admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-10-12 00:00:33 +00:00
parent 67ea6f2e52
commit 9ec7021691
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
17 changed files with 499 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
2021/43xxx/CVE-2021-43997.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Amazon FreeRTOS 10.2.0 through 10.4.5 on the ARMv7-M and ARMv8-M MPU platforms does not prevent non-kernel code from calling the xPortRaisePrivilege and vPortResetPrivilege internal functions. This is fixed in 10.4.6 and in 10.4.3-LTS Patch 2."
"value": "FreeRTOS versions 10.2.0 through 10.4.5 do not prevent non-kernel code from calling the xPortRaisePrivilege internal function to raise privilege. FreeRTOS versions through 10.4.6 do not prevent a third party that has already independently gained the ability to execute injected code to achieve further privilege escalation by branching directly inside a FreeRTOS MPU API wrapper function with a manually crafted stack frame. These issues affect ARMv7-M MPU ports, and ARMv8-M ports with MPU support enabled (i.e. configENABLE_MPU set to 1). These are fixed in V10.5.0 and in V10.4.3-LTS Patch 3."
}
]
},
@ -61,6 +61,16 @@
"url": "https://github.com/FreeRTOS/FreeRTOS-Kernel/releases/tag/V10.4.6",
"refsource": "MISC",
"name": "https://github.com/FreeRTOS/FreeRTOS-Kernel/releases/tag/V10.4.6"
},
{
"refsource": "MISC",
"name": "https://github.com/FreeRTOS/FreeRTOS-Kernel/releases/tag/V10.5.0",
"url": "https://github.com/FreeRTOS/FreeRTOS-Kernel/releases/tag/V10.5.0"
},
{
"refsource": "MISC",
"name": "https://github.com/FreeRTOS/FreeRTOS-Kernel/releases/tag/V10.4.3-LTS-Patch-3",
"url": "https://github.com/FreeRTOS/FreeRTOS-Kernel/releases/tag/V10.4.3-LTS-Patch-3"
}
]
}

61
2022/28xxx/CVE-2022-28866.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-28866",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-28866",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple Improper Access Control was discovered in Nokia AirFrame BMC Web GUI < R18 Firmware v4.13.00. It does not properly validate requests for access to (or editing of) data and functionality in all endpoints under /#settings/* and /api/settings/*. By not verifying the permissions for access to resources, it allows a potential attacker to view pages, with sensitive data, that are not allowed, and modify system configurations also causing DoS, which should be accessed only by user with administration profile, bypassing all controls (without checking for user identity)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html",
"refsource": "MISC",
"name": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html"
},
{
"refsource": "MISC",
"name": "https://www.gruppotim.it/it/footer/red-team.html",
"url": "https://www.gruppotim.it/it/footer/red-team.html"
}
]
}

4
2022/40xxx/CVE-2022-40157.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ASSIGNER": "security@google.com",
"ID": "CVE-2022-40157",
"STATE": "PUBLIC",
"TITLE": "Stack Overflow in JXPath"
@ -83,4 +83,4 @@
"source": {
"discovery": "INTERNAL"
}
}
}

4
2022/40xxx/CVE-2022-40158.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ASSIGNER": "security@google.com",
"ID": "CVE-2022-40158",
"STATE": "PUBLIC",
"TITLE": "Stack Overflow in JXPath"
@ -83,4 +83,4 @@
"source": {
"discovery": "INTERNAL"
}
}
}

4
2022/40xxx/CVE-2022-40159.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ASSIGNER": "security@google.com",
"ID": "CVE-2022-40159",
"STATE": "PUBLIC",
"TITLE": "Stack Overflow in JXPath"
@ -83,4 +83,4 @@
"source": {
"discovery": "INTERNAL"
}
}
}

4
2022/40xxx/CVE-2022-40160.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ASSIGNER": "security@google.com",
"ID": "CVE-2022-40160",
"STATE": "PUBLIC",
"TITLE": "Stack Overflow in JXPath"
@ -83,4 +83,4 @@
"source": {
"discovery": "INTERNAL"
}
}
}

4
2022/40xxx/CVE-2022-40161.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ASSIGNER": "security@google.com",
"ID": "CVE-2022-40161",
"STATE": "PUBLIC",
"TITLE": "Stack Overflow in JXPath"
@ -83,4 +83,4 @@
"source": {
"discovery": "INTERNAL"
}
}
}

