admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-09-16 21:00:33 +00:00
parent 8e4d22c50b
commit 9a46d04d1e
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
22 changed files with 799 additions and 420 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

116
2017/20xxx/CVE-2017-20046.json
View File

@ -4,124 +4,14 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-20046",
"TITLE": "AXIS P1204/P3225/P3367/M3045/M3005/M3007 cross-site request forgery",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "product-security@axis.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "AXIS",
"product": {
"product_data": [
{
"product_name": "P1204",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "P3225",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "P3367",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "M3045",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "M3005",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "M3007",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery"
}
]
}
]
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as problematic has been found in AXIS P1204, P3225, P3367, M3045, M3005 and M3007. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. It is recommended to upgrade the affected component."
}
]
},
"credit": "David Wearing",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "5.0",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
"url": "http://seclists.org/fulldisclosure/2017/Mar/41",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2017/Mar/41"
},
{
"url": "https://vuldb.com/?id.98910",
"refsource": "MISC",
"name": "https://vuldb.com/?id.98910"
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This CVE has been rejected since it is out of scope in accordance to the Vulnerability Policy of Axis: https://www.axis.com/dam/public/76/fe/26/axis-vulnerability-management-policy-en-US-375421.pdf. Notes: none."
}
]
}

121
2017/20xxx/CVE-2017-20048.json
View File

@ -4,129 +4,14 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-20048",
"TITLE": "AXIS P1204/P3225/P3367/M3045/M3005/M3007 Script Editor cross-site request forgery",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "product-security@axis.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "AXIS",
"product": {
"product_data": [
{
"product_name": "P1204",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "P3225",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "P3367",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "M3045",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "M3005",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "M3007",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery"
}
]
}
]
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as critical, has been found in AXIS P1204, P3225, P3367, M3045, M3005 and M3007. Affected by this issue is some unknown functionality of the component Script Editor. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component."
}
]
},
"credit": "David Wearing",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "8.8",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
},
"references": {
"reference_data": [
{
"url": "http://seclists.org/fulldisclosure/2017/Mar/41",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2017/Mar/41"
},
{
"url": "https://seclists.org/fulldisclosure/2017/Mar/41",
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2017/Mar/41"
},
{
"url": "https://vuldb.com/?id.98912",
"refsource": "MISC",
"name": "https://vuldb.com/?id.98912"
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This CVE has been rejected since it is out of scope in accordance to the Vulnerability Policy of Axis: https://www.axis.com/dam/public/76/fe/26/axis-vulnerability-management-policy-en-US-375421.pdf. Notes: none."
}
]
}

116
2017/20xxx/CVE-2017-20050.json
View File

@ -4,124 +4,14 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-20050",
"TITLE": "AXIS P1204/P3225/P3367/M3045/M3005/M3007 Web Interface access control",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "product-security@axis.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "AXIS",
"product": {
"product_data": [
{
"product_name": "P1204",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "P3225",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "P3367",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "M3045",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "M3005",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "M3007",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Improper Access Controls"
}
]
}
]
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been found in AXIS P1204, P3225, P3367, M3045, M3005 and M3007 and classified as problematic. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. It is recommended to upgrade the affected component."
}
]
},
"credit": "David Wearing",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "5.6",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
"url": "http://seclists.org/fulldisclosure/2017/Mar/41",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2017/Mar/41"
},
{
"url": "https://vuldb.com/?id.98914",
"refsource": "MISC",
"name": "https://vuldb.com/?id.98914"
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This CVE has been rejected due to lack of sufficient information on how to reproduce the vulnerability. Notes: none."
}
]
}

81
2022/28xxx/CVE-2022-28758.json
View File

@ -1,18 +1,87 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@zoom.us",
"DATE_PUBLIC": "2022-09-13",
"ID": "CVE-2022-28758",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Zoom On-Premise Deployments: Improper Access Control"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zoom On-Premise Meeting Connector MMR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "4.8.20220815.130"
}
]
}
}
]
},
"vendor_name": "Zoom Video Communications Inc"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/",
"name": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

