admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-10-17 19:00:40 +00:00
parent c9e37074ed
commit bb44323d60
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
6 changed files with 145 additions and 105 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

180
2022/32xxx/CVE-2022-32176.json
View File

@ -1,83 +1,103 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vulnerabilitylab@mend.io",
"ID" : "CVE-2022-32176",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "Oct 11, 2022, 12:00:00 AM",
"TITLE" : "Gin-vue-admin - Unrestricted File Upload"
},
"affects" : {
"vendor" : {
"vendor_data" : [ {
"vendor_name" : "gin-vue-admin",
"product" : {
"product_data" : [ {
"product_name" : "gin-vue-admin",
"version" : {
"version_data" : [ {
"version_value" : "v2.5.1",
"version_affected" : ">="
}, {
"version_value" : "v2.5.3b",
"version_affected" : "<="
} ]
}
} ]
"CVE_data_meta": {
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"ID": "CVE-2022-32176",
"STATE": "PUBLIC",
"DATE_PUBLIC": "Oct 11, 2022, 12:00:00 AM",
"TITLE": "Gin-vue-admin - Unrestricted File Upload"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gin-vue-admin",
"product": {
"product_data": [
{
"product_name": "gin-vue-admin",
"version": {
"version_data": [
{
"version_value": "v2.5.1",
"version_affected": ">="
},
{
"version_value": "v2.5.3b",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
} ]
},
"credit": [
{
"lang": "eng",
"value": "Mend Vulnerability Research Team (MVR)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In \"Gin-Vue-Admin\", versions v2.5.1 through v2.5.3b are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the \"Compress Upload\" functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the admin's cookie leading to account takeover."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"version": 3.1,
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.mend.io/vulnerability-database/CVE-2022-32176",
"name": "https://www.mend.io/vulnerability-database/CVE-2022-32176"
},
{
"refsource": "MISC",
"url": "https://github.com/flipped-aurora/gin-vue-admin/blob/v2.5.3beta/web/src/components/upload/image.vue#L43-L49",
"name": "https://github.com/flipped-aurora/gin-vue-admin/blob/v2.5.3beta/web/src/components/upload/image.vue#L43-L49"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"source": {
"advisory": "https://www.mend.io/vulnerability-database/",
"discovery": "UNKNOWN"
}
},
"credit" : [ {
"lang" : "eng",
"value" : "Mend Vulnerability Research Team (MVR)"
} ],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [ {
"lang" : "eng",
"value" : "In \"Gin-Vue-Admin\", versions v2.5.1 through v2.5.3b are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the \"Compress Upload\" functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the admin's cookie leading to account takeover."
} ]
},
"generator" : {
"engine" : "Vulnogram 0.0.9"
},
"impact" : {
"cvss" : {
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "LOW",
"scope" : "CHANGED",
"userInteraction" : "REQUIRED",
"version" : 3.1,
"baseScore" : 9.0,
"baseSeverity" : "CRITICAL"
}
},
"references" : {
"reference_data" : [ {
"refsource" : "MISC",
"url" : "https://www.mend.io/vulnerability-database/CVE-2022-32176"
}, {
"refsource" : "CONFIRM",
"url" : "https://github.com/flipped-aurora/gin-vue-admin/blob/v2.5.3beta/web/src/components/upload/image.vue#L43-L49"
} ]
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "eng",
"value" : "CWE-434 Unrestricted Upload of File with Dangerous Type"
} ]
} ]
},
"source" : {
"advisory" : "https://www.mend.io/vulnerability-database/",
"discovery" : "UNKNOWN"
}
}
}

14
2022/3xxx/CVE-2022-3563.json
View File

@ -22,7 +22,7 @@
"version": {
"version_data": [
{
"version_value": "n\/a"
"version_value": "n/a"
}
]
}
@ -49,7 +49,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function read_50_controller_cap_complete of the file tools\/mgmt-tester.c of the component BlueZ. The manipulation of the argument cap_len leads to null pointer dereference. It is recommended to apply a patch to fix this issue. VDB-211086 is the identifier assigned to this vulnerability."
"value": "A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function read_50_controller_cap_complete of the file tools/mgmt-tester.c of the component BlueZ. The manipulation of the argument cap_len leads to null pointer dereference. It is recommended to apply a patch to fix this issue. VDB-211086 is the identifier assigned to this vulnerability."
}
]
},
@ -57,16 +57,20 @@
"cvss": {
"version": "3.1",
"baseScore": "3.5",
"vectorString": "CVSS:3.1\/AV:A\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:L"
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/git.kernel.org\/pub\/scm\/bluetooth\/bluez.git\/commit\/?id=e3c92f1f786f0b55440bd908b55894d0c792cf0e"
"url": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e3c92f1f786f0b55440bd908b55894d0c792cf0e",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e3c92f1f786f0b55440bd908b55894d0c792cf0e"
},
{
"url": "https:\/\/vuldb.com\/?id.211086"
"url": "https://vuldb.com/?id.211086",
"refsource": "MISC",
"name": "https://vuldb.com/?id.211086"
}
]
}

