admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #666 from CVEProject/master

Browse Source 
XFA Rebase
This commit is contained in:
Scott Moore 2022-09-28 11:48:52 -04:00 committed by GitHub
commit 8deb8a745c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
811 changed files with 29520 additions and 1655 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
2014/2xxx/CVE-2014-2265.json
View File

@ -57,15 +57,25 @@
"refsource": "CONFIRM",
"url": "http://contactform7.com/2014/02/26/contact-form-7-372/"
},
{
"name": "http://www.hedgehogsecurity.co.uk/2014/02/26/contactform7-vulnerability/",
"refsource": "MISC",
"url": "http://www.hedgehogsecurity.co.uk/2014/02/26/contactform7-vulnerability/"
},
{
"name": "http://wordpress.org/plugins/contact-form-7/changelog",
"refsource": "CONFIRM",
"url": "http://wordpress.org/plugins/contact-form-7/changelog"
},
{
"refsource": "MISC",
"name": "http://web.archive.org/web/20140727133642/http://www.hedgehogsecurity.co.uk/2014/02/26/contactform7-vulnerability/",
"url": "http://web.archive.org/web/20140727133642/http://www.hedgehogsecurity.co.uk/2014/02/26/contactform7-vulnerability/"
},
{
"refsource": "MISC",
"name": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-contact-form-7-security-bypass-3-7-1/",
"url": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-contact-form-7-security-bypass-3-7-1/"
},
{
"refsource": "MISC",
"name": "https://www.cvedetails.com/cve/CVE-2014-2265/",
"url": "https://www.cvedetails.com/cve/CVE-2014-2265/"
}
]
}

5
2017/20xxx/CVE-2017-20147.json
View File

@ -56,6 +56,11 @@
"url": "https://bugs.gentoo.org/631140",
"refsource": "MISC",
"name": "https://bugs.gentoo.org/631140"
},
{
"refsource": "GENTOO",
"name": "GLSA-202209-08",
"url": "https://security.gentoo.org/glsa/202209-08"
}
]
}

5
2017/20xxx/CVE-2017-20148.json
View File

@ -56,6 +56,11 @@
"url": "https://bugs.gentoo.org/630752",
"refsource": "MISC",
"name": "https://bugs.gentoo.org/630752"
},
{
"refsource": "GENTOO",
"name": "GLSA-202209-10",
"url": "https://security.gentoo.org/glsa/202209-10"
}
]
}

5
2017/7xxx/CVE-2017-7603.json
View File

@ -56,6 +56,11 @@
"name": "https://blogs.gentoo.org/ago/2017/04/01/libaacplus-signed-integer-overflow-left-shift-and-assertion-failure/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/04/01/libaacplus-signed-integer-overflow-left-shift-and-assertion-failure/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202209-13",
"url": "https://security.gentoo.org/glsa/202209-13"
}
]
}

5
2017/7xxx/CVE-2017-7604.json
View File

@ -56,6 +56,11 @@
"name": "https://blogs.gentoo.org/ago/2017/04/01/libaacplus-signed-integer-overflow-left-shift-and-assertion-failure/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/04/01/libaacplus-signed-integer-overflow-left-shift-and-assertion-failure/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202209-13",
"url": "https://security.gentoo.org/glsa/202209-13"
}
]
}

5
2017/7xxx/CVE-2017-7605.json
View File

@ -56,6 +56,11 @@
"name": "https://blogs.gentoo.org/ago/2017/04/01/libaacplus-signed-integer-overflow-left-shift-and-assertion-failure/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/04/01/libaacplus-signed-integer-overflow-left-shift-and-assertion-failure/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202209-13",
"url": "https://security.gentoo.org/glsa/202209-13"
}
]
}

5
2018/18xxx/CVE-2018-18897.json
View File

@ -71,6 +71,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:2713",
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
}
]
}

5
2018/19xxx/CVE-2018-19058.json
View File

@ -76,6 +76,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201108 [SECURITY] [DLA 2440-1] poppler security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
}
]
}

5
2018/20xxx/CVE-2018-20650.json
View File

@ -91,6 +91,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201108 [SECURITY] [DLA 2440-1] poppler security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
}
]
}

5
2018/25xxx/CVE-2018-25047.json
View File

@ -71,6 +71,11 @@
"url": "https://bugs.gentoo.org/870100",
"refsource": "MISC",
"name": "https://bugs.gentoo.org/870100"
},
{
"refsource": "GENTOO",
"name": "GLSA-202209-09",
"url": "https://security.gentoo.org/glsa/202209-09"
}
]
}

5
2019/14xxx/CVE-2019-14494.json
View File

@ -81,6 +81,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201108 [SECURITY] [DLA 2440-1] poppler security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
}
]
}

5
2019/9xxx/CVE-2019-9903.json
View File

@ -91,6 +91,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:2713",
"url": "https://access.redhat.com/errata/RHSA-2019:2713"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
}
]
}

5
2019/9xxx/CVE-2019-9959.json
View File

@ -86,6 +86,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201108 [SECURITY] [DLA 2440-1] poppler security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
}
]
}

10
2020/10xxx/CVE-2020-10735.json
View File

@ -138,6 +138,16 @@
"refsource": "FEDORA",
"name": "FEDORA-2022-0b3904c674",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PD7FTLJOIGMUSCDR3JAN6WRFHJEE4PH5/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-141f632a6f",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/76YE7AM37MRU76XJV4M27CWDAMUGNRYK/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-ac82a548df",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZEOAJWGGY55QU35UM2OVZATBW5MX2OZD/"
}
]
},

2
2020/10xxx/CVE-2020-10919.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. When transmitting passwords, the process encrypts them in a recoverable format using a hard-coded key. An attacker can leverage this vulnerability to disclose credentials, leading to further compromise. Was ZDI-CAN-10185."
"value": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. When transmitting passwords, the process encrypts them in a recoverable format. An attacker can leverage this vulnerability to disclose credentials, leading to further compromise. Was ZDI-CAN-10185."
}
]
},

5
2020/14xxx/CVE-2020-14556.json
View File

@ -133,6 +133,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1893",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202209-15",
"url": "https://security.gentoo.org/glsa/202209-15"
}
]
}

5
2020/14xxx/CVE-2020-14562.json
View File

@ -104,6 +104,11 @@
"refsource": "GENTOO",
"name": "GLSA-202008-24",
"url": "https://security.gentoo.org/glsa/202008-24"
},
{
"refsource": "GENTOO",
"name": "GLSA-202209-15",
"url": "https://security.gentoo.org/glsa/202209-15"
}
]
}

5
2020/14xxx/CVE-2020-14573.json
View File

@ -109,6 +109,11 @@
"refsource": "CONFIRM",
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10332",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10332"
},
{
"refsource": "GENTOO",
"name": "GLSA-202209-15",
"url": "https://security.gentoo.org/glsa/202209-15"
}
]
}

5
2020/14xxx/CVE-2020-14577.json
View File

@ -128,6 +128,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1893",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202209-15",
"url": "https://security.gentoo.org/glsa/202209-15"
}
]
}