83
2022/29xxx/CVE-2022-29489.json
View File

@ -1,18 +1,89 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-09-14T14:19:00.000Z",
"ID": "CVE-2022-29489",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress Sucuri Security plugin <= 1.8.33 - Cross-Site Request Forgery (CSRF) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sucuri Security (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 1.8.33",
"version_value": "1.8.33"
}
]
}
}
]
},
"vendor_name": "Sucuri Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Rafie Muhammad aka Yeraisci (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Sucuri Security plugin <= 1.8.33 at WordPress leading to Event log entry creation."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://patchstack.com/database/vulnerability/sucuri-scanner/wordpress-sucuri-security-plugin-1-8-33-cross-site-request-forgery-csrf-vulnerability",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/sucuri-scanner/wordpress-sucuri-security-plugin-1-8-33-cross-site-request-forgery-csrf-vulnerability"
},
{
"name": "https://wordpress.org/plugins/sucuri-scanner/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/sucuri-scanner/#developers"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to 1.8.34 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

106
2022/2xxx/CVE-2022-2332.json
View File

@ -1,18 +1,110 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-09-13T21:40:00.000Z",
"ID": "CVE-2022-2332",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Honeywell SoftMaster Incorrect Permission Assignment for Critical Resource"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SoftMaster",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.51"
}
]
}
}
]
},
"vendor_name": "Honeywell"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Noam Moshe of Claroty Research reported these vulnerabilities to Honeywell."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A local unprivileged attacker may escalate to administrator privileges in Honeywell SoftMaster version 4.51, due to insecure permission assignment."
}
]
}
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732: Incorrect Permission Assignment for Critical Resource"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-02",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-02"
},
{
"name": "https://www.security.honeywell.com/-/media/Security/Resources/PDF/Product-Warranty/Security_Notification_SN_2019-09-13-02_V4-pdf.pdf",
"refsource": "CONFIRM",
"url": "https://www.security.honeywell.com/-/media/Security/Resources/PDF/Product-Warranty/Security_Notification_SN_2019-09-13-02_V4-pdf.pdf"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Honeywell has released firmware update packages for the affected products on their website.\nMore information can be found in the Honeywell Security Notification SN2022-08-31 01 SoftMaster-R4.7"
}
],
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Honeywell recommends users with potentially affected products take the following steps to protect themselves:\nUpdate firmware of vulnerable and affected devices.\nIsolate systems from the internet or create additional layers of defense to their system from the internet by placing the affected hardware behind a firewall or into a demilitarized zone (DMZ).\nIf remote connections to the network are required, then users should consider using a VPN or other means to ensure secure remote connections into the network where the device is located.\n\nMore information can be found in the Honeywell Security Notification SN2022-08-31 01 SoftMaster-R4.7"
}
]
}

106
2022/2xxx/CVE-2022-2333.json
View File

@ -1,18 +1,110 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-09-13T21:40:00.000Z",
"ID": "CVE-2022-2333",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Honeywell SoftMaster Uncontrolled Search Path Element"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SoftMaster",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.51"
}
]
}
}
]
},
"vendor_name": "Honeywell"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Noam Moshe of Claroty Research reported these vulnerabilities to Honeywell."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "If an attacker manages to trick a valid user into loading a malicious DLL, the attacker may be able to achieve code execution in Honeywell SoftMaster version 4.51 application\u2019s context and permissions."
}
]
}
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427: Uncontrolled Search Path Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-02",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-02"
},
{
"name": "https://www.security.honeywell.com/-/media/Security/Resources/PDF/Product-Warranty/Security_Notification_SN_2019-09-13-02_V4-pdf.pdf",
"refsource": "CONFIRM",
"url": "https://www.security.honeywell.com/-/media/Security/Resources/PDF/Product-Warranty/Security_Notification_SN_2019-09-13-02_V4-pdf.pdf"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Honeywell has released firmware update packages for the affected products on their website.\nMore information can be found in the Honeywell Security Notification SN2022-08-31 01 SoftMaster-R4.7"
}
],
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Honeywell recommends users with potentially affected products take the following steps to protect themselves:\nUpdate firmware of vulnerable and affected devices.\nIsolate systems from the internet or create additional layers of defense to their system from the internet by placing the affected hardware behind a firewall or into a demilitarized zone (DMZ).\nIf remote connections to the network are required, then users should consider using a VPN or other means to ensure secure remote connections into the network where the device is located.\n\nMore information can be found in the Honeywell Security Notification SN2022-08-31 01 SoftMaster-R4.7"
}
]
}

