admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-07-20 19:00:47 +00:00
parent 3ae7dd6412
commit a6a3c61faa
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
21 changed files with 458 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
2020/21xxx/CVE-2020-21405.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-21405",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-21405",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in H96 Smart TV Box H96 Pro Plus allows attackers to corrupt files via calls to the saveDeepColorAttr service.unk"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/helloworldxp/TVBoxBugs/blob/master/H96_Pro_Plus_SmartTV_Vulnerability",
"refsource": "MISC",
"name": "https://github.com/helloworldxp/TVBoxBugs/blob/master/H96_Pro_Plus_SmartTV_Vulnerability"
}
]
}

56
2020/21xxx/CVE-2020-21406.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-21406",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-21406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in RK Smart TV Box MAX and V88 SmartTV box that allows attackers to cause a denial of service via the switchNextDisplayInterface service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/helloworldxp/TVBoxBugs/blob/master/RK_MAX_V88_SmartTV_Vulnerability",
"refsource": "MISC",
"name": "https://github.com/helloworldxp/TVBoxBugs/blob/master/RK_MAX_V88_SmartTV_Vulnerability"
}
]
}

5
2021/28xxx/CVE-2021-28544.json
View File

@ -84,6 +84,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2022-2af658b090",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PZ4ARNGLMGYBKYDX2B7DRBNMF6EH3A6R/"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT213345",
"url": "https://support.apple.com/kb/HT213345"
}
]
},

93
2021/36xxx/CVE-2021-36849.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-06-16T15:39:00.000Z",
"ID": "CVE-2021-36849",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress Social Media Share Buttons plugin <= 3.8.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Social Media Share Buttons | MashShare (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 3.8.1",
"version_value": "3.8.1"
}
]
}
}
]
},
"vendor_name": "Ren\u00e9 Hermenau"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Asif Nawaz Minhas (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ren\u00e9 Hermenau's Social Media Share Buttons plugin <= 3.8.1 at WordPress."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://patchstack.com/database/vulnerability/mashsharer/wordpress-social-media-share-buttons-plugin-3-8-1-authenticated-stored-cross-site-scripting-xss-vulnerability",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/mashsharer/wordpress-social-media-share-buttons-plugin-3-8-1-authenticated-stored-cross-site-scripting-xss-vulnerability"
},
{
"name": "https://wordpress.org/plugins/mashsharer/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/mashsharer/#developers"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

5
2021/4xxx/CVE-2021-4136.json
View File

@ -114,6 +114,11 @@
"refsource": "FULLDISC",
"name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT213343",
"url": "https://support.apple.com/kb/HT213343"
}
]
},

5
2021/4xxx/CVE-2021-4166.json
View File

@ -114,6 +114,11 @@
"refsource": "FULLDISC",
"name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT213343",
"url": "https://support.apple.com/kb/HT213343"
}
]
},

5
2021/4xxx/CVE-2021-4173.json
View File

@ -114,6 +114,11 @@
"refsource": "FULLDISC",
"name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT213343",
"url": "https://support.apple.com/kb/HT213343"
}
]
},

5
2021/4xxx/CVE-2021-4187.json
View File

@ -114,6 +114,11 @@
"refsource": "FULLDISC",
"name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT213343",
"url": "https://support.apple.com/kb/HT213343"
}
]
},

5
2021/4xxx/CVE-2021-4192.json
View File

@ -114,6 +114,11 @@
"refsource": "FULLDISC",
"name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT213343",
"url": "https://support.apple.com/kb/HT213343"
}
]
},

5
2021/4xxx/CVE-2021-4193.json
View File

@ -114,6 +114,11 @@
"refsource": "FULLDISC",
"name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT213343",
"url": "https://support.apple.com/kb/HT213343"
}
]
},

5
2022/0xxx/CVE-2022-0128.json
View File

@ -104,6 +104,11 @@
"refsource": "FULLDISC",
"name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT213343",
"url": "https://support.apple.com/kb/HT213343"
}
]
},

5
2022/0xxx/CVE-2022-0156.json
View File

@ -104,6 +104,11 @@
"refsource": "FULLDISC",
"name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
"url": "http://seclists.org/fulldisclosure/2022/Mar/29"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT213344",
"url": "https://support.apple.com/kb/HT213344"
}
]
},