5
2020/14xxx/CVE-2020-14578.json
View File

@ -113,6 +113,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1893",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202209-15",
"url": "https://security.gentoo.org/glsa/202209-15"
}
]
}

5
2020/14xxx/CVE-2020-14579.json
View File

@ -113,6 +113,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1893",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202209-15",
"url": "https://security.gentoo.org/glsa/202209-15"
}
]
}

5
2020/14xxx/CVE-2020-14581.json
View File

@ -133,6 +133,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1893",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202209-15",
"url": "https://security.gentoo.org/glsa/202209-15"
}
]
}

5
2020/14xxx/CVE-2020-14583.json
View File

@ -133,6 +133,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1893",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202209-15",
"url": "https://security.gentoo.org/glsa/202209-15"
}
]
}

5
2020/14xxx/CVE-2020-14593.json
View File

@ -133,6 +133,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1893",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202209-15",
"url": "https://security.gentoo.org/glsa/202209-15"
}
]
}

5
2020/14xxx/CVE-2020-14621.json
View File

@ -143,6 +143,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1893",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202209-15",
"url": "https://security.gentoo.org/glsa/202209-15"
}
]
}

5
2020/14xxx/CVE-2020-14664.json
View File

@ -74,6 +74,11 @@
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-897/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-897/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202209-15",
"url": "https://security.gentoo.org/glsa/202209-15"
}
]
}

2
2020/18xxx/CVE-2020-18151.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Cross Site Request Forgerly (CSRF) vulnerability in ThinkCMF v5.1.0, which can add an admin account."
"value": "Cross Site Request Forgery (CSRF) vulnerability in ThinkCMF v5.1.0, which can add an admin account."
}
]
},

5
2020/27xxx/CVE-2020-27778.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1900712",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900712"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
}
]
},

5
2020/2xxx/CVE-2020-2585.json
View File

@ -74,6 +74,11 @@
"refsource": "GENTOO",
"name": "GLSA-202006-22",
"url": "https://security.gentoo.org/glsa/202006-22"
},
{
"refsource": "GENTOO",
"name": "GLSA-202209-15",
"url": "https://security.gentoo.org/glsa/202209-15"
}
]
}

5
2020/2xxx/CVE-2020-2755.json
View File

@ -128,6 +128,11 @@
"refsource": "CONFIRM",
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10332",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10332"
},
{
"refsource": "GENTOO",
"name": "GLSA-202209-15",
"url": "https://security.gentoo.org/glsa/202209-15"
}
]
}

5
2020/2xxx/CVE-2020-2756.json
View File

@ -133,6 +133,11 @@
"refsource": "CONFIRM",
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10332",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10332"
},
{
"refsource": "GENTOO",
"name": "GLSA-202209-15",
"url": "https://security.gentoo.org/glsa/202209-15"
}
]
}

5
2020/2xxx/CVE-2020-2757.json
View File

@ -133,6 +133,11 @@
"refsource": "CONFIRM",
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10332",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10332"
},
{
"refsource": "GENTOO",
"name": "GLSA-202209-15",
"url": "https://security.gentoo.org/glsa/202209-15"
}
]
}

5
2020/2xxx/CVE-2020-2773.json
View File

@ -133,6 +133,11 @@
"refsource": "CONFIRM",
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10332",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10332"
},
{
"refsource": "GENTOO",
"name": "GLSA-202209-15",
"url": "https://security.gentoo.org/glsa/202209-15"
}
]
}

5
2020/2xxx/CVE-2020-2781.json
View File

@ -133,6 +133,11 @@
"refsource": "CONFIRM",
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10318",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10318"
},
{
"refsource": "GENTOO",
"name": "GLSA-202209-15",
"url": "https://security.gentoo.org/glsa/202209-15"
}
]
}

5
2020/2xxx/CVE-2020-2800.json
View File

@ -128,6 +128,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0841",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202209-15",
"url": "https://security.gentoo.org/glsa/202209-15"
}
]
}

5
2020/2xxx/CVE-2020-2803.json
View File

@ -128,6 +128,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0841",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202209-15",
"url": "https://security.gentoo.org/glsa/202209-15"
}
]
}

5
2020/2xxx/CVE-2020-2805.json
View File

@ -128,6 +128,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0841",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202209-15",
"url": "https://security.gentoo.org/glsa/202209-15"
}
]
}

131
2020/36xxx/CVE-2020-36521.json
View File

@ -4,14 +4,139 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-36521",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "iTunes for Windows",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "12.10"
}
]
}
},
{
"product_name": "iOS and iPadOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "14.0"
}
]
}
},
{
"product_name": "iCloud for Windows",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "11.4"
}
]
}
},
{
"product_name": "iCloud for Windows",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "7.21"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "7.0"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "14.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT211843",
"name": "https://support.apple.com/en-us/HT211843"
},
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT211850",
"name": "https://support.apple.com/en-us/HT211850"
},
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT211844",
"name": "https://support.apple.com/en-us/HT211844"
},
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT211952",
"name": "https://support.apple.com/en-us/HT211952"
},
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT211847",
"name": "https://support.apple.com/en-us/HT211847"
},
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT211846",
"name": "https://support.apple.com/en-us/HT211846"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in iCloud for Windows 11.4, iOS 14.0 and iPadOS 14.0, watchOS 7.0, tvOS 14.0, iCloud for Windows 7.21, iTunes for Windows 12.10.9. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents."
}
]
}

18
2020/36xxx/CVE-2020-36605.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-36605",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

5
2021/21xxx/CVE-2021-21408.json
View File

@ -101,6 +101,11 @@
"refsource": "DEBIAN",
"name": "DSA-5151",
"url": "https://www.debian.org/security/2022/dsa-5151"
},
{
"refsource": "GENTOO",
"name": "GLSA-202209-09",
"url": "https://security.gentoo.org/glsa/202209-09"
}
]
},

14
2021/24xxx/CVE-2021-24653.json
View File

@ -3,7 +3,7 @@
"ID": "CVE-2021-24653",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Cookie Bar <= 1.8.8 - Admin+ Stored Cross-Site Scripting"
"TITLE": "Cookie Bar < 1.8.9 - Admin+ Stored Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -21,9 +21,9 @@
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.8.8",
"version_value": "1.8.8"
"version_affected": "<",
"version_name": "1.8.9",
"version_value": "1.8.9"
}
]
}
@ -38,14 +38,14 @@
"description_data": [
{
"lang": "eng",
"value": "The Cookie Bar WordPress plugin through 1.8.8 doesn't properly sanitise the Cookie Bar Message setting, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed"
"value": "The Cookie Bar WordPress plugin before 1.8.9 doesn't properly sanitise the Cookie Bar Message setting, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/bfa8f46f-d323-4a2d-b875-39cd9b4cee0a",
"name": "https://wpscan.com/vulnerability/bfa8f46f-d323-4a2d-b875-39cd9b4cee0a"
}
@ -56,7 +56,7 @@
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"value": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "eng"
}
]

