admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-10-13 23:00:29 +00:00
parent 4943f95330
commit 9e3823a78a
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
14 changed files with 434 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
2022/31xxx/CVE-2022-31130.json
View File

@ -72,6 +72,11 @@
},
"references": {
"reference_data": [
{
"name": "https://github.com/grafana/grafana/releases/tag/v9.1.8",
"refsource": "MISC",
"url": "https://github.com/grafana/grafana/releases/tag/v9.1.8"
},
{
"name": "https://github.com/grafana/grafana/security/advisories/GHSA-jv32-5578-pxjc",
"refsource": "CONFIRM",
@ -86,11 +91,6 @@
"name": "https://github.com/grafana/grafana/commit/9da278c044ba605eb5a1886c48df9a2cb0d3885f",
"refsource": "MISC",
"url": "https://github.com/grafana/grafana/commit/9da278c044ba605eb5a1886c48df9a2cb0d3885f"
},
{
"name": "https://github.com/grafana/grafana/releases/tag/v9.1.8",
"refsource": "MISC",
"url": "https://github.com/grafana/grafana/releases/tag/v9.1.8"
}
]
},

56
2022/35xxx/CVE-2022-35134.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-35134",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-35134",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Boodskap IoT Platform v4.4.9-02 contains a cross-site scripting (XSS) vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://securityblog101.blogspot.com/2022/10/cve-id-cve-2022-35134.html",
"url": "https://securityblog101.blogspot.com/2022/10/cve-id-cve-2022-35134.html"
}
]
}

56
2022/35xxx/CVE-2022-35135.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-35135",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-35135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Boodskap IoT Platform v4.4.9-02 allows attackers to escalate privileges via a crafted request sent to /api/user/upsert/<uuid>."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://securityblog101.blogspot.com/2022/10/cve-id-cve-2022-35135-cve-2022-35136.html",
"url": "https://securityblog101.blogspot.com/2022/10/cve-id-cve-2022-35135-cve-2022-35136.html"
}
]
}

56
2022/35xxx/CVE-2022-35136.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-35136",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-35136",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Boodskap IoT Platform v4.4.9-02 allows attackers to make unauthenticated API requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://securityblog101.blogspot.com/2022/10/cve-id-cve-2022-35135-cve-2022-35136.html",
"url": "https://securityblog101.blogspot.com/2022/10/cve-id-cve-2022-35135-cve-2022-35136.html"
}
]
}

56
2022/35xxx/CVE-2022-35611.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-35611",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-35611",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Cross-Site Request Forgery (CSRF) in MQTTRoute v3.3 and below allows attackers to create and remove dashboards."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://securityblog101.blogspot.com/2022/10/cve-id-cve-2022-35611.html",
"url": "https://securityblog101.blogspot.com/2022/10/cve-id-cve-2022-35611.html"
}
]
}

56
2022/35xxx/CVE-2022-35612.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-35612",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-35612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cross-site scripting (XSS) vulnerability in MQTTRoute v3.3 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the dashboard name text field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://securityblog101.blogspot.com/2022/10/cve-id-cve-2022-35612.html",
"url": "https://securityblog101.blogspot.com/2022/10/cve-id-cve-2022-35612.html"
}
]
}

10
2022/39xxx/CVE-2022-39201.json
View File

@ -72,6 +72,11 @@
},
"references": {
"reference_data": [
{
"name": "https://github.com/grafana/grafana/releases/tag/v9.1.8",
"refsource": "MISC",
"url": "https://github.com/grafana/grafana/releases/tag/v9.1.8"
},
{
"name": "https://github.com/grafana/grafana/security/advisories/GHSA-x744-mm8v-vpgr",
"refsource": "CONFIRM",
@ -86,11 +91,6 @@
"name": "https://github.com/grafana/grafana/commit/c658816f5229d17f877579250c07799d3bbaebc9",
"refsource": "MISC",
"url": "https://github.com/grafana/grafana/commit/c658816f5229d17f877579250c07799d3bbaebc9"
},
{
"name": "https://github.com/grafana/grafana/releases/tag/v9.1.8",
"refsource": "MISC",
"url": "https://github.com/grafana/grafana/releases/tag/v9.1.8"
}
]
},