5
2022/0xxx/CVE-2022-0158.json
View File

@ -104,6 +104,11 @@
"refsource": "FULLDISC",
"name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
"url": "http://seclists.org/fulldisclosure/2022/Mar/29"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT213344",
"url": "https://support.apple.com/kb/HT213344"
}
]
},

5
2022/24xxx/CVE-2022-24070.json
View File

@ -94,6 +94,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2022-2af658b090",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PZ4ARNGLMGYBKYDX2B7DRBNMF6EH3A6R/"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT213345",
"url": "https://support.apple.com/kb/HT213345"
}
]
},

5
2022/26xxx/CVE-2022-26704.json
View File

@ -49,6 +49,11 @@
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213257",
"name": "https://support.apple.com/en-us/HT213257"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT213343",
"url": "https://support.apple.com/kb/HT213343"
}
]
},

5
2022/26xxx/CVE-2022-26768.json
View File

@ -97,6 +97,11 @@
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213257",
"name": "https://support.apple.com/en-us/HT213257"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT213346",
"url": "https://support.apple.com/kb/HT213346"
}
]
},

10
2022/26xxx/CVE-2022-26981.json
View File

@ -61,6 +61,16 @@
"refsource": "FEDORA",
"name": "FEDORA-2022-81110193e5",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFD2KIHESDUCNWTEW3USFB5GKTWT624L/"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT213340",
"url": "https://support.apple.com/kb/HT213340"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT213345",
"url": "https://support.apple.com/kb/HT213345"
}
]
}

5
2022/29xxx/CVE-2022-29046.json
View File

@ -57,6 +57,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2617",
"url": "https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2617",
"refsource": "CONFIRM"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT213345",
"url": "https://support.apple.com/kb/HT213345"
}
]
}

5
2022/29xxx/CVE-2022-29048.json
View File

@ -57,6 +57,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2075",
"url": "https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2075",
"refsource": "CONFIRM"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT213345",
"url": "https://support.apple.com/kb/HT213345"
}
]
}

99
2022/29xxx/CVE-2022-29454.json
View File

@ -1,18 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-01-18T13:40:00.000Z",
"ID": "CVE-2022-29454",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress Better Messages plugin <= 1.9.9.148 - Cross-Site Request Forgery (CSRF) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Better Messages (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 1.9.9.148",
"version_value": "1.9.9.148"
}
]
}
}
]
},
"vendor_name": "WordPlus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Roldan Brandon (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress allows attackers to upload files. File attachment to messages must be activated."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/bp-better-messages/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/bp-better-messages/#developers"
},
{
"name": "https://patchstack.com/database/vulnerability/bp-better-messages/wordpress-better-messages-plugin-1-9-9-148-cross-site-request-forgery-csrf-vulnerability",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/bp-better-messages/wordpress-better-messages-plugin-1-9-9-148-cross-site-request-forgery-csrf-vulnerability"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to 1.9.9.149 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

99
2022/29xxx/CVE-2022-29923.json
View File

@ -1,18 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-05-12T12:59:00.000Z",
"ID": "CVE-2022-29923",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress Quick Restaurant Reservations plugin <= 1.4.1 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Quick Restaurant Reservations (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 1.4.1",
"version_value": "1.4.1"
}
]
}
}
]
},
"vendor_name": "ThingsForRestaurants"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by BEE-K (Patchstack)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Authenticated (admin or higher user role) Reflected Cross-Site Scripting (XSS) vulnerability in ThingsForRestaurants Quick Restaurant Reservations plugin <= 1.4.1 at WordPress."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/quick-restaurant-reservations/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/quick-restaurant-reservations/#developers"
},
{
"name": "https://patchstack.com/database/vulnerability/quick-restaurant-reservations/wordpress-quick-restaurant-reservations-plugin-1-4-1-authenticated-reflected-cross-site-scripting-xss-vulnerability",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/quick-restaurant-reservations/wordpress-quick-restaurant-reservations-plugin-1-4-1-authenticated-reflected-cross-site-scripting-xss-vulnerability"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to 1.4.2 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
}
}