66
2022/40xxx/CVE-2022-40440.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-40440",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-40440",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "mxGraph v4.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the setTooltips() function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://mxgraph.com",
"refsource": "MISC",
"name": "http://mxgraph.com"
},
{
"url": "https://github.com/jgraph/mxgraph",
"refsource": "MISC",
"name": "https://github.com/jgraph/mxgraph"
},
{
"refsource": "MISC",
"name": "https://github.com/SxB64/mxgraph-xss-vul/wiki",
"url": "https://github.com/SxB64/mxgraph-xss-vul/wiki"
}
]
}

7
2022/40xxx/CVE-2022-40468.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Tinyproxy commit 84f203f and earlier does not process HTTP request lines in the process_request() function and is using uninitialized buffers. This vulnerability allows attackers to access sensitive information at system runtime."
"value": "Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in process_request() function."
}
]
},
@ -66,6 +66,11 @@
"url": "https://github.com/tinyproxy/tinyproxy/issues/457",
"refsource": "MISC",
"name": "https://github.com/tinyproxy/tinyproxy/issues/457"
},
{
"refsource": "MISC",
"name": "https://github.com/tinyproxy/tinyproxy/issues/457#issuecomment-1264176815",
"url": "https://github.com/tinyproxy/tinyproxy/issues/457#issuecomment-1264176815"
}
]
}

56
2022/40xxx/CVE-2022-40921.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-40921",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-40921",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "DedeCMS V5.7.99 was discovered to contain an arbitrary file upload vulnerability via the component /dede/file_manage_control.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/T4nGg/DedeCMS-V5.7.99-File-Upload/",
"refsource": "MISC",
"name": "https://github.com/T4nGg/DedeCMS-V5.7.99-File-Upload/"
}
]
}

56
2022/41xxx/CVE-2022-41406.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-41406",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-41406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An arbitrary file upload vulnerability in the /admin/admin_pic.php component of Church Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/CokuTau-CH/Bug_report/blob/main/vendors/Godfrey%20De%20Blessed/church-management-system/RCE-1.md",
"url": "https://github.com/CokuTau-CH/Bug_report/blob/main/vendors/Godfrey%20De%20Blessed/church-management-system/RCE-1.md"
}
]
}

56
2022/41xxx/CVE-2022-41407.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-41407",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-41407",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/CokuTau-CH/Bug_report/blob/main/vendors/oretnom23/online-pet-shop-we-app/SQLi-2.md",
"url": "https://github.com/CokuTau-CH/Bug_report/blob/main/vendors/oretnom23/online-pet-shop-we-app/SQLi-2.md"
}
]
}

56
2022/41xxx/CVE-2022-41408.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-41408",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-41408",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.github.com",
"refsource": "MISC",
"name": "https://www.github.com"
}
]
}

56
2022/41xxx/CVE-2022-41530.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-41530",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-41530",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_borrower."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/yueleve/bug_report/blob/main/vendots/mayuri_k/open-source-sacco-management-system/SQLi-2.md",
"url": "https://github.com/yueleve/bug_report/blob/main/vendots/mayuri_k/open-source-sacco-management-system/SQLi-2.md"
}
]
}

56
2022/41xxx/CVE-2022-41532.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-41532",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-41532",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_plan."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/yueleve/bug_report/blob/main/vendots/mayuri_k/open-source-sacco-management-system/SQLi-1.md",
"url": "https://github.com/yueleve/bug_report/blob/main/vendots/mayuri_k/open-source-sacco-management-system/SQLi-1.md"
}
]
}

61
2022/41xxx/CVE-2022-41606.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-41606",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-41606",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5 jobs submitted with an artifact stanza using invalid S3 or GCS URLs can be used to crash client agents. Fixed in 1.2.13, 1.3.6, and 1.4.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://discuss.hashicorp.com",
"refsource": "MISC",
"name": "https://discuss.hashicorp.com"
},
{
"refsource": "MISC",
"name": "https://discuss.hashicorp.com/t/hcsec-2022-22-nomad-panics-on-job-submission-with-bad-artifact-stanza-source-url/45420",
"url": "https://discuss.hashicorp.com/t/hcsec-2022-22-nomad-panics-on-job-submission-with-bad-artifact-stanza-source-url/45420"
}
]
}

4
2022/41xxx/CVE-2022-41852.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ASSIGNER": "security@google.com",
"DATE_PUBLIC": "2022-07-28T22:00:00.000Z",
"ID": "CVE-2022-41852",
"STATE": "PUBLIC",
@ -84,4 +84,4 @@
"source": {
"discovery": "INTERNAL"
}
}
}