102
2021/24xxx/CVE-2021-24890.json
View File

@ -1,18 +1,88 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24890",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24890",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Scripts Organizer < 3.0 - Unauthenticated Arbitrary File Upload"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "scripts-organizer",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.0",
"version_value": "3.0"
}
]
}
}
]
}
}
]
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Scripts Organizer WordPress plugin before 3.0 does not have capability and CSRF checks in the saveScript AJAX action, available to both unauthenticated and authenticated users, and does not validate user input in any way, which could allow unauthenticated users to put arbitrary PHP code in a file"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/f3b450d2-84ce-4c13-ad6a-b60785dee7e7",
"name": "https://wpscan.com/vulnerability/f3b450d2-84ce-4c13-ad6a-b60785dee7e7"
},
{
"refsource": "MISC",
"url": "https://dplugins.com/products/scripts-organizer/",
"name": "https://dplugins.com/products/scripts-organizer/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-862 Missing Authorization",
"lang": "eng"
}
]
},
{
"description": [
{
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ovidiu Maghetiu"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

2
2021/27xxx/CVE-2021-27242.json
View File

@ -45,7 +45,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"
"value": "CWE-787: Out-of-bounds Write"
}
]
}

4
2021/27xxx/CVE-2021-27271.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12438."
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in an out-of-bounds read condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12438."
}
]
},
@ -45,7 +45,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"
"value": "CWE-125: Out-of-bounds Read"
}
]
}

118
2021/27xxx/CVE-2021-27853.json
View File

@ -4,15 +4,125 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27853",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2022-09-27T01:00:00.000Z",
"TITLE": "L2 network filtering can be bypassed using stacked VLAN0 and LLC/SNAP headers",
"STATE": "PUBLIC"
},
"source": {
"discovery": "EXTERNAL"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IEEE",
"product": {
"product_data": [
{
"product_name": "802.2",
"version": {
"version_data": [
{
"version_name": "802.2h-1997",
"version_affected": "<=",
"version_value": "802.2h-1997"
}
]
}
}
]
}
},
{
"vendor_name": "IETF",
"product": {
"product_data": [
{
"product_name": "draft-ietf-v6ops-ra-guard",
"version": {
"version_data": [
{
"version_name": "08",
"version_affected": "<=",
"version_value": "08"
}
]
}
}
]
}
},
{
"vendor_name": "IETF",
"product": {
"product_data": [
{
"product_name": "P802.1Q",
"version": {
"version_data": [
{
"version_name": "D1.0",
"version_affected": "<=",
"version_value": "D1.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-290: Authentication Bypass by Spoofing"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers."
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/",
"name": "https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/"
},
{
"refsource": "MISC",
"url": "https://standards.ieee.org/ieee/802.2/1048/",
"name": "https://standards.ieee.org/ieee/802.2/1048/"
},
{
"refsource": "MISC",
"url": "https://standards.ieee.org/ieee/802.1Q/10323/",
"name": "https://standards.ieee.org/ieee/802.1Q/10323/"
},
{
"refsource": "CISCO",
"name": "20220927 Vulnerabilities in Layer 2 Network Security Controls Affecting Cisco Products: September 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-VU855201-J3z8CKTX"
}
]
},
"credit": [
{
"lang": "eng",
"value": "Etienne Champetier (@champtar) <champetier.etienne@gmail.com> "
}
]
}

113
2021/27xxx/CVE-2021-27854.json
View File

@ -4,15 +4,120 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27854",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2022-09-27T01:00:00.000Z",
"TITLE": "L2 network filtering bypass using stacked VLAN0, LLC/SNAP headers, and Ethernet to Wifi frame translation",
"STATE": "PUBLIC"
},
"source": {
"discovery": "EXTERNAL"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IETF",
"product": {
"product_data": [
{
"product_name": "P802.1Q",
"version": {
"version_data": [
{
"version_name": "D1.0",
"version_affected": "<=",
"version_value": "D1.0"
}
]
}
}
]
}
},
{
"vendor_name": "IETF",
"product": {
"product_data": [
{
"product_name": "draft-ietf-v6ops-ra-guard",
"version": {
"version_data": [
{
"version_name": "08",
"version_affected": "<=",
"version_value": "08"
}
]
}
}
]
}
},
{
"vendor_name": "IEEE",
"product": {
"product_data": [
{
"product_name": "802.2",
"version": {
"version_data": [
{
"version_name": "802.2h-1997",
"version_affected": "<=",
"version_value": "802.2h-1997"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-290: Authentication Bypass by Spoofing"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using combinations of VLAN 0 headers, LLC/SNAP headers, and converting frames from Ethernet to Wifi and its reverse."
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/",
"name": "https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/"
},
{
"refsource": "MISC",
"url": "https://standards.ieee.org/ieee/802.2/1048/",
"name": "https://standards.ieee.org/ieee/802.2/1048/"
},
{
"refsource": "MISC",
"url": "https://standards.ieee.org/ieee/802.1Q/10323/",
"name": "https://standards.ieee.org/ieee/802.1Q/10323/"
}
]
},
"credit": [
{
"lang": "eng",
"value": "Etienne Champetier (@champtar) <champetier.etienne@gmail.com> "
}
]
}

121
2021/27xxx/CVE-2021-27861.json
View File

@ -4,15 +4,128 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27861",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2022-09-27T01:00:00.000Z",
"TITLE": "L2 network filtering bypass using stacked VLAN0 and LLC/SNAP headers with invalid lengths",
"STATE": "PUBLIC"
},
"source": {
"discovery": "EXTERNAL"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IEEE",
"product": {
"product_data": [
{
"product_name": "802.2",
"version": {
"version_data": [
{
"version_name": "802.2h-1997",
"version_affected": "<=",
"version_value": "802.2h-1997"
}
]
}
}
]
}
},
{
"vendor_name": "IETF",
"product": {
"product_data": [
{
"product_name": "draft-ietf-v6ops-ra-guard",
"version": {
"version_data": [
{
"version_name": "08",
"version_affected": "<=",
"version_value": "08"
}
]
}
}
]
}
},
{
"vendor_name": "IETF",
"product": {
"product_data": [
{
"product_name": "P802.1Q",
"version": {
"version_data": [
{
"version_name": "D1.0",
"version_affected": "<=",
"version_value": "D1.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-130 Improper Handling of Length Parameter"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-290: Authentication Bypass by Spoofing"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length (and optionally VLAN0 headers)"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/",
"name": "https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/"
},
{
"refsource": "MISC",
"url": "https://standards.ieee.org/ieee/802.2/1048/",
"name": "https://standards.ieee.org/ieee/802.2/1048/"
},
{
"refsource": "MISC",
"url": "https://standards.ieee.org/ieee/802.1Q/10323/",
"name": "https://standards.ieee.org/ieee/802.1Q/10323/"
}
]
},
"credit": [
{
"lang": "eng",
"value": "Etienne Champetier (@champtar) <champetier.etienne@gmail.com> "
}
]
}

