admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-02-21 18:01:22 +00:00
parent e6c45cba0e
commit 96664cd3ba
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
22 changed files with 1040 additions and 217 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
2021/24xxx/CVE-2021-24762.json
View File

@ -13,21 +13,23 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "n/a",
"product_name": "Perfect Survey",
"version": {
"version_data": [
{
"version_value": "n/a"
"version_affected": "<",
"version_name": "1.5.2",
"version_value": "1.5.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
}
]
}
@ -46,6 +48,11 @@
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/c1620905-7c31-4e62-80f5-1d9635be11ad",
"name": "https://wpscan.com/vulnerability/c1620905-7c31-4e62-80f5-1d9635be11ad"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/166072/WordPress-Perfect-Survey-1.5.1-SQL-Injection.html",
"url": "http://packetstormsecurity.com/files/166072/WordPress-Perfect-Survey-1.5.1-SQL-Injection.html"
}
]
},
@ -54,8 +61,8 @@
{
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "CWE-89 SQL Injection",
"lang": "eng"
}
]
}

151
2021/25xxx/CVE-2021-25076.json
View File

@ -1,80 +1,85 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-25076",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "WP User Frontend < 3.5.26 - SQL Injection to Reflected Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "WP User Frontend Membership, Profile, Registration & Post Submission Plugin for WordPress",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.5.26",
"version_value": "3.5.26"
"CVE_data_meta": {
"ID": "CVE-2021-25076",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "WP User Frontend < 3.5.26 - SQL Injection to Reflected Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "WP User Frontend \u2013 Membership, Profile, Registration & Post Submission Plugin for WordPress",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.5.26",
"version_value": "3.5.26"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/6d3eeba6-5560-4380-a6e9-f008a9112ac6",
"name": "https://wpscan.com/vulnerability/6d3eeba6-5560-4380-a6e9-f008a9112ac6"
},
{
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2648715",
"name": "https://plugins.trac.wordpress.org/changeset/2648715"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-89 SQL Injection",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zając"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/6d3eeba6-5560-4380-a6e9-f008a9112ac6",
"name": "https://wpscan.com/vulnerability/6d3eeba6-5560-4380-a6e9-f008a9112ac6"
},
{
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2648715",
"name": "https://plugins.trac.wordpress.org/changeset/2648715"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/166071/WordPress-WP-User-Frontend-3.5.25-SQL-Injection.html",
"url": "http://packetstormsecurity.com/files/166071/WordPress-WP-User-Frontend-3.5.25-SQL-Injection.html"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-89 SQL Injection",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zaj\u0105c"
}
],
"source": {
"discovery": "EXTERNAL"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}

99
2021/26xxx/CVE-2021-26256.json
View File

@ -1,18 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2021-12-03T10:28:00.000Z",
"ID": "CVE-2021-26256",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress Survey Maker plugin <= 2.0.6 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Survey Maker (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 2.0.6",
"version_value": "2.0.6"
}
]
}
}
]
},
"vendor_name": "Survey Maker team"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Ngo Van Thien (Patchstack Red Team project)."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in Survey Maker WordPress plugin (versions <= 2.0.6)."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/survey-maker/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/survey-maker/#developers"
},
{
"name": "https://patchstack.com/database/vulnerability/survey-maker/wordpress-survey-maker-plugin-2-0-6-unauthenticated-stored-cross-site-scripting-xss-vulnerability",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/survey-maker/wordpress-survey-maker-plugin-2-0-6-unauthenticated-stored-cross-site-scripting-xss-vulnerability"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to 2.0.7 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

50
2021/27xxx/CVE-2021-27753.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27753",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@hcl.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "\"HCL Sametime\"",
"version": {
"version_data": [
{
"version_value": "\"HCL Sametime 11.6.4 and below\""
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "\"Improper Limitation of a Pathname to a Restricted Directory\""
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0096575",
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0096575"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\"Sametime Android PathTraversal Vulnerability\""
}
]
}

50
2021/27xxx/CVE-2021-27755.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27755",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@hcl.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "\"HCL Sametime\"",
"version": {
"version_data": [
{
"version_value": "\"HCL Sametime 11.6.4 and below\""
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "\"Relative Path Traversal\""
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0096575",
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0096575"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\"Sametime Android potential path traversal vulnerability when using File class\""
}
]
}

50
2021/27xxx/CVE-2021-27796.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27796",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "sirt@brocade.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Brocade Fabric OS",
"version": {
"version_data": [
{
"version_value": "Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privileged File Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1721",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1721"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could allow an authenticated attacker within the restricted shell environment (rbash) as either the \u201cuser\u201d or \u201cfactory\u201d account, to read the contents of any file on the filesystem utilizing one of a few available binaries."
}
]
}

50
2021/27xxx/CVE-2021-27797.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27797",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "sirt@brocade.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Brocade Fabric OS",
"version": {
"version_data": [
{
"version_value": "Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "hard coded credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1722",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1722"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the system."
}
]
}