12
2022/39xxx/CVE-2022-39229.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "Grafana is an open source data visualization platform for metrics, logs, and traces. Versions prior to 9.1.8 and 8.5.14 allow one user to block another user's login attempt by registering someone else'e email address as a username. A Grafana users username and email address are unique fields, that means no other user can have the same username or email address as another user. A user can have an email address as a username. However, the login system allows users to log in with either username or email address. Since Grafana allows a user to log in with either their username or email address, this creates an usual behavior where `user_1` can register with one email address and `user_2` can register their username as `user_1`s email address. This prevents `user_1` logging into the application since `user_1`'s password wont match with `user_2`'s email address. Versions 9.1.8 and 8.5.14 contain a patch. There are no workarounds for this issue."
"value": "Grafana is an open source data visualization platform for metrics, logs, and traces. Versions prior to 9.1.8 and 8.5.14 allow one user to block another user's login attempt by registering someone else'e email address as a username. A Grafana user\u2019s username and email address are unique fields, that means no other user can have the same username or email address as another user. A user can have an email address as a username. However, the login system allows users to log in with either username or email address. Since Grafana allows a user to log in with either their username or email address, this creates an usual behavior where `user_1` can register with one email address and `user_2` can register their username as `user_1`\u2019s email address. This prevents `user_1` logging into the application since `user_1`'s password won\u2019t match with `user_2`'s email address. Versions 9.1.8 and 8.5.14 contain a patch. There are no workarounds for this issue."
}
]
},
@ -72,6 +72,11 @@
},
"references": {
"reference_data": [
{
"name": "https://github.com/grafana/grafana/releases/tag/v9.1.8",
"refsource": "MISC",
"url": "https://github.com/grafana/grafana/releases/tag/v9.1.8"
},
{
"name": "https://github.com/grafana/grafana/security/advisories/GHSA-gj7m-853r-289r",
"refsource": "CONFIRM",
@ -81,11 +86,6 @@
"name": "https://github.com/grafana/grafana/commit/5644758f0c5ae9955a4e5480d71f9bef57fdce35",
"refsource": "MISC",
"url": "https://github.com/grafana/grafana/commit/5644758f0c5ae9955a4e5480d71f9bef57fdce35"
},
{
"name": "https://github.com/grafana/grafana/releases/tag/v9.1.8",
"refsource": "MISC",
"url": "https://github.com/grafana/grafana/releases/tag/v9.1.8"
}
]
},

2
2022/39xxx/CVE-2022-39300.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "node SAML is a SAML 2.0 library based on the SAML implementation of passport-saml. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered. Users should upgrade to node-saml version 4.0.0-beta5 or newer. Disabling SAML authentication may be done as a workaround."
"value": "node SAML is a SAML 2.0 library based on the SAML implementation of passport-saml. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered. Users should upgrade to node-saml version 4.0.0-beta5 or newer. Disabling SAML authentication may be done as a workaround."
}
]
},

2
2022/39xxx/CVE-2022-39303.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "Ree6 is a moderation bot. This vulnerability allows manipulation of SQL queries. This issue has been patched in version 1.7.0 by using Javas PreparedStatements, which allow object setting without the risk of SQL injection. There are currently no known workarounds. \n\n"
"value": "Ree6 is a moderation bot. This vulnerability allows manipulation of SQL queries. This issue has been patched in version 1.7.0 by using Javas PreparedStatements, which allow object setting without the risk of SQL injection. There are currently no known workarounds."
}
]
},

56
2022/41xxx/CVE-2022-41390.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-41390",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-41390",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at download.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://gist.github.com/fgimenesp/a30dcc4fb7912334b6fb1b145a56ad88",
"url": "https://gist.github.com/fgimenesp/a30dcc4fb7912334b6fb1b145a56ad88"
}
]
}

56
2022/41xxx/CVE-2022-41391.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-41391",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-41391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at showImg.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://gist.github.com/fgimenesp/a30dcc4fb7912334b6fb1b145a56ad88",
"url": "https://gist.github.com/fgimenesp/a30dcc4fb7912334b6fb1b145a56ad88"
}
]
}

2
2022/42xxx/CVE-2022-42003.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled."
"value": "In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. Additional fix version in 2.13.4.1 and 2.12.17.1"
}
]
},

71
2022/42xxx/CVE-2022-42719.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42719",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-42719",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.14 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1204051",
"refsource": "MISC",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1204051"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/10/13/2",
"url": "http://www.openwall.com/lists/oss-security/2022/10/13/2"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/10/13/5",
"url": "http://www.openwall.com/lists/oss-security/2022/10/13/5"
},
{
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=ff05d4b45dd89b922578dac497dcabf57cf771c6",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=ff05d4b45dd89b922578dac497dcabf57cf771c6"
}
]
}