61
2022/35xxx/CVE-2022-35194.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-35194",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-35194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TestLink v1.9.20 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /lib/inventory/inventoryView.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/HuangYuHsiangPhone/CVEs/",
"refsource": "MISC",
"name": "https://github.com/HuangYuHsiangPhone/CVEs/"
},
{
"refsource": "MISC",
"name": "https://github.com/HuangYuHsiangPhone/CVEs/tree/main/TestLink/CVE-2022-35194",
"url": "https://github.com/HuangYuHsiangPhone/CVEs/tree/main/TestLink/CVE-2022-35194"
}
]
}

14
2022/35xxx/CVE-2022-35882.json
View File

@ -4,7 +4,7 @@
"DATE_PUBLIC": "2022-07-27T23:02:00.000Z",
"ID": "CVE-2022-35882",
"STATE": "PUBLIC",
"TITLE": "WordPress GS Testimonial Slider plugin <= 1.9.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability"
"TITLE": "WordPress GS Testimonial Slider plugin <= 1.9.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability"
},
"affects": {
"vendor": {
@ -18,8 +18,8 @@
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 1.9.1",
"version_value": "1.9.1"
"version_name": "<= 1.9.5",
"version_value": "1.9.5"
}
]
}
@ -44,7 +44,7 @@
"description_data": [
{
"lang": "eng",
"value": "Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in GS Plugins GS Testimonial Slider plugin <= 1.9.1 at WordPress."
"value": "Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in GS Plugins GS Testimonial Slider plugin <= 1.9.5 at WordPress."
}
]
},
@ -93,6 +93,12 @@
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to 1.9.6 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
}

2
2022/35xxx/CVE-2022-35959.json
View File

@ -41,7 +41,7 @@
"description_data": [
{
"lang": "eng",
"value": "TensorFlow is an open source platform for machine learning. The implementation of `AvgPool3DGradOp` does not fully validate the input `orig_input_shape`. This results in an overflow that results in a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 9178ac9d6389bdc54638ab913ea0e419234d14eb. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue."
"value": "TensorFlow is an open source platform for machine learning. The implementation of `AvgPool3DGradOp` does not fully validate the input `orig_input_shape`. This results in an overflow that results in a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 9178ac9d6389bdc54638ab913ea0e419234d14eb. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue."
}
]
},

2
2022/35xxx/CVE-2022-35963.json
View File

@ -41,7 +41,7 @@
"description_data": [
{
"lang": "eng",
"value": "TensorFlow is an open source platform for machine learning. The implementation of `FractionalAvgPoolGrad` does not fully validate the input `orig_input_tensor_shape`. This results in an overflow that results in a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 03a659d7be9a1154fdf5eeac221e5950fec07dad. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue."
"value": "TensorFlow is an open source platform for machine learning. The implementation of `FractionalAvgPoolGrad` does not fully validate the input `orig_input_tensor_shape`. This results in an overflow that results in a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 03a659d7be9a1154fdf5eeac221e5950fec07dad. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue."
}
]
},

10
2022/35xxx/CVE-2022-35968.json
View File

@ -75,15 +75,15 @@
},
"references": {
"reference_data": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2475-53vw-vp25",
"refsource": "CONFIRM",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2475-53vw-vp25"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/3a6ac52664c6c095aa2b114e742b0aa17fdce78f",
"refsource": "MISC",
"url": "https://github.com/tensorflow/tensorflow/commit/3a6ac52664c6c095aa2b114e742b0aa17fdce78f"
},
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2475-53vw-vp25",
"refsource": "CONFIRM",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2475-53vw-vp25"
}
]
},

2
2022/35xxx/CVE-2022-35970.json
View File

@ -41,7 +41,7 @@
"description_data": [
{
"lang": "eng",
"value": "TensorFlow is an open source platform for machine learning. If `QuantizedInstanceNorm` is given `x_min` or `x_max` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.\n"
"value": "TensorFlow is an open source platform for machine learning. If `QuantizedInstanceNorm` is given `x_min` or `x_max` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue."
}
]
},