50
2021/44xxx/CVE-2021-44141.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-44141",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Samba",
"version": {
"version_data": [
{
"version_value": "All versions of Samba prior to 4.15.5"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.samba.org/samba/security/CVE-2021-44141.html",
"url": "https://www.samba.org/samba/security/CVE-2021-44141.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed."
}
]
}

2
2021/44xxx/CVE-2021-44142.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2022-01-31T15:41:00.000Z",
"ID": "CVE-2021-44142",
"STATE": "PUBLIC"

66
2021/44xxx/CVE-2021-44568.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-44568",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-44568",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies function at src/solver.c (line 1940 & line 1995), which could cause a remote Denial of Service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/openSUSE/libsolv/issues/425",
"refsource": "MISC",
"name": "https://github.com/openSUSE/libsolv/issues/425"
},
{
"url": "https://github.com/yangjiageng/PoC/blob/master/libsolv-PoCs/resolve_dependencies-1940",
"refsource": "MISC",
"name": "https://github.com/yangjiageng/PoC/blob/master/libsolv-PoCs/resolve_dependencies-1940"
},
{
"url": "https://github.com/yangjiageng/PoC/blob/master/libsolv-PoCs/resolve_dependencies-1995",
"refsource": "MISC",
"name": "https://github.com/yangjiageng/PoC/blob/master/libsolv-PoCs/resolve_dependencies-1995"
}
]
}

5
2021/45xxx/CVE-2021-45092.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/cybelesoft/virtualui/issues/2",
"refsource": "MISC",
"name": "https://github.com/cybelesoft/virtualui/issues/2"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/166068/Thinfinity-VirtualUI-2.5.41.0-IFRAME-Injection.html",
"url": "http://packetstormsecurity.com/files/166068/Thinfinity-VirtualUI-2.5.41.0-IFRAME-Injection.html"
}
]
}

5
2021/46xxx/CVE-2021-46354.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://github.com/cybelesoft/virtualui/issues/3",
"url": "https://github.com/cybelesoft/virtualui/issues/3"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/166069/Thinfinity-VirtualUI-2.5.26.2-Information-Disclosure.html",
"url": "http://packetstormsecurity.com/files/166069/Thinfinity-VirtualUI-2.5.26.2-Information-Disclosure.html"
}
]
}

5
2022/0xxx/CVE-2022-0290.json
View File

@ -54,6 +54,11 @@
"url": "https://crbug.com/1260134",
"refsource": "MISC",
"name": "https://crbug.com/1260134"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/166080/Chrome-RenderFrameHostImpl-Use-After-Free.html",
"url": "http://packetstormsecurity.com/files/166080/Chrome-RenderFrameHostImpl-Use-After-Free.html"
}
]
},

171
2022/0xxx/CVE-2022-0557.json
View File

@ -1,89 +1,94 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0557",
"STATE": "PUBLIC",
"TITLE": "OS Command Injection in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "1.2.11"
}
]
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0557",
"STATE": "PUBLIC",
"TITLE": "OS Command Injection in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "1.2.11"
}
]
}
}
]
},
"vendor_name": "microweber"
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OS Command Injection in Packagist microweber/microweber prior to 1.2.11."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command"
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OS Command Injection in Packagist microweber/microweber prior to 1.2.11."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/660c89af-2de5-41bc-aada-9e4e78142db8",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/660c89af-2de5-41bc-aada-9e4e78142db8"
},
{
"name": "https://github.com/microweber/microweber/commit/0a7e5f1d81de884861ca677ee1aaac31f188d632",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/0a7e5f1d81de884861ca677ee1aaac31f188d632"
}
]
},
"source": {
"advisory": "660c89af-2de5-41bc-aada-9e4e78142db8",
"discovery": "EXTERNAL"
}
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/660c89af-2de5-41bc-aada-9e4e78142db8",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/660c89af-2de5-41bc-aada-9e4e78142db8"
},
{
"name": "https://github.com/microweber/microweber/commit/0a7e5f1d81de884861ca677ee1aaac31f188d632",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/0a7e5f1d81de884861ca677ee1aaac31f188d632"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/166077/Microweber-1.2.11-Shell-Upload.html",
"url": "http://packetstormsecurity.com/files/166077/Microweber-1.2.11-Shell-Upload.html"
}
]
},
"source": {
"advisory": "660c89af-2de5-41bc-aada-9e4e78142db8",
"discovery": "EXTERNAL"
}
}

96
2022/0xxx/CVE-2022-0708.json
View File

@ -1,18 +1,102 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "responsibledisclosure@mattermost.com",
"ID": "CVE-2022-0708",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Team Creator's Email Address is disclosed to Team Members via one of the APIs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mattermost",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "6.3.0"
},
{
"version_affected": "!>=",
"version_value": "6.2.2"
},
{
"version_affected": "!>=",
"version_value": "6.1.2"
},
{
"version_affected": "!>=",
"version_value": "5.37.7"
}
]
}
}
]
},
"vendor_name": "Mattermost "
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Mattermost 6.3.0 and earlier fails to protect email addresses of the creator of the team via one of the APIs, which allows authenticated team members to access this information resulting in sensitive & private information disclosure."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://mattermost.com/security-updates/",
"name": "https://mattermost.com/security-updates/"
}
]
},
"source": {
"advisory": "MMSA-2022-0082",
"defect": [
"https://mattermost.atlassian.net/browse/MM-40177"
],
"discovery": "EXTERNAL"
}
}

