly expects incoming radio frames to have at least a payload of one byte or more.\nAn empty payload leads to a 1-byte out-of-bounds read of user controlled content when the payload buffer is reused. This allows an attacker to craft a FRAME_TYPE_PROPRIETARY frame with size -1 which results in an 65280-byte out-of-bounds memcopy likely with partially controlled attacker data. Corrupting a large part if the data section is likely to cause a DoS. If the large out-of-bounds write does not immediately crash the attacker may gain control over the execution due to now controlling large parts of the data section. Users are advised to upgrade either by updating their package or by manually applying the patch commit `e851b079`.\n"
"value": "LoRaMac-node is a reference implementation and documentation of a LoRa network node. Versions of LoRaMac-node prior to 4.7.0 are vulnerable to a buffer overflow. Improper size validation of the incoming radio frames can lead to an 65280-byte out-of-bounds write. The function `ProcessRadioRxDone` implicitly expects incoming radio frames to have at least a payload of one byte or more. An empty payload leads to a 1-byte out-of-bounds read of user controlled content when the payload buffer is reused. This allows an attacker to craft a FRAME_TYPE_PROPRIETARY frame with size -1 which results in an 65280-byte out-of-bounds memcopy likely with partially controlled attacker data. Corrupting a large part if the data section is likely to cause a DoS. If the large out-of-bounds write does not immediately crash the attacker may gain control over the execution due to now controlling large parts of the data section. Users are advised to upgrade either by updating their package or by manually applying the patch commit `e851b079`."
}
]
},

2
2022/39xxx/CVE-2022-39275.json
View File

@ -53,7 +53,7 @@
"description_data": [
{
"lang": "eng",
"value": "Saleor is a headless, GraphQL commerce platform. In affected versions some GraphQL mutations were not properly checking the ID type input which allowed to access database objects that the authenticated user may not be allowed to access. This vulnerability can be used to expose the following information: Estimating database row counts from tables with a sequential primary key or Exposing staff user and customer email addresses and full name through the `assignNavigation()` mutation. This issue has been patched in main and backported to multiple releases (3.7.17, 3.6.18, 3.5.23, 3.4.24, 3.3.26, 3.2.14, 3.1.24). Users are advised to upgrade. There are no known workarounds for this issue.\n"
"value": "Saleor is a headless, GraphQL commerce platform. In affected versions some GraphQL mutations were not properly checking the ID type input which allowed to access database objects that the authenticated user may not be allowed to access. This vulnerability can be used to expose the following information: Estimating database row counts from tables with a sequential primary key or Exposing staff user and customer email addresses and full name through the `assignNavigation()` mutation. This issue has been patched in main and backported to multiple releases (3.7.17, 3.6.18, 3.5.23, 3.4.24, 3.3.26, 3.2.14, 3.1.24). Users are advised to upgrade. There are no known workarounds for this issue."
}
]
},

12
2022/39xxx/CVE-2022-39280.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "dparse is a parser for Python dependency files. dparse in versions before 0.5.2 contain a regular expression that is vulnerable to a Regular Expression Denial of Service. All the users parsing index server URLs with dparse are impacted by this vulnerability. A patch has been applied in version `0.5.2`, all the users are advised to upgrade to `0.5.2` as soon as possible. Users unable to upgrade should avoid passing index server URLs in the source file to be parsed."
"value": "dparse is a parser for Python dependency files. dparse in versions before 0.5.2 contain a regular expression that is vulnerable to a Regular Expression Denial of Service. All the users parsing index server URLs with dparse are impacted by this vulnerability. A patch has been applied in version `0.5.2`, all the users are advised to upgrade to `0.5.2` as soon as possible. Users unable to upgrade should avoid passing index server URLs in the source file to be parsed."
}
]
},
@ -69,6 +69,11 @@
},
"references": {
"reference_data": [
{
"name": "https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS",
"refsource": "MISC",
"url": "https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS"
},
{
"name": "https://github.com/pyupio/dparse/security/advisories/GHSA-8fg9-p83m-x5pq",
"refsource": "CONFIRM",
@ -83,11 +88,6 @@
"name": "https://github.com/pyupio/dparse/commit/d87364f9db9ab916451b1b036cfeb039e726e614",
"refsource": "MISC",
"url": "https://github.com/pyupio/dparse/commit/d87364f9db9ab916451b1b036cfeb039e726e614"
},
{
"name": "https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS",
"refsource": "MISC",
"url": "https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS"
}
]
},

