admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-05-17 18:02:08 +00:00
parent 3984f21e2d
commit a5cd09765d
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
17 changed files with 548 additions and 113 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

171
2022/0xxx/CVE-2022-0764.json
View File

@ -1,89 +1,94 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0764",
"STATE": "PUBLIC",
"TITLE": "Arbitrary Command Injection in strapi/strapi"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "strapi/strapi",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "4.1.0"
}
]
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0764",
"STATE": "PUBLIC",
"TITLE": "Arbitrary Command Injection in strapi/strapi"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "strapi/strapi",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "4.1.0"
}
]
}
}
]
},
"vendor_name": "strapi"
}
}
]
},
"vendor_name": "strapi"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Arbitrary Command Injection in GitHub repository strapi/strapi prior to 4.1.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command"
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Arbitrary Command Injection in GitHub repository strapi/strapi prior to 4.1.0."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/001d1c29-805a-4035-93bb-71a0e81da3e5",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/001d1c29-805a-4035-93bb-71a0e81da3e5"
},
{
"name": "https://github.com/strapi/strapi/commit/2a3f5e988be6a2c7dae5ac22b9e86d579b462f4c",
"refsource": "MISC",
"url": "https://github.com/strapi/strapi/commit/2a3f5e988be6a2c7dae5ac22b9e86d579b462f4c"
}
]
},
"source": {
"advisory": "001d1c29-805a-4035-93bb-71a0e81da3e5",
"discovery": "EXTERNAL"
}
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/001d1c29-805a-4035-93bb-71a0e81da3e5",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/001d1c29-805a-4035-93bb-71a0e81da3e5"
},
{
"name": "https://github.com/strapi/strapi/commit/2a3f5e988be6a2c7dae5ac22b9e86d579b462f4c",
"refsource": "MISC",
"url": "https://github.com/strapi/strapi/commit/2a3f5e988be6a2c7dae5ac22b9e86d579b462f4c"
},
{
"refsource": "MISC",
"name": "https://github.com/strapi/strapi/issues/12879",
"url": "https://github.com/strapi/strapi/issues/12879"
}
]
},
"source": {
"advisory": "001d1c29-805a-4035-93bb-71a0e81da3e5",
"discovery": "EXTERNAL"
}
}

70
2022/1xxx/CVE-2022-1706.json
View File

@ -4,14 +4,78 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1706",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "coreos/ignition",
"version": {
"version_data": [
{
"version_value": "Fixed in coreos/ignition v2.14.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2082274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082274"
},
{
"refsource": "MISC",
"name": "https://github.com/coreos/ignition/issues/1300",
"url": "https://github.com/coreos/ignition/issues/1300"
},
{
"refsource": "MISC",
"name": "https://github.com/coreos/ignition/issues/1315",
"url": "https://github.com/coreos/ignition/issues/1315"
},
{
"refsource": "MISC",
"name": "https://github.com/coreos/ignition/pull/1350",
"url": "https://github.com/coreos/ignition/pull/1350"
},
{
"refsource": "MISC",
"name": "https://github.com/coreos/ignition/commit/4b70b44b430ecf8377a276e89b5acd3a6957d4ea",
"url": "https://github.com/coreos/ignition/commit/4b70b44b430ecf8377a276e89b5acd3a6957d4ea"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where the Ignition config contains secrets. The highest threat from this vulnerability is to data confidentiality. Possible workaround is to not put secrets in the Ignition config."
}
]
}

50
2022/23xxx/CVE-2022-23669.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-23669",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-alert@hpe.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Aruba ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote authorization bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-007.txt",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-007.txt"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A remote authorization bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability."
}
]
}

50
2022/23xxx/CVE-2022-23671.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-23671",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-alert@hpe.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Aruba ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote authenticated information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-007.txt",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-007.txt"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A remote authenticated information disclosure vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability."
}
]
}

50
2022/23xxx/CVE-2022-23672.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-23672",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-alert@hpe.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Aruba ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "authenticated remote command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-007.txt",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-007.txt"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability."
}
]
}

50
2022/23xxx/CVE-2022-23673.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-23673",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-alert@hpe.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Aruba ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "authenticated remote command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-007.txt",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-007.txt"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability."
}
]
}

50
2022/23xxx/CVE-2022-23675.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-23675",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-alert@hpe.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Aruba ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote authenticated stored cross-site scripting (xss)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-007.txt",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-007.txt"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability."
}
]
}

61
2022/24xxx/CVE-2022-24611.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-24611",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-24611",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Denial of Service (DoS) in the Z-Wave S0 NonceGet protocol specification in Silicon Labs Z-Wave 500 series allows local attackers to block S0/S2 protected Z-Wave network via crafted S0 NonceGet Z-Wave packages, utilizing included but absent NodeIDs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://z-wave.com",
"refsource": "MISC",
"name": "http://z-wave.com"
},
{
"refsource": "MISC",
"name": "https://github.com/ITSecLab-HSEL/CVE-2022-24611",
"url": "https://github.com/ITSecLab-HSEL/CVE-2022-24611"
}
]
}

5
2022/24xxx/CVE-2022-24681.json
View File

@ -61,6 +61,11 @@
"refsource": "CONFIRM",
"name": "https://www.manageengine.com/products/self-service-password/kb/CVE-2022-24681.html",
"url": "https://www.manageengine.com/products/self-service-password/kb/CVE-2022-24681.html"
},
{
"refsource": "MISC",
"name": "https://raxis.com/blog/cve-2022-24681",
"url": "https://raxis.com/blog/cve-2022-24681"
}
]
}

5
2022/30xxx/CVE-2022-30040.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/Le1a/Tenda-AX1803-Denial-of-service",
"refsource": "MISC",
"name": "https://github.com/Le1a/Tenda-AX1803-Denial-of-service"
},
{
"refsource": "MISC",
"name": "https://github.com/Le1a/CVE-2022-30040",
"url": "https://github.com/Le1a/CVE-2022-30040"
}
]
}

56
2022/30xxx/CVE-2022-30689.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-30689",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-30689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://discuss.hashicorp.com",
"refsource": "MISC",
"name": "https://discuss.hashicorp.com"
}
]
}

5
2022/30xxx/CVE-2022-30946.json
View File

@ -65,6 +65,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2116",
"url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2116",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220517 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/05/17/8"
}
]
}

5
2022/30xxx/CVE-2022-30948.json
View File

@ -61,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2478",
"url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2478",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220517 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/05/17/8"
}
]
}

5
2022/30xxx/CVE-2022-30949.json
View File

@ -57,6 +57,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2478",
"url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2478",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220517 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/05/17/8"
}
]
}

5
2022/30xxx/CVE-2022-30952.json
View File

@ -61,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-714",
"url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-714",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220517 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/05/17/8"
}
]
}

5
2022/30xxx/CVE-2022-30954.json
View File

@ -61,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2502",
"url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2502",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220517 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/05/17/8"
}
]
}

18
2022/30xxx/CVE-2022-30973.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-30973",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}