97
2021/27xxx/CVE-2021-27862.json
View File

@ -4,15 +4,104 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27862",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2022-09-27T01:00:00.000Z",
"TITLE": "L2 network filtering bypass using stacked VLAN0 and LLC/SNAP headers with an invalid length during Ethernet to Wifi frame translation",
"STATE": "PUBLIC"
},
"source": {
"discovery": "EXTERNAL"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IEEE",
"product": {
"product_data": [
{
"product_name": "802.2",
"version": {
"version_data": [
{
"version_name": "802.2h-1997",
"version_affected": "<=",
"version_value": "802.2h-1997"
}
]
}
}
]
}
},
{
"vendor_name": "IETF",
"product": {
"product_data": [
{
"product_name": "draft-ietf-v6ops-ra-guard-08",
"version": {
"version_data": [
{
"version_name": "08",
"version_affected": "<=",
"version_value": "08"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-130 Improper Handling of Length Parameter"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-290: Authentication Bypass by Spoofing"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and Ethernet to Wifi frame conversion (and optionally VLAN0 headers)."
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/",
"name": "https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/"
},
{
"refsource": "MISC",
"url": "https://standards.ieee.org/ieee/802.2/1048/",
"name": "https://standards.ieee.org/ieee/802.2/1048/"
}
]
},
"credit": [
{
"lang": "eng",
"value": "Etienne Champetier (@champtar) <champetier.etienne@gmail.com> "
}
]
}

5
2021/27xxx/CVE-2021-27876.json
View File

@ -56,6 +56,11 @@
"url": "https://www.veritas.com/content/support/en_US/security/VTS21-001#issue2",
"refsource": "MISC",
"name": "https://www.veritas.com/content/support/en_US/security/VTS21-001#issue2"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/168506/Veritas-Backup-Exec-Agent-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/168506/Veritas-Backup-Exec-Agent-Remote-Code-Execution.html"
}
]
},

5
2021/27xxx/CVE-2021-27877.json
View File

@ -56,6 +56,11 @@
"url": "https://www.veritas.com/content/support/en_US/security/VTS21-001#issue1",
"refsource": "MISC",
"name": "https://www.veritas.com/content/support/en_US/security/VTS21-001#issue1"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/168506/Veritas-Backup-Exec-Agent-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/168506/Veritas-Backup-Exec-Agent-Remote-Code-Execution.html"
}
]
},

5
2021/27xxx/CVE-2021-27878.json
View File

@ -56,6 +56,11 @@
"url": "https://www.veritas.com/content/support/en_US/security/VTS21-001#issue3",
"refsource": "MISC",
"name": "https://www.veritas.com/content/support/en_US/security/VTS21-001#issue3"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/168506/Veritas-Backup-Exec-Agent-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/168506/Veritas-Backup-Exec-Agent-Remote-Code-Execution.html"
}
]
},

91
2021/28xxx/CVE-2021-28052.json
View File

@ -1,18 +1,97 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "hirt@hitachi.co.jp",
"ID": "CVE-2021-28052",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Hitachi Content Platform Information Disclosure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hitachi Content Platform",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "8.3.7"
},
{
"version_affected": "<",
"version_name": "9.0.0",
"version_value": "9.2.3"
}
]
}
}
]
},
"vendor_name": "Hitachi Vantara"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A tenant administrator Hitachi Content Platform (HCP) may modify the configuration in another tenant without authorization, potentially allowing unauthorized access to data in the other tenant. Also, a tenant user (non-administrator) may view configuration in another tenant without authorization. This issue affects: Hitachi Vantara Hitachi Content Platform versions prior to 8.3.7; 9.0.0 versions prior to 9.2.3."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.hitachi.com/hirt/hitachi-sec/2021/604.html",
"name": "https://www.hitachi.com/hirt/hitachi-sec/2021/604.html"
},
{
"refsource": "MISC",
"url": "https://knowledge.hitachivantara.com/Security/HCP_Multitenancy_Vulnerability",
"name": "https://knowledge.hitachivantara.com/Security/HCP_Multitenancy_Vulnerability"
}
]
},
"source": {
"advisory": "hitachi-sec-2021-604",
"discovery": "UNKNOWN"
}
}

5
2021/28xxx/CVE-2021-28861.json
View File

@ -71,6 +71,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2022-f511f8f58b",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OKYE2DOI2X7WZXAWTQJZAXYIWM37HDCY/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-7fff0f2b0b",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5LTSPFIULY2GZJN3QYNFVM4JSU6H4D6J/"
}
]
}

5
2021/29xxx/CVE-2021-29454.json
View File

@ -111,6 +111,11 @@
"refsource": "DEBIAN",
"name": "DSA-5151",
"url": "https://www.debian.org/security/2022/dsa-5151"
},
{
"refsource": "GENTOO",
"name": "GLSA-202209-09",
"url": "https://security.gentoo.org/glsa/202209-09"
}
]
},

5
2021/33xxx/CVE-2021-33477.json
View File

@ -146,6 +146,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2021-0d3268fc35",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DUV4LDVZVW7KCGPAMFZD4ZJ4FVLPOX4C/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202209-07",
"url": "https://security.gentoo.org/glsa/202209-07"
}
]
}

5
2021/33xxx/CVE-2021-33515.json
View File

@ -76,6 +76,11 @@
"refsource": "GENTOO",
"name": "GLSA-202107-41",
"url": "https://security.gentoo.org/glsa/202107-41"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220927 [SECURITY] [DLA 3122-1] dovecot security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00032.html"
}
]
}

57
2021/35xxx/CVE-2021-35036.json
View File

@ -3,15 +3,66 @@
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@zyxel.com.tw",
"ID": "CVE-2021-35036",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Zyxel",
"product": {
"product_data": [
{
"product_name": "VMG3625-T50B firmware",
"version": {
"version_data": [
{
"version_value": "V5.50(ABTL.0)b2k"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-312: Cleartext Storage of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-cleartext-storage-of-information-vulnerability",
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-cleartext-storage-of-information-vulnerability"
}
]
},
"impact": {
"cvss": {
"baseScore": "6.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA due to lack of a reference providing provenance. Notes: none."
"value": "A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could allow an authenticated attacker to obtain sensitive information from the configuration file."
}
]
}

5
2021/36xxx/CVE-2021-36386.json
View File

@ -81,6 +81,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2021-b904d99ce5",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGYO5AHSXTCKA4NQC2Z4H3XMMYNAGC77/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202209-14",
"url": "https://security.gentoo.org/glsa/202209-14"
}
]
}

5
2021/39xxx/CVE-2021-39272.json
View File

@ -81,6 +81,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2021-e61a978fef",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXMKSEHAQSEDCWZMAOJEGX3P3JW6QY6H/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202209-14",
"url": "https://security.gentoo.org/glsa/202209-14"
}
]
}

5
2021/3xxx/CVE-2021-3695.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1991685",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991685"
},
{
"refsource": "GENTOO",
"name": "GLSA-202209-12",
"url": "https://security.gentoo.org/glsa/202209-12"
}
]
},