56
2022/39xxx/CVE-2022-39988.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-39988",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-39988",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cross-site scripting (XSS) vulnerability in Centreon 22.04.0 allows attackers to execute arbitrary web script or HTML via a crafted payload injected into the Service>Templates service_alias parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/168585/Centreon-22.04.0-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/168585/Centreon-22.04.0-Cross-Site-Scripting.html"
}
]
}

93
2022/3xxx/CVE-2022-3396.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-10-04T17:21:00.000Z",
"ID": "CVE-2022-3396",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "OMRON CX-Programmer Out-of-bounds Write"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CX-Programmer",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "9.78"
}
]
}
}
]
},
"vendor_name": "OMRON"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Xina1i, working with Trend Micro\u2019s Zero Day Initiative reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-277-04",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-277-04"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Omron has released an update through their Auto Update Service to fix the reported issues. Omron recommends updating to the latest version: Omron CX-Programmer v9.79\n\nFor more information, users should see the Omron release note."
}
],
"source": {
"discovery": "UNKNOWN"
}
}

93
2022/3xxx/CVE-2022-3397.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-10-04T17:21:00.000Z",
"ID": "CVE-2022-3397",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "OMRON CX-Programmer Out-of-bounds Write"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CX-Programmer",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "9.78"
}
]
}
}
]
},
"vendor_name": "OMRON"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Xina1i, working with Trend Micro\u2019s Zero Day Initiative reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-277-04",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-277-04"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Omron has released an update through their Auto Update Service to fix the reported issues. Omron recommends updating to the latest version: Omron CX-Programmer v9.79\n\nFor more information, users should see the Omron release note."
}
],
"source": {
"discovery": "UNKNOWN"
}
}

93
2022/3xxx/CVE-2022-3398.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-10-04T17:21:00.000Z",
"ID": "CVE-2022-3398",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "OMRON CX-Programmer Out-of-bounds Write"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CX-Programmer",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "9.78"
}
]
}
}
]
},
"vendor_name": "OMRON"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Xina1i, working with Trend Micro\u2019s Zero Day Initiative reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-277-04",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-277-04"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Omron has released an update through their Auto Update Service to fix the reported issues. Omron recommends updating to the latest version: Omron CX-Programmer v9.79\n\nFor more information, users should see the Omron release note."
}
],
"source": {
"discovery": "UNKNOWN"
}
}

7
2022/40xxx/CVE-2022-40157.json
View File

@ -74,12 +74,13 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47061"
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47061",
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47061"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}

7
2022/40xxx/CVE-2022-40158.json
View File

@ -74,12 +74,13 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47058"
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47058",
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47058"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}

7
2022/40xxx/CVE-2022-40159.json
View File

@ -74,12 +74,13 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47057"
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47057",
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47057"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}

7
2022/40xxx/CVE-2022-40160.json
View File

@ -74,12 +74,13 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47053"
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47053",
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47053"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}

9
2022/40xxx/CVE-2022-40161.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "Those using JXPath to interpret XPath may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack."
"value": "Those using JXPath to interpret XPath may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack."
}
]
},
@ -74,12 +74,13 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47097"
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47097",
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47097"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}

66
2022/40xxx/CVE-2022-40895.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-40895",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-40895",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could allow an unauthenticated, remote attacker to affect the integrity of a device via a User Enumeration vulnerability. The vulnerability is due to insecure design, where a difference in forgot password utility could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. This affects NeDi 1.0.7 for OS X 1.0.7 <= and NeDi for Suse 1.0.7 <= and NeDi for FreeBSD 1.0.7 <=."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://forum.nedi.ch/index.php",
"refsource": "MISC",
"name": "http://forum.nedi.ch/index.php"
},
{
"url": "https://www.nedi.ch/",
"refsource": "MISC",
"name": "https://www.nedi.ch/"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/UditChavda/2f2effa477a429b485ae7e2dc3bbd04f",
"url": "https://gist.github.com/UditChavda/2f2effa477a429b485ae7e2dc3bbd04f"
}
]
}