10
2022/35xxx/CVE-2022-35971.json
View File

@ -75,15 +75,15 @@
},
"references": {
"reference_data": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9fpg-838v-wpv7",
"refsource": "CONFIRM",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9fpg-838v-wpv7"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0",
"refsource": "MISC",
"url": "https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0"
},
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9fpg-838v-wpv7",
"refsource": "CONFIRM",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9fpg-838v-wpv7"
}
]
},

61
2022/37xxx/CVE-2022-37247.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-37247",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-37247",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting (XSS) via /admin/settings/fields page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/craftcms/cms/commit/cedeba0609e4b173cd584dae7f33c5f713f19627",
"refsource": "MISC",
"name": "https://github.com/craftcms/cms/commit/cedeba0609e4b173cd584dae7f33c5f713f19627"
},
{
"refsource": "MISC",
"name": "https://labs.integrity.pt/advisories/cve-2022-37247/",
"url": "https://labs.integrity.pt/advisories/cve-2022-37247/"
}
]
}

61
2022/37xxx/CVE-2022-37251.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-37251",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-37251",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Drafts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://craft.com",
"refsource": "MISC",
"name": "http://craft.com"
},
{
"refsource": "MISC",
"name": "https://labs.integrity.pt/advisories/cve-2022-37251/",
"url": "https://labs.integrity.pt/advisories/cve-2022-37251/"
}
]
}

66
2022/37xxx/CVE-2022-37258.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-37258",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-37258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the packageName variable in npm-convert.js."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/stealjs/steal/blob/c9dd1eb19ed3f97aeb93cf9dcea5d68ad5d0ced9/ext/npm-convert.js#L362",
"refsource": "MISC",
"name": "https://github.com/stealjs/steal/blob/c9dd1eb19ed3f97aeb93cf9dcea5d68ad5d0ced9/ext/npm-convert.js#L362"
},
{
"url": "https://github.com/stealjs/steal/blob/c9dd1eb19ed3f97aeb93cf9dcea5d68ad5d0ced9/ext/npm-convert.js#L369",
"refsource": "MISC",
"name": "https://github.com/stealjs/steal/blob/c9dd1eb19ed3f97aeb93cf9dcea5d68ad5d0ced9/ext/npm-convert.js#L369"
},
{
"refsource": "MISC",
"name": "https://github.com/stealjs/steal/issues/1527",
"url": "https://github.com/stealjs/steal/issues/1527"
}
]
}

66
2022/37xxx/CVE-2022-37709.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-37709",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-37709",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tesla Model 3 V11.0(2022.4.5.1 6b701552d7a6) Tesla mobile app v4.23 is vulnerable to Authentication Bypass by spoofing. Tesla Model 3's Phone Key authentication is vulnerable to Man-in-the-middle attacks in the BLE channel. It allows attackers to open a door and drive the car away by leveraging access to a legitimate Phone Key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/fmsh-seclab/TesMla",
"refsource": "MISC",
"name": "https://github.com/fmsh-seclab/TesMla"
},
{
"url": "https://youtu.be/cPhYW5FzA9A",
"refsource": "MISC",
"name": "https://youtu.be/cPhYW5FzA9A"
},
{
"refsource": "MISC",
"name": "https://fmsh-seclab.github.io/",
"url": "https://fmsh-seclab.github.io/"
}
]
}

5
2022/37xxx/CVE-2022-37969.json
View File

@ -292,6 +292,11 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37969",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37969"
},
{
"refsource": "MISC",
"name": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0039/MNDT-2022-0039.md",
"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0039/MNDT-2022-0039.md"
}
]
},

50
2022/3xxx/CVE-2022-3217.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3217",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "VISAM VBASE",
"version": {
"version_data": [
{
"version_value": "11.7.0.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2022-31",
"url": "https://www.tenable.com/security/research/tra-2022-31"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "When logging in to a VBASE runtime project via Web-Remote, the product uses XOR with a static initial key to obfuscate login messages. An unauthenticated remote attacker with the ability to capture a login session can obtain the login credentials."
}
]
}

62
2022/40xxx/CVE-2022-40755.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-40755",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "JasPer 3.0.6 allows denial of service via a reachable assertion in the function inttobits in libjasper/base/jas_image.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/jasper-software/jasper/issues/338",
"refsource": "MISC",
"name": "https://github.com/jasper-software/jasper/issues/338"
}
]
}
}

18
2022/40xxx/CVE-2022-40756.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-40756",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}