admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-04-07 19:01:37 +00:00
parent a332823165
commit c41d331fae
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
23 changed files with 143 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2021/33xxx/CVE-2021-33527.json
View File

@ -44,7 +44,7 @@
"description_data": [
{
"lang": "eng",
"value": "In MB connect line mbDIALUP versions <= 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running locally with NT AUTHORITY\\SYSTEM that will not correctly validate the input. This \ncan lead to an arbitrary code execution with the privileges of the service."
"value": "In MB connect line mbDIALUP versions <= 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running locally with NT AUTHORITY\\SYSTEM that will not correctly validate the input. This can lead to an arbitrary code execution with the privileges of the service."
}
]
},

71
2021/43xxx/CVE-2021-43432.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-43432",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-43432",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Cross Site Scripting (XSS) vulnerability exists in Exrick XMall Admin Panel as of 11/7/2021 via the GET parameter in product-add.jsp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://exrick.com",
"refsource": "MISC",
"name": "http://exrick.com"
},
{
"url": "https://github.com/Exrick/xmall",
"refsource": "MISC",
"name": "https://github.com/Exrick/xmall"
},
{
"url": "https://github.com/Exrick/xmall/blob/b146cceb21ca42d4237f31dbd7af5ced49048a56/xmall-manager-web/src/main/webapp/WEB-INF/jsp/product-add.jsp#L38",
"refsource": "MISC",
"name": "https://github.com/Exrick/xmall/blob/b146cceb21ca42d4237f31dbd7af5ced49048a56/xmall-manager-web/src/main/webapp/WEB-INF/jsp/product-add.jsp#L38"
},
{
"url": "https://github.com/Exrick/xmall/blob/b146cceb21ca42d4237f31dbd7af5ced49048a56/xmall-manager-web/src/main/webapp/WEB-INF/jsp/product-add.jsp#L4",
"refsource": "MISC",
"name": "https://github.com/Exrick/xmall/blob/b146cceb21ca42d4237f31dbd7af5ced49048a56/xmall-manager-web/src/main/webapp/WEB-INF/jsp/product-add.jsp#L4"
}
]
}

9
2022/0xxx/CVE-2022-0677.json
View File

@ -70,7 +70,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper Handling of Length Parameter Inconsistency vulnerability in the Update Server component of Bitdefender Endpoint Security Tools (in relay role), GravityZone (in Update Server role) allows an attacker to cause a Denial-of-Service.\nThis issue affects:\nBitdefender Update Server versions prior to 3.4.0.276.\nBitdefender GravityZone versions prior to 26.4-1.\nBitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.171.\nBitdefender Endpoint Security Tools for Windows versions prior to 7.4.1.111."
"value": "Improper Handling of Length Parameter Inconsistency vulnerability in the Update Server component of Bitdefender Endpoint Security Tools (in relay role), GravityZone (in Update Server role) allows an attacker to cause a Denial-of-Service. This issue affects: Bitdefender Update Server versions prior to 3.4.0.276. Bitdefender GravityZone versions prior to 26.4-1. Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.171. Bitdefender Endpoint Security Tools for Windows versions prior to 7.4.1.111."
}
]
},
@ -108,8 +108,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.bitdefender.com/support/security-advisories/improper-handling-of-length-parameter-inconsistency-vulnerability-in-bitdefender-update-server-va-10144"
"refsource": "MISC",
"url": "https://www.bitdefender.com/support/security-advisories/improper-handling-of-length-parameter-inconsistency-vulnerability-in-bitdefender-update-server-va-10144",
"name": "https://www.bitdefender.com/support/security-advisories/improper-handling-of-length-parameter-inconsistency-vulnerability-in-bitdefender-update-server-va-10144"
}
]
},
@ -125,4 +126,4 @@
],
"discovery": "EXTERNAL"
}
}
}

7
2022/22xxx/CVE-2022-22513.json
View File

@ -278,7 +278,7 @@
"description_data": [
{
"lang": "eng",
"value": "An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash. "
"value": "An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash."
}
]
},
@ -316,8 +316,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17093&token=15cd8424832ea10dcd4873a409a09a539ee381ca&download="
"refsource": "MISC",
"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17093&token=15cd8424832ea10dcd4873a409a09a539ee381ca&download=",
"name": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17093&token=15cd8424832ea10dcd4873a409a09a539ee381ca&download="
}
]
},

5
2022/22xxx/CVE-2022-22514.json
View File

@ -316,8 +316,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17093&token=15cd8424832ea10dcd4873a409a09a539ee381ca&download="
"refsource": "MISC",
"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17093&token=15cd8424832ea10dcd4873a409a09a539ee381ca&download=",
"name": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17093&token=15cd8424832ea10dcd4873a409a09a539ee381ca&download="
}
]
},

5
2022/22xxx/CVE-2022-22515.json
View File

@ -280,8 +280,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17089&token=cc5041e24fc744a397a6f6e3b78200a40e6fcd53&download="
"refsource": "MISC",
"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17089&token=cc5041e24fc744a397a6f6e3b78200a40e6fcd53&download=",
"name": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17089&token=cc5041e24fc744a397a6f6e3b78200a40e6fcd53&download="
}
]
},

5
2022/22xxx/CVE-2022-22516.json
View File

@ -112,8 +112,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17090&token=6cd08b169916366df31388d2e7ba58e7bce93508&download="
"refsource": "MISC",
"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17090&token=6cd08b169916366df31388d2e7ba58e7bce93508&download=",
"name": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17090&token=6cd08b169916366df31388d2e7ba58e7bce93508&download="
}
]
},