198
2022/41xxx/CVE-2022-41294.json
View File

@ -1,102 +1,102 @@
{
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6825985 (Robotic Process Automation)",
"url" : "https://www.ibm.com/support/pages/node/6825985",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6825985"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/236807",
"name" : "ibm-rpa-cve202241294-cors (236807)",
"refsource" : "XF"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
]
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM Robotic Process Automation 21.0.0, 21.0.1, 21.0.2, 21.0.3, and 21.0.4 is vulnerable to cross origin resource sharing using the bot api. IBM X-Force ID: 236807.",
"lang" : "eng"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"C" : "L",
"I" : "L",
"S" : "U",
"UI" : "N",
"PR" : "N",
"A" : "N",
"AV" : "N",
"AC" : "L",
"SCORE" : "6.500"
}
}
},
"CVE_data_meta" : {
"ID" : "CVE-2022-41294",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2022-10-03T00:00:00"
},
"data_format" : "MITRE",
"data_version" : "4.0",
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
"references": {
"reference_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "21.0.0"
},
{
"version_value" : "21.0.1"
},
{
"version_value" : "21.0.2"
},
{
"version_value" : "21.0.3"
},
{
"version_value" : "21.0.4"
}
]
},
"product_name" : "Robotic Process Automation"
}
]
}
"title": "IBM Security Bulletin 6825985 (Robotic Process Automation)",
"url": "https://www.ibm.com/support/pages/node/6825985",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6825985"
},
{
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/236807",
"name": "ibm-rpa-cve202241294-cors (236807)",
"refsource": "XF"
}
]
}
}
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Access",
"lang": "eng"
}
]
}
]
},
"description": {
"description_data": [
{
"value": "IBM Robotic Process Automation 21.0.0, 21.0.1, 21.0.2, 21.0.3, and 21.0.4 is vulnerable to cross origin resource sharing using the bot api. IBM X-Force ID: 236807.",
"lang": "eng"
}
]
},
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
},
"BM": {
"C": "L",
"I": "L",
"S": "U",
"UI": "N",
"PR": "N",
"A": "N",
"AV": "N",
"AC": "L",
"SCORE": "6.500"
}
}
},
"CVE_data_meta": {
"ID": "CVE-2022-41294",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-10-03T00:00:00"
},
"data_format": "MITRE",
"data_version": "4.0",
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "21.0.0"
},
{
"version_value": "21.0.1"
},
{
"version_value": "21.0.2"
},
{
"version_value": "21.0.3"
},
{
"version_value": "21.0.4"
}
]
},
"product_name": "Robotic Process Automation"
}
]
}
}
]
}
}
}

56
2022/41xxx/CVE-2022-41517.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-41517",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-41517",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a stack overflow in the lang parameter in the setLanguageCfg function"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://brief-nymphea-813.notion.site/TOTOLink-NR1800X-f97f2b9552c04eaf85fce31bccbfcf04",
"refsource": "MISC",
"name": "https://brief-nymphea-813.notion.site/TOTOLink-NR1800X-f97f2b9552c04eaf85fce31bccbfcf04"
}
]
}

56
2022/41xxx/CVE-2022-41518.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-41518",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-41518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection vulnerability via the UploadFirmwareFile function at /cgi-bin/cstecgi.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://brief-nymphea-813.notion.site/NR1800X-command-injection-UploadFirmwareFile-a98e96086d824b7d8b788a8639322457",
"refsource": "MISC",
"name": "https://brief-nymphea-813.notion.site/NR1800X-command-injection-UploadFirmwareFile-a98e96086d824b7d8b788a8639322457"
}
]
}

56
2022/41xxx/CVE-2022-41520.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-41520",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-41520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the File parameter in the UploadCustomModule function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://brief-nymphea-813.notion.site/NR1800X-bof-UploadCustomModule-2bcabf2017084213b9a238fab938d782",
"refsource": "MISC",
"name": "https://brief-nymphea-813.notion.site/NR1800X-bof-UploadCustomModule-2bcabf2017084213b9a238fab938d782"
}
]
}

