admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-11-04 00:01:16 +00:00
parent 938bf44381
commit b142266655
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
5 changed files with 180 additions and 175 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
2022/40xxx/CVE-2022-40276.json
View File

@ -1,34 +1,19 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-40276",
"ASSIGNER": "help@fluidattacks.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Zettlr",
"version": {
"version_data": [
{
"version_value": "2.3.0"
}
]
}
}
]
}
}
]
}
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zettlr version 2.3.0 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Zettlr. This is possible because the application does not have a CSP policy (or at least not strict enough) and/or does not properly validate the contents of markdown files before rendering them."
}
]
},
"problemtype": {
"problemtype_data": [
@ -42,25 +27,41 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Zettlr",
"version": {
"version_data": [
{
"version_value": "2.3.0",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/Zettlr/Zettlr",
"refsource": "MISC",
"name": "https://github.com/Zettlr/Zettlr",
"url": "https://github.com/Zettlr/Zettlr"
"name": "https://github.com/Zettlr/Zettlr"
},
{
"url": "https://fluidattacks.com/advisories/avicii/",
"refsource": "MISC",
"name": "https://fluidattacks.com/advisories/avicii/",
"url": "https://fluidattacks.com/advisories/avicii/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zettlr version 2.3.0 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Zettlr. This is possible because the application does not have a CSP policy (or at least not strict enough) and/or does not properly validate the contents of markdown files before rendering them."
"name": "https://fluidattacks.com/advisories/avicii/"
}
]
}

71
2022/41xxx/CVE-2022-41713.json
View File

@ -1,34 +1,19 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-41713",
"ASSIGNER": "help@fluidattacks.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "deep-object-diff",
"version": {
"version_data": [
{
"version_value": "1.1.0"
}
]
}
}
]
}
}
]
}
"description": {
"description_data": [
{
"lang": "eng",
"value": "deep-object-diff version 1.1.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the '__proto__' property to be edited."
}
]
},
"problemtype": {
"problemtype_data": [
@ -42,25 +27,41 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "deep-object-diff",
"version": {
"version_data": [
{
"version_value": "1.1.0",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://fluidattacks.com/advisories/heldens/",
"refsource": "MISC",
"name": "https://fluidattacks.com/advisories/heldens/",
"url": "https://fluidattacks.com/advisories/heldens/"
"name": "https://fluidattacks.com/advisories/heldens/"
},
{
"url": "https://github.com/mattphillips/deep-object-diff",
"refsource": "MISC",
"name": "https://github.com/mattphillips/deep-object-diff",
"url": "https://github.com/mattphillips/deep-object-diff"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "deep-object-diff version 1.1.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the '__proto__' property to be edited."
"name": "https://github.com/mattphillips/deep-object-diff"
}
]
}

71
2022/42xxx/CVE-2022-42745.json
View File

@ -1,34 +1,19 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42745",
"ASSIGNER": "help@fluidattacks.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "CandidATS",
"version": {
"version_data": [
{
"version_value": "3.0.0"
}
]
}
}
]
}
}
]
}
"description": {
"description_data": [
{
"lang": "eng",
"value": "CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This is possible because the application is vulnerable to XXE."
}
]
},
"problemtype": {
"problemtype_data": [
@ -42,25 +27,41 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "CandidATS",
"version": {
"version_data": [
{
"version_value": "3.0.0",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://candidats.net/",
"refsource": "MISC",
"name": "https://candidats.net/",
"url": "https://candidats.net/"
"name": "https://candidats.net/"
},
{
"url": "https://fluidattacks.com/advisories/jcole/",
"refsource": "MISC",
"name": "https://fluidattacks.com/advisories/jcole/",
"url": "https://fluidattacks.com/advisories/jcole/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This is possible because the application is vulnerable to XXE."
"name": "https://fluidattacks.com/advisories/jcole/"
}
]
}

71
2022/42xxx/CVE-2022-42750.json
View File

@ -1,34 +1,19 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42750",
"ASSIGNER": "help@fluidattacks.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "CandidATS",
"version": {
"version_data": [
{
"version_value": "3.0.0"
}
]
}
}
]
}
}
]
}
"description": {
"description_data": [
{
"lang": "eng",
"value": "CandidATS version 3.0.0 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the files uploaded by the user."
}
]
},
"problemtype": {
"problemtype_data": [
@ -42,25 +27,41 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "CandidATS",
"version": {
"version_data": [
{
"version_value": "3.0.0",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://candidats.net/",
"refsource": "MISC",
"name": "https://candidats.net/",
"url": "https://candidats.net/"
"name": "https://candidats.net/"
},
{
"url": "https://fluidattacks.com/advisories/castles/",
"refsource": "MISC",
"name": "https://fluidattacks.com/advisories/castles/",
"url": "https://fluidattacks.com/advisories/castles/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "CandidATS version 3.0.0 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the files uploaded by the user."
"name": "https://fluidattacks.com/advisories/castles/"
}
]
}

71
2022/42xxx/CVE-2022-42753.json
View File

@ -1,34 +1,19 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42753",
"ASSIGNER": "help@fluidattacks.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "SalonERP",
"version": {
"version_data": [
{
"version_value": "3.0.2"
}
]
}
}
]
}
}
]
}
"description": {
"description_data": [
{
"lang": "eng",
"value": "SalonERP version 3.0.2 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the page parameter against XSS attacks."
}
]
},
"problemtype": {
"problemtype_data": [
@ -42,25 +27,41 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "SalonERP",
"version": {
"version_data": [
{
"version_value": "3.0.2",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://salonerp.sourceforge.io/",
"refsource": "MISC",
"name": "https://salonerp.sourceforge.io/",
"url": "https://salonerp.sourceforge.io/"
"name": "https://salonerp.sourceforge.io/"
},
{
"url": "https://fluidattacks.com/advisories/hardway/",
"refsource": "MISC",
"name": "https://fluidattacks.com/advisories/hardway/",
"url": "https://fluidattacks.com/advisories/hardway/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "SalonERP version 3.0.2 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the page parameter against XSS attacks."
"name": "https://fluidattacks.com/advisories/hardway/"
}
]
}