5
2021/3xxx/CVE-2021-3696.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1991686",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991686"
},
{
"refsource": "GENTOO",
"name": "GLSA-202209-12",
"url": "https://security.gentoo.org/glsa/202209-12"
}
]
},

5
2021/3xxx/CVE-2021-3697.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1991687",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991687"
},
{
"refsource": "GENTOO",
"name": "GLSA-202209-12",
"url": "https://security.gentoo.org/glsa/202209-12"
}
]
},

5
2021/3xxx/CVE-2021-3981.json
View File

@ -53,6 +53,11 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2024170",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024170"
},
{
"refsource": "GENTOO",
"name": "GLSA-202209-12",
"url": "https://security.gentoo.org/glsa/202209-12"
}
]
},

61
2021/41xxx/CVE-2021-41433.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-41433",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-41433",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL Injection vulnerability exists in version 1.0 of the Resumes Management and Job Application Website application login form by EGavilan Media that allows authentication bypass through login.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/martinkubecka/CVE-References/blob/main/Untitled-SQLi.md",
"refsource": "MISC",
"name": "https://github.com/martinkubecka/CVE-References/blob/main/Untitled-SQLi.md"
},
{
"refsource": "MISC",
"name": "https://github.com/martinkubecka/CVE-References/blob/main/CVE-2021-41433.md",
"url": "https://github.com/martinkubecka/CVE-References/blob/main/CVE-2021-41433.md"
}
]
}

53
2021/41xxx/CVE-2021-41437.json
View File

@ -5,13 +5,62 @@
"CVE_data_meta": {
"ID": "CVE-2021-41437",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/efchatz/easy-exploits/tree/main/Web/ASUS/CVE-2021-41437",
"url": "https://github.com/efchatz/easy-exploits/tree/main/Web/ASUS/CVE-2021-41437"
},
{
"refsource": "CONFIRM",
"name": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-Gaming-Routers/RT-AX88U/HelpDesk_BIOS/",
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-Gaming-Routers/RT-AX88U/HelpDesk_BIOS/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An HTTP response splitting attack in web application in ASUS RT-AX88U before v3.0.0.4.388.20558 allows an attacker to craft a specific URL that if an authenticated victim visits it, the URL will give access to the cloud storage of the attacker."
}
]
}

92
2021/43xxx/CVE-2021-43980.json
View File

@ -1,18 +1,98 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-43980",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Apache Tomcat: Information disclosure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Tomcat",
"version": {
"version_data": [
{
"version_name": "10.1",
"version_value": "10.1.0-M1 to 10.1.0-M12"
},
{
"version_name": "10.0",
"version_value": "10.0.0-M1 to 10.0.18"
},
{
"version_name": "9.0",
"version_value": "9.0.0-M1 to 9.0.60"
},
{
"version_name": "8.5",
"version_value": "8.5.0 to 8.5.77"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks to Adam Thomas, Richard Hernandez and Ryan Schmitt for discovering the issue and working with the Tomcat security team to identify the root cause and appropriate fix."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{
"other": "important"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://lists.apache.org/thread/3jjqbsp6j88b198x5rmg99b1qr8ht3g3",
"name": "https://lists.apache.org/thread/3jjqbsp6j88b198x5rmg99b1qr8ht3g3"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220928 CVE-2021-43980: Apache Tomcat: Information disclosure",
"url": "http://www.openwall.com/lists/oss-security/2022/09/28/1"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

5
2021/45xxx/CVE-2021-45931.json
View File

@ -81,6 +81,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2022-b3b5ac4053",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EAIZKL4O67FN2CWJYHYKZEMNYWNWO3D/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202209-11",
"url": "https://security.gentoo.org/glsa/202209-11"
}
]
}

5
2021/45xxx/CVE-2021-45943.json
View File

@ -91,6 +91,11 @@
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"refsource": "DEBIAN",
"name": "DSA-5239",
"url": "https://www.debian.org/security/2022/dsa-5239"
}
]
}

18
2021/46xxx/CVE-2021-46839.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46839",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/46xxx/CVE-2021-46840.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46840",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

89
2022/1xxx/CVE-2022-1613.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1613",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-1613",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Restricted Site Access < 7.3.2 - Access Bypass via IP Spoofing"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Restricted Site Access",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7.3.2",
"version_value": "7.3.2"
}
]
}
}
]
}
}
]
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Restricted Site Access WordPress plugin before 7.3.2 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations in certain situations."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/c03863ef-9ac9-402b-8f8d-9559c9988e2b",
"name": "https://wpscan.com/vulnerability/c03863ef-9ac9-402b-8f8d-9559c9988e2b"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Daniel Ruf"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2022/1xxx/CVE-2022-1755.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1755",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-1755",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "SVG Support < 2.5 - Author+ Stored Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "SVG Support",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.5",
"version_value": "2.5"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SVG Support WordPress plugin before 2.5 does not properly handle SVG added via an URL, which could allow users with a role as low as author to perform Cross-Site Scripting attacks"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/62b2548e-6b59-48b8-b1c2-9bd47e634982",
"name": "https://wpscan.com/vulnerability/62b2548e-6b59-48b8-b1c2-9bd47e634982"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Chafik Amraoui"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

5
2022/1xxx/CVE-2022-1941.json
View File

@ -145,6 +145,11 @@
"name": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf",
"refsource": "CONFIRM",
"url": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220927 CVE-2022-1941: Protobuf C++, Python DoS",
"url": "http://www.openwall.com/lists/oss-security/2022/09/27/1"
}
]
},

92
2022/21xxx/CVE-2022-21169.json
View File

@ -3,16 +3,100 @@
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2022-09-26T05:00:10.103193Z",
"ID": "CVE-2022-21169",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Prototype Pollution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "express-xss-sanitizer",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "1.1.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Prototype Pollution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.snyk.io/vuln/SNYK-JS-EXPRESSXSSSANITIZER-3027443",
"name": "https://security.snyk.io/vuln/SNYK-JS-EXPRESSXSSSANITIZER-3027443"
},
{
"refsource": "MISC",
"url": "https://github.com/AhmedAdelFahim/express-xss-sanitizer/issues/4",
"name": "https://github.com/AhmedAdelFahim/express-xss-sanitizer/issues/4"
},
{
"refsource": "MISC",
"url": "https://runkit.com/embed/w306l6zfm7tu",
"name": "https://runkit.com/embed/w306l6zfm7tu"
},
{
"refsource": "MISC",
"url": "https://github.com/AhmedAdelFahim/express-xss-sanitizer/commit/3bf8aaaf4dbb1c209dcb8d87a82711a54c1ab39a",
"name": "https://github.com/AhmedAdelFahim/express-xss-sanitizer/commit/3bf8aaaf4dbb1c209dcb8d87a82711a54c1ab39a"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The package express-xss-sanitizer before 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the attacker to bypass xss sanitization."
}
]
}
},
"impact": {
"cvss": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
}
},
"credit": [
{
"lang": "eng",
"value": "Jayateertha Guruprasad"
}
]
}

