admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-12-28 21:00:44 +00:00
parent 631c156e28
commit a5c75908b4
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
13 changed files with 829 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
2018/25xxx/CVE-2018-25057.json Normal file
View File

@ -0,0 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2018-25057",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in simple_php_link_shortener. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument $link[\"id\"] leads to sql injection. The name of the patch is b26ac6480761635ed94ccb0222ba6b732de6e53f. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216996."
},
{
"lang": "deu",
"value": "Es wurde eine kritische Schwachstelle in simple_php_link_shortener ausgemacht. Hiervon betroffen ist ein unbekannter Codeblock der Datei index.php. Durch Beeinflussen des Arguments $link[\"id\"] mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als b26ac6480761635ed94ccb0222ba6b732de6e53f bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "simple_php_link_shortener",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.216996",
"refsource": "MISC",
"name": "https://vuldb.com/?id.216996"
},
{
"url": "https://vuldb.com/?ctiid.216996",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.216996"
},
{
"url": "https://github.com/mikebharris/simple_php_link_shortener/commit/b26ac6480761635ed94ccb0222ba6b732de6e53f",
"refsource": "MISC",
"name": "https://github.com/mikebharris/simple_php_link_shortener/commit/b26ac6480761635ed94ccb0222ba6b732de6e53f"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.5,
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.5,
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
}
]
}
}

5
2020/15xxx/CVE-2020-15778.json
View File

@ -71,6 +71,11 @@
"refsource": "MISC",
"name": "https://news.ycombinator.com/item?id=25005567",
"url": "https://news.ycombinator.com/item?id=25005567"
},
{
"refsource": "GENTOO",
"name": "GLSA-202212-06",
"url": "https://security.gentoo.org/glsa/202212-06"
}
]
}

5
2022/47xxx/CVE-2022-47629.json
View File

@ -71,6 +71,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20221224 [SECURITY] [DLA 3248-1] libksba security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00035.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202212-07",
"url": "https://security.gentoo.org/glsa/202212-07"
}
]
}

95
2022/4xxx/CVE-2022-4229.json
View File

@ -1,15 +1,37 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4229",
"TITLE": "SourceCodester Book Store Management System index.php access control",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as critical was found in SourceCodester Book Store Management System 1.0. This vulnerability affects unknown code of the file /bsms_ci/index.php. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214588."
},
{
"lang": "deu",
"value": "In SourceCodester Book Store Management System 1.0 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /bsms_ci/index.php. Dank der Manipulation mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Controls",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -22,7 +44,8 @@
"version": {
"version_data": [
{
"version_value": "1.0"
"version_value": "1.0",
"version_affected": "="
}
]
}
@ -33,33 +56,6 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-266 Incorrect Privilege Assignment -> CWE-284 Improper Access Controls"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as critical was found in SourceCodester Book Store Management System 1.0. This vulnerability affects unknown code of the file /bsms_ci/index.php. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214588."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "7.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
@ -71,6 +67,41 @@
"url": "https://vuldb.com/?id.214588",
"refsource": "MISC",
"name": "https://vuldb.com/?id.214588"
},
{
"url": "https://vuldb.com/?ctiid.214588",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.214588"
}
]
},
"credits": [
{
"lang": "en",
"value": "Ngo Van Tu"
},
{
"lang": "en",
"value": "Huynh Nhat Hao"
},
{
"lang": "en",
"value": "leecybersec (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 7.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 7.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
}
]
}

99
2022/4xxx/CVE-2022-4611.json
View File

@ -1,15 +1,37 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4611",
"TITLE": "Click Studios Passwordstate hard-coded credentials",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as problematic, was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This affects an unknown part. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-216273 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Es wurde eine problematische Schwachstelle in Click Studios Passwordstate and Passwordstate Browser Extension Chrome gefunden. Dabei betrifft es einen unbekannter Codeteil. Mit der Manipulation mit unbekannten Daten kann eine hard-coded credentials-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Hard-coded Credentials",
"cweId": "CWE-798"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -22,7 +44,8 @@
"version": {
"version_data": [
{
"version_value": "n/a"
"version_value": "n/a",
"version_affected": "="
}
]
}
@ -32,7 +55,8 @@
"version": {
"version_data": [
{
"version_value": "n/a"
"version_value": "n/a",
"version_affected": "="
}
]
}
@ -43,34 +67,6 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-255 Credentials Management -> CWE-259 Use of Hard-coded Password -> CWE-798 Hard-coded Credentials"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as problematic, was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This affects an unknown part. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-216273 was assigned to this vulnerability."
}
]
},
"credit": "Constantin M\u00fcller/Jan Benninger/Pascal Zenker",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "4.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
}
},
"references": {
"reference_data": [
{
@ -82,6 +78,41 @@
"url": "https://vuldb.com/?id.216273",
"refsource": "MISC",
"name": "https://vuldb.com/?id.216273"
},
{
"url": "https://vuldb.com/?ctiid.216273",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.216273"
}
]
},
"credits": [
{
"lang": "en",
"value": "Constantin M\u00fcller"
},
{
"lang": "en",
"value": "Jan Benninger"
},
{
"lang": "en",
"value": "Pascal Zenker"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "MEDIUM"
}
]
}