14
2022/3xxx/CVE-2022-3564.json
View File

@ -22,7 +22,7 @@
"version": {
"version_data": [
{
"version_value": "n\/a"
"version_value": "n/a"
}
]
}
@ -49,7 +49,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net\/bluetooth\/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087."
"value": "A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087."
}
]
},
@ -57,16 +57,20 @@
"cvss": {
"version": "3.1",
"baseScore": "5.5",
"vectorString": "CVSS:3.1\/AV:A\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L"
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/git.kernel.org\/pub\/scm\/linux\/kernel\/git\/bluetooth\/bluetooth-next.git\/commit\/?id=89f9f3cb86b1c63badaf392a83dd661d56cc50b1"
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=89f9f3cb86b1c63badaf392a83dd661d56cc50b1",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=89f9f3cb86b1c63badaf392a83dd661d56cc50b1"
},
{
"url": "https:\/\/vuldb.com\/?id.211087"
"url": "https://vuldb.com/?id.211087",
"refsource": "MISC",
"name": "https://vuldb.com/?id.211087"
}
]
}

14
2022/3xxx/CVE-2022-3565.json
View File

@ -22,7 +22,7 @@
"version": {
"version_data": [
{
"version_value": "n\/a"
"version_value": "n/a"
}
]
}
@ -49,7 +49,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers\/isdn\/mISDN\/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088."
"value": "A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088."
}
]
},
@ -57,16 +57,20 @@
"cvss": {
"version": "3.1",
"baseScore": "4.6",
"vectorString": "CVSS:3.1\/AV:A\/AC:H\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L"
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/git.kernel.org\/pub\/scm\/linux\/kernel\/git\/bluetooth\/bluetooth-next.git\/commit\/?id=2568a7e0832ee30b0a351016d03062ab4e0e0a3f"
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=2568a7e0832ee30b0a351016d03062ab4e0e0a3f",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=2568a7e0832ee30b0a351016d03062ab4e0e0a3f"
},
{
"url": "https:\/\/vuldb.com\/?id.211088"
"url": "https://vuldb.com/?id.211088",
"refsource": "MISC",
"name": "https://vuldb.com/?id.211088"
}
]
}

14
2022/3xxx/CVE-2022-3566.json
View File

@ -22,7 +22,7 @@
"version": {
"version_data": [
{
"version_value": "n\/a"
"version_value": "n/a"
}
]
}
@ -49,7 +49,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcp_getsockopt\/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier VDB-211089 was assigned to this vulnerability."
"value": "A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier VDB-211089 was assigned to this vulnerability."
}
]
},
@ -57,16 +57,20 @@
"cvss": {
"version": "3.1",
"baseScore": "4.6",
"vectorString": "CVSS:3.1\/AV:A\/AC:H\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L"
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/git.kernel.org\/pub\/scm\/linux\/kernel\/git\/stable\/linux.git\/commit\/?id=f49cd2f4d6170d27a2c61f1fecb03d8a70c91f57"
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f49cd2f4d6170d27a2c61f1fecb03d8a70c91f57",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f49cd2f4d6170d27a2c61f1fecb03d8a70c91f57"
},
{
"url": "https:\/\/vuldb.com\/?id.211089"
"url": "https://vuldb.com/?id.211089",
"refsource": "MISC",
"name": "https://vuldb.com/?id.211089"
}
]
}

14
2022/3xxx/CVE-2022-3567.json
View File

@ -22,7 +22,7 @@
"version": {
"version_data": [
{
"version_value": "n\/a"
"version_value": "n/a"
}
]
}
@ -49,7 +49,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6_stream_ops\/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier assigned to this vulnerability."
"value": "A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier assigned to this vulnerability."
}
]
},
@ -57,16 +57,20 @@
"cvss": {
"version": "3.1",
"baseScore": "4.6",
"vectorString": "CVSS:3.1\/AV:A\/AC:H\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L"
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/git.kernel.org\/pub\/scm\/linux\/kernel\/git\/stable\/linux.git\/commit\/?id=364f997b5cfe1db0d63a390fe7c801fa2b3115f6"
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=364f997b5cfe1db0d63a390fe7c801fa2b3115f6",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=364f997b5cfe1db0d63a390fe7c801fa2b3115f6"
},
{
"url": "https:\/\/vuldb.com\/?id.211090"
"url": "https://vuldb.com/?id.211090",
"refsource": "MISC",
"name": "https://vuldb.com/?id.211090"
}
]
}