56
2022/41xxx/CVE-2022-41521.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-41521",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-41521",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the sPort/ePort parameter in the setIpPortFilterRules function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://brief-nymphea-813.notion.site/NR1800X-bof-setIpPortFilterRules-fd99f83f37ad40fab7d7b376942633d2",
"refsource": "MISC",
"name": "https://brief-nymphea-813.notion.site/NR1800X-bof-setIpPortFilterRules-fd99f83f37ad40fab7d7b376942633d2"
}
]
}

66
2022/41xxx/CVE-2022-41556.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-41556",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-41556",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://git.lighttpd.net/lighttpd/lighttpd1.4/commit/b18de6f9264f914f7bf493abd3b6059343548e50",
"refsource": "MISC",
"name": "https://git.lighttpd.net/lighttpd/lighttpd1.4/commit/b18de6f9264f914f7bf493abd3b6059343548e50"
},
{
"refsource": "MISC",
"name": "https://github.com/lighttpd/lighttpd1.4/pull/115",
"url": "https://github.com/lighttpd/lighttpd1.4/pull/115"
},
{
"refsource": "MISC",
"name": "https://github.com/lighttpd/lighttpd1.4/compare/lighttpd-1.4.66...lighttpd-1.4.67",
"url": "https://github.com/lighttpd/lighttpd1.4/compare/lighttpd-1.4.66...lighttpd-1.4.67"
}
]
}

171
2022/41xxx/CVE-2022-41852.json
View File

@ -1,86 +1,87 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"DATE_PUBLIC": "2022-07-28T22:00:00.000Z",
"ID": "CVE-2022-41852",
"STATE": "PUBLIC",
"TITLE": "Remote code execution in jxpath"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "jxpath",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "1.3"
}
]
}
}
]
},
"vendor_name": "jxpath"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Those using JXPath to interpret untrusted XPath expressions may be vulnerable to a remote code execution attack. All JXPathContext class functions processing a XPath string are vulnerable except compile() and compilePath() function. The XPath expression can be used by an attacker to load any Java class from the classpath resulting in code execution."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47133"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"DATE_PUBLIC": "2022-07-28T22:00:00.000Z",
"ID": "CVE-2022-41852",
"STATE": "PUBLIC",
"TITLE": "Remote code execution in jxpath"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "jxpath",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "1.3"
}
]
}
}
]
},
"vendor_name": "jxpath"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Those using JXPath to interpret untrusted XPath expressions may be vulnerable to a remote code execution attack. All JXPathContext class functions processing a XPath string are vulnerable except compile() and compilePath() function. The XPath expression can be used by an attacker to load any Java class from the classpath resulting in code execution."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47133",
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47133"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

180
2022/41xxx/CVE-2022-41853.json
View File

@ -1,90 +1,92 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"DATE_PUBLIC": "2021-07-26T22:00:00.000Z",
"ID": "CVE-2022-41853",
"STATE": "PUBLIC",
"TITLE": "Remote code execution in HyperSQL DataBase"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "hsqldb",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "2.7.1"
}
]
}
}
]
},
"vendor_name": "HyperSQL DataBase"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can be prevented by updating to 2.7.1 or by setting the system property \"hsqldb.method_class_names\" to classes which are allowed to be called. For example, System.setProperty(\"hsqldb.method_class_names\", \"abc\") or Java argument -Dhsqldb.method_class_names=\"abc\" can be used. From version 2.7.1 all classes by default are not accessible except those in java.lang.Math and need to be manually enabled."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50212#c7"
},
{
"refsource": "CONFIRM",
"url": "http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"DATE_PUBLIC": "2021-07-26T22:00:00.000Z",
"ID": "CVE-2022-41853",
"STATE": "PUBLIC",
"TITLE": "Remote code execution in HyperSQL DataBase"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "hsqldb",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "2.7.1"
}
]
}
}
]
},
"vendor_name": "HyperSQL DataBase"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can be prevented by updating to 2.7.1 or by setting the system property \"hsqldb.method_class_names\" to classes which are allowed to be called. For example, System.setProperty(\"hsqldb.method_class_names\", \"abc\") or Java argument -Dhsqldb.method_class_names=\"abc\" can be used. From version 2.7.1 all classes by default are not accessible except those in java.lang.Math and need to be manually enabled."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50212#c7",
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50212#c7"
},
{
"refsource": "MISC",
"url": "http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control",
"name": "http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