96
2022/21xxx/CVE-2022-21797.json
View File

@ -3,16 +3,104 @@
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2022-09-26T05:00:01.582890Z",
"ID": "CVE-2022-21797",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Arbitrary Code Execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "joblib",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "0"
},
{
"version_affected": "<",
"version_value": "1.2.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.snyk.io/vuln/SNYK-PYTHON-JOBLIB-3027033",
"name": "https://security.snyk.io/vuln/SNYK-PYTHON-JOBLIB-3027033"
},
{
"refsource": "MISC",
"url": "https://github.com/joblib/joblib/commit/b90f10efeb670a2cc877fb88ebb3f2019189e059",
"name": "https://github.com/joblib/joblib/commit/b90f10efeb670a2cc877fb88ebb3f2019189e059"
},
{
"refsource": "MISC",
"url": "https://github.com/joblib/joblib/issues/1128",
"name": "https://github.com/joblib/joblib/issues/1128"
},
{
"refsource": "MISC",
"url": "https://github.com/joblib/joblib/pull/1321",
"name": "https://github.com/joblib/joblib/pull/1321"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement."
}
]
}
},
"impact": {
"cvss": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
}
},
"credit": [
{
"lang": "eng",
"value": "Jim Lin"
}
]
}

79
2022/22xxx/CVE-2022-22058.json
View File

@ -1,18 +1,69 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-22058",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2022-22058",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables",
"version": {
"version_data": [
{
"version_value": "APQ8009, APQ8009W, APQ8017, APQ8053, APQ8096AU, AQT1000, CSRB31024, MDM9150, MDM9206, MDM9250, MDM9607, MDM9626, MDM9628, MDM9640, MDM9650, MSM8909W, MSM8917, MSM8937, MSM8953, MSM8996AU, PM8937, QCA4020, QCA6174A, QCA6175A, QCA6310, QCA6320, QCA6335, QCA6420, QCA6430, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6595AU, QCA6696, QCA9367, QCA9377, QCA9379, QCN7605, QCN7606, QCS603, QCS605, Qualcomm215, SA415M, SD429, SD439, SD450, SD632, SD660, SD670, SD710, SD820, SD835, SD845, SD855, SDM429W, SDW2500, SDX20, SDX24, SDXR1, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCN3610, WCN3615, WCN3620, WCN3660, WCN3660B, WCN3680, WCN3680B, WCN3980, WCN3990, WCN3998, WSA8810, WSA8815"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory corruption due to use after free issue in kernel while processing ION handles in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables"
}
]
},
"impact": {
"cvss": {
"baseScore": 8.4,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Possible Use-After-Free in Kernel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/july-2022-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/july-2022-bulletin"
}
]
}
}

125
2022/22xxx/CVE-2022-22423.json
View File

@ -1,18 +1,129 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-22423",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Denial of Service",
"lang": "eng"
}
]
}
]
},
"data_format": "MITRE",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Common Cryptographic Architecture (CCA 5.x MTM for 4767 and CCA 7.x MTM for 4769) could allow a local user to cause a denial of service due to improper input validation. IBM X-Force ID: 223596."
}
]
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2022-22423",
"DATE_PUBLIC": "2022-09-22T00:00:00",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CCA for MTM 4767",
"version": {
"version_data": [
{
"version_value": "5.7.11"
},
{
"version_value": "5.0"
},
{
"version_value": "5.1"
},
{
"version_value": "5.2"
},
{
"version_value": "5.3"
},
{
"version_value": "5.4"
},
{
"version_value": "5.5"
},
{
"version_value": "5.6"
},
{
"version_value": "5.7"
},
{
"version_value": "7.0"
},
{
"version_value": "7.1"
},
{
"version_value": "7.2"
},
{
"version_value": "7.3"
},
{
"version_value": "7.3.43"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6695893",
"url": "https://www.ibm.com/support/pages/node/6695893",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6695893 (AIX)"
},
{
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/223596",
"name": "ibm-cca-cve202222423-dos (223596)"
}
]
},
"data_type": "CVE",
"impact": {
"cvssv3": {
"BM": {
"S": "C",
"I": "N",
"AC": "L",
"UI": "N",
"PR": "L",
"C": "N",
"SCORE": "6.500",
"AV": "L",
"A": "H"
},
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
}
}
}
}

124
2022/22xxx/CVE-2022-22522.json
View File

@ -1,18 +1,130 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"ID": "CVE-2022-22522",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Hard-coded credentials in Carlo Gavazzi UWP3.0 allows for authentication bypass and full control of the device"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UWP 3.0 Monitoring Gateway and Controller",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8",
"version_value": "8.5.0.3"
}
]
}
},
{
"product_name": "UWP 3.0 Monitoring Gateway and Controller Security Enhanced",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8",
"version_value": "8.5.0.3"
}
]
}
},
{
"product_name": "UWP 3.0 Monitoring Gateway and Controller EDP version",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8",
"version_value": "8.5.0.3"
}
]
}
},
{
"product_name": "CPY Car Park Server",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2",
"version_value": "2.8.3"
}
]
}
}
]
},
"vendor_name": "Carlo Gavazzi"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vera Mens from Claroty Research"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain full access to the device."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2022-029/",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2022-029/"
}
]
},
"source": {
"advisory": "VDE-2022-029",
"discovery": "EXTERNAL"
}
}

124
2022/22xxx/CVE-2022-22523.json
View File

@ -1,18 +1,130 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"ID": "CVE-2022-22523",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Carlo Gavazzi UWP 3.0 WebApp allows for authentication bypass"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UWP 3.0 Monitoring Gateway and Controller",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8",
"version_value": "8.5.0.3"
}
]
}
},
{
"product_name": "UWP 3.0 Monitoring Gateway and Controller \u2013 Security Enhanced",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8",
"version_value": "8.5.0.3"
}
]
}
},
{
"product_name": "UWP 3.0 Monitoring Gateway and Controller \u2013 EDP version",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8",
"version_value": "8.5.0.3"
}
]
}
},
{
"product_name": "CPY Car Park Server",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2",
"version_value": "2.8.3"
}
]
}
}
]
},
"vendor_name": "Carlo Gavazzi"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vera Mens from Claroty Research"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An improper authentication vulnerability exists in the Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 Web-App which allows an authentication bypass to the context of an unauthorised user if free-access is disabled."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2022-029/",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2022-029/"
}
]
},
"source": {
"advisory": "VDE-2022-029",
"discovery": "EXTERNAL"
}
}

