admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-05-10 21:02:19 +00:00
parent c65221ad72
commit b55d263791
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
29 changed files with 4155 additions and 3558 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2021/21xxx/CVE-2021-21480.json
View File

@ -91,6 +91,11 @@
"refsource": "MISC", "refsource": "MISC",
"name": "http://packetstormsecurity.com/files/163164/SAP-XMII-Remote-Code-Execution.html", "name": "http://packetstormsecurity.com/files/163164/SAP-XMII-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/163164/SAP-XMII-Remote-Code-Execution.html" "url": "http://packetstormsecurity.com/files/163164/SAP-XMII-Remote-Code-Execution.html"
},
{
"refsource": "MISC",
"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
} }
] ]
} }

50
2021/39xxx/CVE-2021-39738.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2021-39738", "ID": "CVE-2021-39738",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@android.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-10 Android-11 Android-12 Android-12L"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/aaos/2022-05-01",
"url": "https://source.android.com/security/bulletin/aaos/2022-05-01"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In CarSetings, there is a possible to pair BT device bypassing user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-216190509"
} }
] ]
} }

50
2022/0xxx/CVE-2022-0866.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-0866", "ID": "CVE-2022-0866",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Wildfly",
"version": {
"version_data": [
{
"version_value": "JBoss EAP from 7.1.0 and all versions of WildFly 11+ when Elytron is enabled."
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929#c0",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929#c0"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. In particular, the org.jboss.as.ejb3.component.EJBComponent class has an incomingRunAsIdentity field. This field is used by the org.jboss.as.ejb3.security.RunAsPrincipalInterceptor to keep track of the current identity prior to switching to a new identity created using the RunAs principal. The exploit consist that the EJBComponent#incomingRunAsIdentity field is currently just a SecurityIdentity. This means in a concurrent environment, where multiple users are repeatedly invoking an EJB that is configured with a RunAs principal, it's possible for the wrong the caller principal to be returned from EJBComponent#getCallerPrincipal. Similarly, it's also possible for EJBComponent#isCallerInRole to return the wrong value. Both of these methods rely on incomingRunAsIdentity. Affects all versions of JBoss EAP from 7.1.0 and all versions of WildFly 11+ when Elytron is enabled."
} }
] ]
} }

90
2022/1xxx/CVE-2022-1417.json
View File

@ -4,15 +4,97 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-1417", "ID": "CVE-2022-1417",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@gitlab.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=8.12, <14.8.6"
},
{
"version_value": ">=8.13, <14.9.4"
},
{
"version_value": ">=8.14, <14.10.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper access control in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/297282",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/297282",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/1075586",
"url": "https://hackerone.com/reports/1075586",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1417.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1417.json",
"refsource": "CONFIRM"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 8.13 before 14.9.4, and all versions starting from 8.14 before 14.10.1 allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs"
}
]
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 4.2,
"baseSeverity": "MEDIUM"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks [shells3c](https://hackerone.com/shells3c) for reporting this vulnerability through our HackerOne bug bounty program"
} }
] ]
} }
}

90
2022/1xxx/CVE-2022-1431.json
View File

@ -4,15 +4,97 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-1431", "ID": "CVE-2022-1431",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@gitlab.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=12.10, <14.8.6"
},
{
"version_value": ">=14.9, <14.9.4"
},
{
"version_value": ">=14.10, <14.10.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Uncontrolled resource consumption in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/262724",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/262724",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/996850",
"url": "https://hackerone.com/reports/996850",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1431.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1431.json",
"refsource": "CONFIRM"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious requests to the PyPi API endpoint allowing the attacker to cause uncontrolled resource consumption."
}
]
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 4.2,
"baseSeverity": "MEDIUM"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks [iwis](https://hackerone.com/iwis) for reporting this vulnerability through our HackerOne bug bounty program"
} }
] ]
} }
}

18
2022/1xxx/CVE-2022-1663.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1663",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/1xxx/CVE-2022-1665.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1665",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

50
2022/20xxx/CVE-2022-20117.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-20117", "ID": "CVE-2022-20117",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@android.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android kernel"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/pixel/2022-05-01",
"url": "https://source.android.com/security/bulletin/pixel/2022-05-01"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In (TBD) of (TBD), there is a possible way to decrypt local data encrypted by the GSC due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-217475903References: N/A"
} }
] ]
} }

50
2022/20xxx/CVE-2022-20118.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-20118", "ID": "CVE-2022-20118",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@android.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android kernel"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/pixel/2022-05-01",
"url": "https://source.android.com/security/bulletin/pixel/2022-05-01"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In ion_ioctl and related functions of ion.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205707793References: N/A"
} }
] ]
} }