18
2022/0xxx/CVE-2022-0711.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-0711",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/0xxx/CVE-2022-0712.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-0712",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

99
2022/23xxx/CVE-2022-23983.json
View File

@ -1,18 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-02-16T08:04:00.000Z",
"ID": "CVE-2022-23983",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress WP Content Copy Protection & No Right Click plugin <= 3.4.4 - Cross-Site Request Forgery (CSRF) leads to Settings Update vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP Content Copy Protection & No Right Click (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 3.4.4",
"version_value": "3.4.4"
}
]
}
}
]
},
"vendor_name": "WP-buy"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Muhammad Daffa (Patchstack Red Team)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Settings Update discovered in WP Content Copy Protection & No Right Click WordPress plugin (versions <= 3.4.4)."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/wp-content-copy-protector/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/wp-content-copy-protector/#developers"
},
{
"name": "https://patchstack.com/database/vulnerability/wp-content-copy-protector/wordpress-wp-content-copy-protection-no-right-click-plugin-3-4-4-cross-site-request-forgery-csrf-leads-to-settings-update-vulnerability",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/wp-content-copy-protector/wordpress-wp-content-copy-protection-no-right-click-plugin-3-4-4-cross-site-request-forgery-csrf-leads-to-settings-update-vulnerability"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to 3.4.4 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

99
2022/23xxx/CVE-2022-23984.json
View File

@ -1,18 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-02-10T08:34:00.000Z",
"ID": "CVE-2022-23984",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress wpDiscuz plugin <= 7.3.11 - Sensitive Information Disclosure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Comments \u2013 wpDiscuz (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 7.3.11",
"version_value": "7.3.11"
}
]
}
}
]
},
"vendor_name": "gVectors Team"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Muhammad Daffa (Patchstack Red Team)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Sensitive information disclosure discovered in wpDiscuz WordPress plugin (versions <= 7.3.11)."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/wpdiscuz/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/wpdiscuz/#developers"
},
{
"name": "https://patchstack.com/database/vulnerability/wpdiscuz/wordpress-wpdiscuz-plugin-7-3-11-sensitive-information-disclosure",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/wpdiscuz/wordpress-wpdiscuz-plugin-7-3-11-sensitive-information-disclosure"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to 7.3.12 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

50
2022/24xxx/CVE-2022-24295.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-24295",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@okta.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Okta",
"product": {
"product_data": [
{
"product_name": "Okta Advanced Server Access Client",
"version": {
"version_data": [
{
"version_value": "Prior to version 1.57.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://trust.okta.com/security-advisories/okta-advanced-server-access-client-cve-2022-24295",
"refsource": "MISC",
"name": "https://trust.okta.com/security-advisories/okta-advanced-server-access-client-cve-2022-24295"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Okta Advanced Server Access Client for Windows prior to version 1.57.0 was found to be vulnerable to command injection via a specially crafted URL."
}
]
}

5
2022/25xxx/CVE-2022-25241.json
View File

@ -61,6 +61,11 @@
"url": "https://www.filecloud.com/supportdocs/display/cloud/Advisory+2022-01-3+Threat+of+CSRF+via+User+Creation",
"refsource": "MISC",
"name": "https://www.filecloud.com/supportdocs/display/cloud/Advisory+2022-01-3+Threat+of+CSRF+via+User+Creation"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/166074/FileCloud-21.2-Cross-Site-Request-Forgery.html",
"url": "http://packetstormsecurity.com/files/166074/FileCloud-21.2-Cross-Site-Request-Forgery.html"
}
]
}

99
2022/25xxx/CVE-2022-25599.json
View File

@ -1,18 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-02-10T15:58:00.000Z",
"ID": "CVE-2022-25599",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress Spiffy Calendar plugin <= 4.9.0 - Event deletion via Cross-Site Request Forgery (CSRF) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spiffy Calendar (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 4.9.0",
"version_value": "4.9.0"
}
]
}
}
]
},
"vendor_name": "Spiffy Plugins"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Ngo Van Thien (Patchstack Red Team project)."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability leading to event deletion was discovered in Spiffy Calendar WordPress plugin (versions <= 4.9.0)."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/spiffy-calendar/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/spiffy-calendar/#developers"
},
{
"name": "https://patchstack.com/database/vulnerability/spiffy-calendar/wordpress-spiffy-calendar-plugin-4-9-0-event-deletion-via-cross-site-request-forgery-csrf-vulnerability",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/spiffy-calendar/wordpress-spiffy-calendar-plugin-4-9-0-event-deletion-via-cross-site-request-forgery-csrf-vulnerability"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to 4.9.1 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
}
}