124
2022/22xxx/CVE-2022-22524.json
View File

@ -1,18 +1,130 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"ID": "CVE-2022-22524",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "SQL-injection in Carlo Gavazzi UWP 3.0 allows for full database access"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UWP 3.0 Monitoring Gateway and Controller",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8",
"version_value": "8.5.0.3"
}
]
}
},
{
"product_name": "UWP 3.0 Monitoring Gateway and Controller Security Enhanced",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8",
"version_value": "8.5.0.3"
}
]
}
},
{
"product_name": "UWP 3.0 Monitoring Gateway and Controller EDP version",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8",
"version_value": "8.5.0.3"
}
]
}
},
{
"product_name": "CPY Car Park Server",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2",
"version_value": "2.8.3"
}
]
}
}
]
},
"vendor_name": "Carlo Gavazzi"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vera Mens from Claroty Research"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an unauthenticated remote attacker could utilize a SQL-Injection vulnerability to gain full database access, modify users and stop services ."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2022-029/",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2022-029/"
}
]
},
"source": {
"advisory": "VDE-2022-029",
"discovery": "EXTERNAL"
}
}

124
2022/22xxx/CVE-2022-22525.json
View File

@ -1,18 +1,130 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"ID": "CVE-2022-22525",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Command injection in restore function of Carlo Gavazzi UWP3.0 allows for command injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UWP 3.0 Monitoring Gateway and Controller",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8",
"version_value": "8.5.0.3"
}
]
}
},
{
"product_name": "UWP 3.0 Monitoring Gateway and Controller Security Enhanced",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8",
"version_value": "8.5.0.3"
}
]
}
},
{
"product_name": "UWP 3.0 Monitoring Gateway and Controller EDP version",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8",
"version_value": "8.5.0.3"
}
]
}
},
{
"product_name": "CPY Car Park Server",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2",
"version_value": "2.8.3"
}
]
}
}
]
},
"vendor_name": "Carlo Gavazzi"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vera Mens from Claroty Research"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an remote attacker with admin rights could execute arbitrary commands due to missing input sanitization in the backup restore function"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2022-029/",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2022-029/"
}
]
},
"source": {
"advisory": "VDE-2022-029",
"discovery": "EXTERNAL"
}
}

124
2022/22xxx/CVE-2022-22526.json
View File

@ -1,18 +1,130 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"ID": "CVE-2022-22526",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Missing authentication for API in Carlo Gavazzi UWP 3.0 Car Park Server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UWP 3.0 Monitoring Gateway and Controller",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8",
"version_value": "8.5.0.3"
}
]
}
},
{
"product_name": "UWP 3.0 Monitoring Gateway and Controller Security Enhanced",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8",
"version_value": "8.5.0.3"
}
]
}
},
{
"product_name": "UWP 3.0 Monitoring Gateway and Controller EDP version",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8",
"version_value": "8.5.0.3"
}
]
}
},
{
"product_name": "CPY Car Park Server",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2",
"version_value": "2.8.3"
}
]
}
}
]
},
"vendor_name": "Carlo Gavazzi"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vera Mens from Claroty Research"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a missing authentication allows for full access via API."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2022-029/",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2022-029/"
}
]
},
"source": {
"advisory": "VDE-2022-029",
"discovery": "EXTERNAL"
}
}

115
2022/22xxx/CVE-2022-22610.json
View File

@ -4,14 +4,123 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-22610",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "15.4"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "15.4"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "12.3"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "15.4"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "8.5"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing maliciously crafted web content may lead to code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213182",
"name": "https://support.apple.com/en-us/HT213182"
},
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213193",
"name": "https://support.apple.com/en-us/HT213193"
},
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213183",
"name": "https://support.apple.com/en-us/HT213183"
},
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213186",
"name": "https://support.apple.com/en-us/HT213186"
},
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213187",
"name": "https://support.apple.com/en-us/HT213187"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to code execution."
}
]
}

99
2022/22xxx/CVE-2022-22624.json
View File

@ -4,14 +4,107 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-22624",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "15.4"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "15.4"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "12.3"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "15.4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing maliciously crafted web content may lead to arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213182",
"name": "https://support.apple.com/en-us/HT213182"
},
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213183",
"name": "https://support.apple.com/en-us/HT213183"
},
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213186",
"name": "https://support.apple.com/en-us/HT213186"
},
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213187",
"name": "https://support.apple.com/en-us/HT213187"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution."
}
]
}

115
2022/22xxx/CVE-2022-22628.json
View File

@ -4,14 +4,123 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-22628",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "15.4"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "15.4"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "12.3"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "15.4"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "8.5"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing maliciously crafted web content may lead to arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213182",
"name": "https://support.apple.com/en-us/HT213182"
},
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213193",
"name": "https://support.apple.com/en-us/HT213193"
},
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213183",
"name": "https://support.apple.com/en-us/HT213183"
},
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213186",
"name": "https://support.apple.com/en-us/HT213186"
},
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213187",
"name": "https://support.apple.com/en-us/HT213187"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution."
}
]
}

142
2022/22xxx/CVE-2022-22629.json
View File

@ -4,14 +4,150 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-22629",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "15.4"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "15.4"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "12.3"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "15.4"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "8.5"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "12.12"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "12.12"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing maliciously crafted web content may lead to arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213182",
"name": "https://support.apple.com/en-us/HT213182"
},
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213193",
"name": "https://support.apple.com/en-us/HT213193"
},
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213183",
"name": "https://support.apple.com/en-us/HT213183"
},
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213186",
"name": "https://support.apple.com/en-us/HT213186"
},
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213188",
"name": "https://support.apple.com/en-us/HT213188"
},
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213187",
"name": "https://support.apple.com/en-us/HT213187"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution."
}
]
}

115
2022/22xxx/CVE-2022-22637.json
View File

@ -4,14 +4,123 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-22637",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "15.4"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "15.4"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "12.3"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "15.4"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "8.5"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A malicious website may cause unexpected cross-origin behavior"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213182",
"name": "https://support.apple.com/en-us/HT213182"
},
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213193",
"name": "https://support.apple.com/en-us/HT213193"
},
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213183",
"name": "https://support.apple.com/en-us/HT213183"
},
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213186",
"name": "https://support.apple.com/en-us/HT213186"
},
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213187",
"name": "https://support.apple.com/en-us/HT213187"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. A malicious website may cause unexpected cross-origin behavior."
}
]
}

121
2022/23xxx/CVE-2022-23006.json
View File

@ -1,18 +1,127 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@wdc.com",
"ID": "CVE-2022-23006",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Buffer Overflow Vulnerability in Western Digital My Cloud Home Products and SanDisk ibi"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "My Cloud Home",
"version": {
"version_data": [
{
"platform": "Linux",
"version_affected": "<",
"version_name": "8.10.0-117",
"version_value": "8.10.0-117"
}
]
}
},
{
"product_name": "My Cloud Home Duo",
"version": {
"version_data": [
{
"platform": "Linux",
"version_affected": "<",
"version_name": "8.10.0-117",
"version_value": "8.10.0-117"
}
]
}
}
]
},
"vendor_name": "Western Digital"
},
{
"product": {
"product_data": [
{
"product_name": "ibi",
"version": {
"version_data": [
{
"platform": "Linux",
"version_affected": "<",
"version_name": "8.10.0-117",
"version_value": "8.10.0-117"
}
]
}
}
]
},
"vendor_name": "SanDisk"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessing the system locally to read information from /etc/version file. This vulnerability can only be exploited by chaining it with another issue. If an attacker is able to carry out a remote code execution attack, they can gain access to the vulnerable file, due to the presence of insecure functions in code. User interaction is required for exploitation. Exploiting the vulnerability could result in exposure of information, ability to modify files, memory access errors, or system crashes."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 1.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23006",
"name": "https://nvd.nist.gov/vuln/detail/CVE-2022-23006"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Your device will be automatically updated to the latest firmware version."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

