admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-09-16 16:00:35 +00:00
parent 58246fbcfb
commit a15da77f30
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
14 changed files with 442 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2020/2xxx/CVE-2020-2038.json
View File

@ -126,6 +126,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/168008/PAN-OS-10.0-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/168008/PAN-OS-10.0-Remote-Code-Execution.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/168408/Palo-Alto-Networks-Authenticated-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/168408/Palo-Alto-Networks-Authenticated-Remote-Code-Execution.html"
}
]
},

66
2021/42xxx/CVE-2021-42948.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-42948",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-42948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.hoteldruid.com/",
"refsource": "MISC",
"name": "https://www.hoteldruid.com/"
},
{
"url": "https://github.com/dhammon/Security",
"refsource": "MISC",
"name": "https://github.com/dhammon/Security"
},
{
"refsource": "MISC",
"name": "https://github.com/dhammon/HotelDruid-CVE-2021-42948",
"url": "https://github.com/dhammon/HotelDruid-CVE-2021-42948"
}
]
}

5
2022/0xxx/CVE-2022-0507.json
View File

@ -84,6 +84,11 @@
"name": "https://www.incibe.es/en/cve-assignment-publication/coordinated-cves",
"refsource": "CONFIRM",
"url": "https://www.incibe.es/en/cve-assignment-publication/coordinated-cves"
},
{
"refsource": "MISC",
"name": "https://khoori.org/posts/cve-2022-0507/",
"url": "https://khoori.org/posts/cve-2022-0507/"
}
]
},

5
2022/27xxx/CVE-2022-27668.json
View File

@ -114,6 +114,11 @@
"refsource": "FULLDISC",
"name": "20220915 SEC Consult SA-20220914-0 :: Improper Access Control in SAP SAProuter",
"url": "http://seclists.org/fulldisclosure/2022/Sep/17"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/168406/SAP-SAProuter-Improper-Access-Control.html",
"url": "http://packetstormsecurity.com/files/168406/SAP-SAProuter-Improper-Access-Control.html"
}
]
}

5
2022/29xxx/CVE-2022-29614.json
View File

@ -138,6 +138,11 @@
"refsource": "FULLDISC",
"name": "20220915 SEC Consult SA-20220915-0 :: Local Privilege Escalation im SAP SAPControl Web Service Interface (sapuxuserchk)",
"url": "http://seclists.org/fulldisclosure/2022/Sep/18"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/168409/SAP-SAPControl-Web-Service-Interface-Local-Privilege-Escalation.html",
"url": "http://packetstormsecurity.com/files/168409/SAP-SAPControl-Web-Service-Interface-Local-Privilege-Escalation.html"
}
]
}

61
2022/35xxx/CVE-2022-35193.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-35193",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-35193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TestLink v1.9.20 was discovered to contain a SQL injection vulnerability via /lib/execute/execNavigator.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/HuangYuHsiangPhone/CVEs/",
"refsource": "MISC",
"name": "https://github.com/HuangYuHsiangPhone/CVEs/"
},
{
"refsource": "MISC",
"name": "https://github.com/HuangYuHsiangPhone/CVEs/tree/main/TestLink/CVE-2022-35193",
"url": "https://github.com/HuangYuHsiangPhone/CVEs/tree/main/TestLink/CVE-2022-35193"
}
]
}

61
2022/35xxx/CVE-2022-35195.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-35195",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-35195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TestLink 1.9.20 Raijin was discovered to contain a broken access control vulnerability at /lib/attachments/attachmentdownload.php"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/HuangYuHsiangPhone/CVEs/",
"refsource": "MISC",
"name": "https://github.com/HuangYuHsiangPhone/CVEs/"
},
{
"refsource": "MISC",
"name": "https://github.com/HuangYuHsiangPhone/CVEs/tree/main/TestLink/CVE-2022-35195",
"url": "https://github.com/HuangYuHsiangPhone/CVEs/tree/main/TestLink/CVE-2022-35195"
}
]
}

2
2022/36xxx/CVE-2022-36201.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Doctor's Appointment System 1.0 is vulnerable to SQL Injection via booking.php has ?id=."
"value": "Doctor\u2019s Appointment System v1.0 is vulnerable to Blind SQLi via settings.php."
}
]
},

61
2022/37xxx/CVE-2022-37248.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-37248",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-37248",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via src/helpers/Cp.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/craftcms/cms/commit/cedeba0609e4b173cd584dae7f33c5f713f19627",
"refsource": "MISC",
"name": "https://github.com/craftcms/cms/commit/cedeba0609e4b173cd584dae7f33c5f713f19627"
},
{
"refsource": "MISC",
"name": "https://labs.integrity.pt/advisories/cve-2022-37248/",
"url": "https://labs.integrity.pt/advisories/cve-2022-37248/"
}
]
}

56
2022/38xxx/CVE-2022-38877.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-38877",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-38877",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Garage Management System v1.0 is vulnerable to Arbitrary code execution via ip/garage/php_action/editProductImage.php?id=1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/MagicWHat/bug_report/blob/main/vendors/mayuri_k/garage-management-system/RCE-1.md",
"url": "https://github.com/MagicWHat/bug_report/blob/main/vendors/mayuri_k/garage-management-system/RCE-1.md"
}
]
}

56
2022/38xxx/CVE-2022-38878.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-38878",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-38878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/event/index.php?view=edit&id=."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/MagicWHat/bug_report/blob/main/vendors/wsatm/school-activity-updates-sms-notification/SQLi-1.md",
"url": "https://github.com/MagicWHat/bug_report/blob/main/vendors/wsatm/school-activity-updates-sms-notification/SQLi-1.md"
}
]
}

18
2022/3xxx/CVE-2022-3231.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3231",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

66
2022/40xxx/CVE-2022-40337.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-40337",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-40337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OASES (aka Open Aviation Strategic Engineering System) 8.8.0.2 allows attackers to execute arbitrary code via the Open Print Folder menu."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.aspiresoftware.com/companies/oases/",
"refsource": "MISC",
"name": "https://www.aspiresoftware.com/companies/oases/"
},
{
"url": "https://oases.aero/",
"refsource": "MISC",
"name": "https://oases.aero/"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/Delson704557/df06fcee0b2676d611aef799e1c4a0e6",
"url": "https://gist.github.com/Delson704557/df06fcee0b2676d611aef799e1c4a0e6"
}
]
}

18
2022/40xxx/CVE-2022-40743.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-40743",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}