4
2022/4xxx/CVE-2022-4685.json
View File

@ -4,7 +4,7 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4685",
"ASSIGNER": "security@huntr.dev",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
@ -15,4 +15,4 @@
}
]
}
}
}

6
2022/4xxx/CVE-2022-4739.json
View File

@ -70,6 +70,12 @@
}
]
},
"credits": [
{
"lang": "en",
"value": "Madhur Jain (VulDB User)"
}
],
"impact": {
"cvss": [
{

104
2022/4xxx/CVE-2022-4818.json Normal file
View File

@ -0,0 +1,104 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-4818",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Talend Open Studio for MDM. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file org.talend.mdm.core/src/com/amalto/core/storage/SystemStorageWrapper.java. The manipulation leads to xml external entity reference. Upgrading to version 20221220_1938 is able to address this issue. The name of the patch is 95590db2ad6a582c371273ceab1a73ad6ed47853. It is recommended to upgrade the affected component. The identifier VDB-216997 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "In Talend Open Studio for MDM wurde eine problematische Schwachstelle ausgemacht. Betroffen ist eine unbekannte Verarbeitung der Datei org.talend.mdm.core/src/com/amalto/core/storage/SystemStorageWrapper.java. Dank der Manipulation mit unbekannten Daten kann eine xml external entity reference-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 20221220_1938 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 95590db2ad6a582c371273ceab1a73ad6ed47853 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611 XML External Entity Reference",
"cweId": "CWE-611"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Talend",
"product": {
"product_data": [
{
"product_name": "Open Studio for MDM",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.216997",
"refsource": "MISC",
"name": "https://vuldb.com/?id.216997"
},
{
"url": "https://vuldb.com/?ctiid.216997",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.216997"
},
{
"url": "https://github.com/Talend/tmdm-server-se/pull/1598",
"refsource": "MISC",
"name": "https://github.com/Talend/tmdm-server-se/pull/1598"
},
{
"url": "https://github.com/Talend/tmdm-server-se/commit/95590db2ad6a582c371273ceab1a73ad6ed47853",
"refsource": "MISC",
"name": "https://github.com/Talend/tmdm-server-se/commit/95590db2ad6a582c371273ceab1a73ad6ed47853"
},
{
"url": "https://github.com/Talend/tmdm-server-se/releases/tag/snap%2Fmaster%2F20221220_1938",
"refsource": "MISC",
"name": "https://github.com/Talend/tmdm-server-se/releases/tag/snap%2Fmaster%2F20221220_1938"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.5,
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.5,
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
}
]
}
}

94
2022/4xxx/CVE-2022-4819.json Normal file
View File

@ -0,0 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-4819",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in HotCRP. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is d4ffdb0ef806453c54ddca7fdda3e5c60356285c. It is recommended to apply a patch to fix this issue. VDB-216998 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Eine problematische Schwachstelle wurde in HotCRP ausgemacht. Betroffen davon ist ein unbekannter Prozess. Dank Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Patch wird als d4ffdb0ef806453c54ddca7fdda3e5c60356285c bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "HotCRP",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.216998",
"refsource": "MISC",
"name": "https://vuldb.com/?id.216998"
},
{
"url": "https://vuldb.com/?ctiid.216998",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.216998"
},
{
"url": "https://github.com/kohler/hotcrp/commit/d4ffdb0ef806453c54ddca7fdda3e5c60356285c",
"refsource": "MISC",
"name": "https://github.com/kohler/hotcrp/commit/d4ffdb0ef806453c54ddca7fdda3e5c60356285c"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 2.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 2.4,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
}
]
}
}

99
2022/4xxx/CVE-2022-4820.json Normal file
View File

@ -0,0 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-4820",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as problematic has been found in FlatPress. This affects an unknown part of the file admin/panels/entry/admin.entry.list.php of the component Admin Area. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is 229752b51025e678370298284d42f8ebb231f67f. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216999."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in FlatPress entdeckt. Sie wurde als problematisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei admin/panels/entry/admin.entry.list.php der Komponente Admin Area. Mit der Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Patch wird als 229752b51025e678370298284d42f8ebb231f67f bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "FlatPress",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.216999",
"refsource": "MISC",
"name": "https://vuldb.com/?id.216999"
},
{
"url": "https://vuldb.com/?ctiid.216999",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.216999"
},
{
"url": "https://github.com/flatpressblog/flatpress/issues/180",
"refsource": "MISC",
"name": "https://github.com/flatpressblog/flatpress/issues/180"
},
{
"url": "https://github.com/flatpressblog/flatpress/commit/229752b51025e678370298284d42f8ebb231f67f",
"refsource": "MISC",
"name": "https://github.com/flatpressblog/flatpress/commit/229752b51025e678370298284d42f8ebb231f67f"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
}
]
}
}