82
2022/23xxx/CVE-2022-23461.json
View File

@ -1,18 +1,88 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-23461",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Cross-Site Scripting (XSS) in Jodit Editor"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jodit Editor",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "3.20.4",
"version_value": "3.20.4"
}
]
}
}
]
},
"vendor_name": "xdan"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Jodit Editor is a WYSIWYG editor written in pure TypeScript without the use of additional libraries. Jodit Editor is vulnerable to XSS attacks when pasting specially constructed input. This issue has not been fully patched. There are no known workarounds."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://securitylab.github.com/advisories/GHSL-2022-030_xdan_jodit/",
"name": "https://securitylab.github.com/advisories/GHSL-2022-030_xdan_jodit/"
}
]
},
"source": {
"advisory": "GHSL-2022-030",
"discovery": "UNKNOWN"
}
}

82
2022/23xxx/CVE-2022-23463.json
View File

@ -1,18 +1,88 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-23463",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "SpEL Injection in Nepxion Discovery"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Discover",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "6.16.2",
"version_value": "6.16.2"
}
]
}
}
]
},
"vendor_name": "Nepxion"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver\u2019s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as java.lang.Runtime, leading to Remote Code Execution. There is no patch available for this issue at time of publication. There are no known workarounds."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://securitylab.github.com/advisories/GHSL-2022-033_GHSL-2022-034_Discovery/",
"name": "https://securitylab.github.com/advisories/GHSL-2022-033_GHSL-2022-034_Discovery/"
}
]
},
"source": {
"advisory": "GHSL-2022-033",
"discovery": "UNKNOWN"
}
}

82
2022/23xxx/CVE-2022-23464.json
View File

@ -1,18 +1,88 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-23464",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Potential Server Side Request Forgery (SSRF) in Nepxion Discovery"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Discovery",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "6.16.2",
"version_value": "6.16.2"
}
]
}
}
]
},
"vendor_name": "Nepxion"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery (SSRF). RouterResourceImpl uses RestTemplate\u2019s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There is no patch available for this issue at time of publication. There are no known workarounds."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918 Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://securitylab.github.com/advisories/GHSL-2022-033_GHSL-2022-034_Discovery/",
"name": "https://securitylab.github.com/advisories/GHSL-2022-033_GHSL-2022-034_Discovery/"
}
]
},
"source": {
"advisory": "GHSL-2022-034",
"discovery": "UNKNOWN"
}
}

18
2022/26xxx/CVE-2022-26375.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26375",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

115
2022/26xxx/CVE-2022-26700.json
View File

@ -4,14 +4,123 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26700",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "12.4"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "15.5"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "8.6"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "15.5"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "15.5"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing maliciously crafted web content may lead to code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213258",
"name": "https://support.apple.com/en-us/HT213258"
},
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213253",
"name": "https://support.apple.com/en-us/HT213253"
},
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213254",
"name": "https://support.apple.com/en-us/HT213254"
},
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213257",
"name": "https://support.apple.com/en-us/HT213257"
},
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213260",
"name": "https://support.apple.com/en-us/HT213260"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution."
}
]
}

51
2022/26xxx/CVE-2022-26707.json
View File

@ -4,14 +4,59 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26707",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "12.4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A user may be able to view sensitive user information"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213257",
"name": "https://support.apple.com/en-us/HT213257"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue in the handling of environment variables was addressed with improved validation. This issue is fixed in macOS Monterey 12.4. A user may be able to view sensitive user information."
}
]
}

5
2022/27xxx/CVE-2022-27337.json
View File

@ -71,6 +71,11 @@
"refsource": "DEBIAN",
"name": "DSA-5224",
"url": "https://www.debian.org/security/2022/dsa-5224"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html"
}
]
}

18
2022/27xxx/CVE-2022-27628.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-27628",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

2
2022/28xxx/CVE-2022-28366.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 (also affecting OWASP AntiSamy before 1.6.6), but 1.9.22 is the last version of CyberNeko HTML. NOTE: this may be related to CVE-2022-24939."
"value": "Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 (also affecting OWASP AntiSamy before 1.6.6), but 1.9.22 is the last version of CyberNeko HTML. NOTE: this may be related to CVE-2022-24839."
}
]
},

50
2022/28xxx/CVE-2022-28721.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-28721",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "hp-security-alert@hp.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Certain HP inkjet printers, HP LaserJet Pro printers, HP PageWide Pro printers.",
"version": {
"version_data": [
{
"version_value": "Multiple"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.hp.com/us-en/document/ish_6839789-6839813-16/hpsbpi03810",
"url": "https://support.hp.com/us-en/document/ish_6839789-6839813-16/hpsbpi03810"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Certain HP Print Products are potentially vulnerable to Remote Code Execution."
}
]
}

50
2022/28xxx/CVE-2022-28722.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-28722",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "hp-security-alert@hp.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Certain HP inkjet printers, HP LaserJet Pro printers, HP PageWide Pro printers",
"version": {
"version_data": [
{
"version_value": "Multiple"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.hp.com/us-en/document/ish_6839789-6839813-16/hpsbpi03810",
"url": "https://support.hp.com/us-en/document/ish_6839789-6839813-16/hpsbpi03810"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Certain HP Print Products are potentially vulnerable to Buffer Overflow."
}
]
}

124
2022/28xxx/CVE-2022-28811.json
View File

@ -1,18 +1,130 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"ID": "CVE-2022-28811",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Possible command injection in Car Park Server in Carlo Gavazzi UWP3.0"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UWP 3.0 Monitoring Gateway and Controller",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8",
"version_value": "8.5.0.3"
}
]
}
},
{
"product_name": "UWP 3.0 Monitoring Gateway and Controller \u2013 Security Enhanced",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8",
"version_value": "8.5.0.3"
}
]
}
},
{
"product_name": "UWP 3.0 Monitoring Gateway and Controller \u2013 EDP version",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8",
"version_value": "8.5.0.3"
}
]
}
},
{
"product_name": "CPY Car Park Server",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2",
"version_value": "2.8.3"
}
]
}
}
]
},
"vendor_name": "Carlo Gavazzi"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vera Mens from Claroty Research"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could utilize an improper input validation on an API-submitted parameter to execute arbitrary OS commands."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2022-029/",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2022-029/"
}
]
},
"source": {
"advisory": "VDE-2022-029",
"discovery": "EXTERNAL"
}
}

Some files were not shown because too many files have changed in this diff Show More