56
2022/42xxx/CVE-2022-42241.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42241",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-42241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/classes/Master.php?f=delete_message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/aabbcc8997/bug_report/blob/main/vendors/oretnom23/simple-cold-storage-management-system/SQLi-3.md",
"url": "https://github.com/aabbcc8997/bug_report/blob/main/vendors/oretnom23/simple-cold-storage-management-system/SQLi-3.md"
}
]
}

56
2022/42xxx/CVE-2022-42242.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42242",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-42242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/classes/Master.php?f=delete_booking."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/aabbcc8997/bug_report/blob/main/vendors/oretnom23/simple-cold-storage-management-system/SQLi-2.md",
"url": "https://github.com/aabbcc8997/bug_report/blob/main/vendors/oretnom23/simple-cold-storage-management-system/SQLi-2.md"
}
]
}

56
2022/42xxx/CVE-2022-42243.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42243",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-42243",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/storages/manage_storage.php?id=."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/aabbcc8997/bug_report/blob/main/vendors/oretnom23/simple-cold-storage-management-system/SQLi-1.md",
"url": "https://github.com/aabbcc8997/bug_report/blob/main/vendors/oretnom23/simple-cold-storage-management-system/SQLi-1.md"
}
]
}

56
2022/42xxx/CVE-2022-42249.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42249",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-42249",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/storages/view_storage.php?id=."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/fateroot/bug_report/blob/main/vendors/oretnom23/simple-cold-storage-management-system/SQLi-2.md",
"url": "https://github.com/fateroot/bug_report/blob/main/vendors/oretnom23/simple-cold-storage-management-system/SQLi-2.md"
}
]
}

56
2022/42xxx/CVE-2022-42250.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42250",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-42250",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/inquiries/view_details.php?id=."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/fateroot/bug_report/blob/main/vendors/oretnom23/simple-cold-storage-management-system/SQLi-1.md",
"url": "https://github.com/fateroot/bug_report/blob/main/vendors/oretnom23/simple-cold-storage-management-system/SQLi-1.md"
}
]
}

18
2022/42xxx/CVE-2022-42435.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42435",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/42xxx/CVE-2022-42436.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42436",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/42xxx/CVE-2022-42437.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42437",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/42xxx/CVE-2022-42438.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42438",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/42xxx/CVE-2022-42439.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42439",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/42xxx/CVE-2022-42440.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42440",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/42xxx/CVE-2022-42441.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42441",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/42xxx/CVE-2022-42442.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42442",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/42xxx/CVE-2022-42443.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42443",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/42xxx/CVE-2022-42444.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42444",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/42xxx/CVE-2022-42445.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42445",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/42xxx/CVE-2022-42446.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42446",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/42xxx/CVE-2022-42447.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42447",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/42xxx/CVE-2022-42448.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42448",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/42xxx/CVE-2022-42449.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42449",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/42xxx/CVE-2022-42450.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42450",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/42xxx/CVE-2022-42451.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42451",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/42xxx/CVE-2022-42452.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42452",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/42xxx/CVE-2022-42453.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42453",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/42xxx/CVE-2022-42454.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42454",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/42xxx/CVE-2022-42455.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42455",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/42xxx/CVE-2022-42456.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42456",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

86
2022/42xxx/CVE-2022-42457.json Normal file
View File

@ -0,0 +1,86 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-42457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Generex CS141 before 2.08 allows remote command execution by administrators via a web interface that reaches run_update in /usr/bin/gxserve-update.sh (e.g., command execution can occur via a reverse shell installed by install.sh)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/hubertfarnsworth12/Generex-CS141-Authenticated-Remote-Command-Execution",
"refsource": "MISC",
"name": "https://github.com/hubertfarnsworth12/Generex-CS141-Authenticated-Remote-Command-Execution"
},
{
"url": "https://www.generex.de/products/ups/",
"refsource": "MISC",
"name": "https://www.generex.de/products/ups/"
},
{
"url": "https://www.generex.de/support/downloads/ups/cs141",
"refsource": "MISC",
"name": "https://www.generex.de/support/downloads/ups/cs141"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:H/S:C/UI:N",
"version": "3.1"
}
}
}