99
2022/4xxx/CVE-2022-4821.json Normal file
View File

@ -0,0 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-4821",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as problematic was found in FlatPress. This vulnerability affects the function onupload of the file admin/panels/uploader/admin.uploader.php of the component XML File Handler/MD File Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 3cc223dec5260e533a84b5cf5780d3a4fbf21241. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217000."
},
{
"lang": "deu",
"value": "In FlatPress wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Es geht um die Funktion onupload der Datei admin/panels/uploader/admin.uploader.php der Komponente XML File Handler/MD File Handler. Durch die Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Patch wird als 3cc223dec5260e533a84b5cf5780d3a4fbf21241 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "FlatPress",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.217000",
"refsource": "MISC",
"name": "https://vuldb.com/?id.217000"
},
{
"url": "https://vuldb.com/?ctiid.217000",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.217000"
},
{
"url": "https://github.com/flatpressblog/flatpress/issues/178",
"refsource": "MISC",
"name": "https://github.com/flatpressblog/flatpress/issues/178"
},
{
"url": "https://github.com/flatpressblog/flatpress/commit/3cc223dec5260e533a84b5cf5780d3a4fbf21241",
"refsource": "MISC",
"name": "https://github.com/flatpressblog/flatpress/commit/3cc223dec5260e533a84b5cf5780d3a4fbf21241"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 2.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 2.4,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
}
]
}
}

99
2022/4xxx/CVE-2022-4822.json Normal file
View File

@ -0,0 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-4822",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as problematic, has been found in FlatPress. This issue affects some unknown processing of the file setup/lib/main.lib.php of the component Setup. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 5f23b4c2eac294cc0ba5e541f83a6f8a26f9fed1. It is recommended to apply a patch to fix this issue. The identifier VDB-217001 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in FlatPress entdeckt. Sie wurde als problematisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei setup/lib/main.lib.php der Komponente Setup. Durch Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Patch wird als 5f23b4c2eac294cc0ba5e541f83a6f8a26f9fed1 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "FlatPress",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.217001",
"refsource": "MISC",
"name": "https://vuldb.com/?id.217001"
},
{
"url": "https://vuldb.com/?ctiid.217001",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.217001"
},
{
"url": "https://github.com/flatpressblog/flatpress/issues/176",
"refsource": "MISC",
"name": "https://github.com/flatpressblog/flatpress/issues/176"
},
{
"url": "https://github.com/flatpressblog/flatpress/commit/5f23b4c2eac294cc0ba5e541f83a6f8a26f9fed1",
"refsource": "MISC",
"name": "https://github.com/flatpressblog/flatpress/commit/5f23b4c2eac294cc0ba5e541f83a6f8a26f9fed1"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 2.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 2.4,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
}
]
}
}

94
2022/4xxx/CVE-2022-4823.json Normal file
View File

@ -0,0 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-4823",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as problematic, was found in InSTEDD Nuntium. Affected is an unknown function of the file app/controllers/geopoll_controller.rb. The manipulation of the argument signature leads to observable timing discrepancy. It is possible to launch the attack remotely. The name of the patch is 77236f7fd71a0e2eefeea07f9866b069d612cf0d. It is recommended to apply a patch to fix this issue. VDB-217002 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in InSTEDD Nuntium gefunden. Sie wurde als problematisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei app/controllers/geopoll_controller.rb. Mittels dem Manipulieren des Arguments signature mit unbekannten Daten kann eine observable timing discrepancy-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Patch wird als 77236f7fd71a0e2eefeea07f9866b069d612cf0d bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-208 Observable Timing Discrepancy",
"cweId": "CWE-208"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "InSTEDD",
"product": {
"product_data": [
{
"product_name": "Nuntium",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.217002",
"refsource": "MISC",
"name": "https://vuldb.com/?id.217002"
},
{
"url": "https://vuldb.com/?ctiid.217002",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.217002"
},
{
"url": "https://github.com/instedd/nuntium/commit/77236f7fd71a0e2eefeea07f9866b069d612cf0d",
"refsource": "MISC",
"name": "https://github.com/instedd/nuntium/commit/77236f7fd71a0e2eefeea07f9866b069d612cf0d"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.1,
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "LOW"
}
]
}
}