50
2022/20xxx/CVE-2022-20119.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-20119", "ID": "CVE-2022-20119",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@android.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android kernel"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/pixel/2022-05-01",
"url": "https://source.android.com/security/bulletin/pixel/2022-05-01"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In private_handle_t of mali_gralloc_buffer.h, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-213170715References: N/A"
} }
] ]
} }

50
2022/20xxx/CVE-2022-20120.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-20120", "ID": "CVE-2022-20120",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@android.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android kernel"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/pixel/2022-05-01",
"url": "https://source.android.com/security/bulletin/pixel/2022-05-01"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Product: AndroidVersions: Android kernelAndroid ID: A-203213034References: N/A"
} }
] ]
} }

50
2022/20xxx/CVE-2022-20121.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-20121", "ID": "CVE-2022-20121",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@android.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android kernel"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/pixel/2022-05-01",
"url": "https://source.android.com/security/bulletin/pixel/2022-05-01"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In getNodeValue of USCCDMPlugin.java, there is a possible disclosure of ICCID due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-212573046References: N/A"
} }
] ]
} }

4
2022/21xxx/CVE-2022-21972.json
View File

@ -305,7 +305,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21972" "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21972",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21972"
} }
] ]
}, },

4
2022/21xxx/CVE-2022-21978.json
View File

@ -93,7 +93,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21978" "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21978",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21978"
} }
] ]
}, },

4
2022/22xxx/CVE-2022-22011.json
View File

@ -265,7 +265,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22011" "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22011",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22011"
} }
] ]
}, },

4
2022/22xxx/CVE-2022-22012.json
View File

@ -305,7 +305,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22012" "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22012",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22012"
} }
] ]
}, },

4
2022/22xxx/CVE-2022-22013.json
View File

@ -305,7 +305,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22013" "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22013",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22013"
} }
] ]
}, },

4
2022/22xxx/CVE-2022-22014.json
View File

@ -305,7 +305,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22014" "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22014",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22014"
} }
] ]
}, },

4
2022/22xxx/CVE-2022-22015.json
View File

@ -303,7 +303,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22015" "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22015",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22015"
} }
] ]
}, },

4
2022/22xxx/CVE-2022-22016.json
View File

@ -260,7 +260,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22016" "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22016",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22016"
} }
] ]
}, },

4
2022/22xxx/CVE-2022-22017.json
View File

@ -93,7 +93,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22017" "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22017",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22017"
} }
] ]
}, },

4
2022/22xxx/CVE-2022-22019.json
View File

@ -305,7 +305,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22019" "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22019",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22019"
} }
] ]
}, },

4
2022/22xxx/CVE-2022-22713.json
View File

@ -83,7 +83,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22713" "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22713",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22713"
} }
] ]
}, },

4
2022/23xxx/CVE-2022-23267.json
View File

@ -103,7 +103,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23267" "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23267",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23267"
} }
] ]
}, },

4
2022/23xxx/CVE-2022-23270.json
View File

@ -305,7 +305,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23270" "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23270",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23270"
} }
] ]
}, },

4
2022/23xxx/CVE-2022-23279.json
View File

@ -213,7 +213,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23279" "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23279",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23279"
} }
] ]
}, },

4
2022/24xxx/CVE-2022-24466.json
View File

@ -155,7 +155,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24466" "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24466",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24466"
} }
] ]
}, },

5
2022/28xxx/CVE-2022-28079.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://github.com/erengozaydin/College-Management-System-course_code-SQL-Injection-Authenticated", "name": "https://github.com/erengozaydin/College-Management-System-course_code-SQL-Injection-Authenticated",
"url": "https://github.com/erengozaydin/College-Management-System-course_code-SQL-Injection-Authenticated" "url": "https://github.com/erengozaydin/College-Management-System-course_code-SQL-Injection-Authenticated"
},
{
"refsource": "MISC",
"name": "https://www.nu11secur1ty.com/2022/05/cve-2022-28079.html",
"url": "https://www.nu11secur1ty.com/2022/05/cve-2022-28079.html"
} }
] ]
} }

67
2022/28xxx/CVE-2022-28601.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-28601",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2022-28601",
"STATE": "PUBLIC"
}, },
"description": { "affects": {
"description_data": [ "vendor": {
"vendor_data": [
{ {
"lang": "eng", "product": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Two-Factor Authentication (2FA) bypass vulnerability in \"Simple 2FA Plugin for Moodle\" by LMS Doctor allows remote attackers to overwrite the phone number used for confirmation via the profile.php file. Therefore, allowing them to bypass the phone verification mechanism."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.lmsdoctor.com/simple-2-factor-authentication-plugin-for-moodle",
"refsource": "MISC",
"name": "https://www.lmsdoctor.com/simple-2-factor-authentication-plugin-for-moodle"
},
{
"refsource": "MISC",
"name": "https://github.com/FlaviuPopescu/CVE-2022-28601",
"url": "https://github.com/FlaviuPopescu/CVE-2022-28601"
} }
] ]
} }