5
2022/22xxx/CVE-2022-22517.json
View File

@ -340,8 +340,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17091&token=c450f8bbbd838c647d102f359356386c6ea5aeca&download="
"refsource": "MISC",
"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17091&token=c450f8bbbd838c647d102f359356386c6ea5aeca&download=",
"name": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17091&token=c450f8bbbd838c647d102f359356386c6ea5aeca&download="
}
]
},

5
2022/22xxx/CVE-2022-22518.json
View File

@ -184,8 +184,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17092&token=a556b1695843bb42084dc63d5bdf553ca02ea393&download="
"refsource": "MISC",
"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17092&token=a556b1695843bb42084dc63d5bdf553ca02ea393&download=",
"name": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17092&token=a556b1695843bb42084dc63d5bdf553ca02ea393&download="
}
]
},

5
2022/22xxx/CVE-2022-22519.json
View File

@ -268,8 +268,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17094&token=2fb188e2213c74194e81ba61ff99f1c68602ba4d&download="
"refsource": "MISC",
"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17094&token=2fb188e2213c74194e81ba61ff99f1c68602ba4d&download=",
"name": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17094&token=2fb188e2213c74194e81ba61ff99f1c68602ba4d&download="
}
]
},

7
2022/23xxx/CVE-2022-23970.json
View File

@ -44,7 +44,7 @@
"description_data": [
{
"lang": "eng",
"value": "ASUS RT-AX56Us update_json function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another file with the same file name, which results in service disruption."
"value": "ASUS RT-AX56U\u2019s update_json function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another file with the same file name, which results in service disruption."
}
]
},
@ -82,8 +82,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/tw/cp-132-5784-68aa3-1.html"
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-5784-68aa3-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-5784-68aa3-1.html"
}
]
},

7
2022/23xxx/CVE-2022-23971.json
View File

@ -44,7 +44,7 @@
"description_data": [
{
"lang": "eng",
"value": "ASUS RT-AX56Us update_PLC/PORT file has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another PLC/PORT file with the same file name, which results in service disruption. "
"value": "ASUS RT-AX56U\u2019s update_PLC/PORT file has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another PLC/PORT file with the same file name, which results in service disruption."
}
]
},
@ -82,8 +82,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/tw/cp-132-5785-cf8db-1.html"
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-5785-cf8db-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-5785-cf8db-1.html"
}
]
},

7
2022/23xxx/CVE-2022-23972.json
View File

@ -44,7 +44,7 @@
"description_data": [
{
"lang": "eng",
"value": "ASUS RT-AX56Us SQL handling function has an SQL injection vulnerability due to insufficient user input validation. An unauthenticated LAN attacker to inject arbitrary SQL code to read, modify and delete database."
"value": "ASUS RT-AX56U\u2019s SQL handling function has an SQL injection vulnerability due to insufficient user input validation. An unauthenticated LAN attacker to inject arbitrary SQL code to read, modify and delete database."
}
]
},
@ -82,8 +82,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/tw/cp-132-5786-d2e86-1.html"
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-5786-d2e86-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-5786-d2e86-1.html"
}
]
},

7
2022/23xxx/CVE-2022-23973.json
View File

@ -44,7 +44,7 @@
"description_data": [
{
"lang": "eng",
"value": "ASUS RT-AX56Us user profile configuration function is vulnerable to stack-based buffer overflow due to insufficient validation for parameter length. An unauthenticated LAN attacker can execute arbitrary code to perform arbitrary operations or disrupt service."
"value": "ASUS RT-AX56U\u2019s user profile configuration function is vulnerable to stack-based buffer overflow due to insufficient validation for parameter length. An unauthenticated LAN attacker can execute arbitrary code to perform arbitrary operations or disrupt service."
}
]
},
@ -82,8 +82,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/tw/cp-132-5787-b0e64-1.html"
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-5787-b0e64-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-5787-b0e64-1.html"
}
]
},

7
2022/25xxx/CVE-2022-25594.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "Microprograms parking lot management system is vulnerable to sensitive information exposure. An unauthorized remote attacker can input specific URLs to acquire partial system configuration information."
"value": "Microprogram\u2019s parking lot management system is vulnerable to sensitive information exposure. An unauthorized remote attacker can input specific URLs to acquire partial system configuration information."
}
]
},
@ -76,8 +76,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/tw/cp-132-5973-6b449-1.html"
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-5973-6b449-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-5973-6b449-1.html"
}
]
},

5
2022/25xxx/CVE-2022-25595.json
View File

@ -76,8 +76,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/tw/cp-132-5792-3f3f5-1.html"
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-5792-3f3f5-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-5792-3f3f5-1.html"
}
]
},

7
2022/25xxx/CVE-2022-25596.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "ASUS RT-AC56Us configuration function has a heap-based buffer overflow vulnerability due to insufficient validation for the decryption parameter length, which allows an unauthenticated LAN attacker to execute arbitrary code, perform arbitrary operations and disrupt service."
"value": "ASUS RT-AC56U\u2019s configuration function has a heap-based buffer overflow vulnerability due to insufficient validation for the decryption parameter length, which allows an unauthenticated LAN attacker to execute arbitrary code, perform arbitrary operations and disrupt service."
}
]
},
@ -76,8 +76,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/tw/cp-132-5793-4f9d3-1.html"
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-5793-4f9d3-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-5793-4f9d3-1.html"
}
]
},

7
2022/25xxx/CVE-2022-25597.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "ASUS RT-AC86Us LPD service has insufficient filtering for special characters in the user request, which allows an unauthenticated LAN attacker to perform command injection attack, execute arbitrary commands and disrupt or terminate service."
"value": "ASUS RT-AC86U\u2019s LPD service has insufficient filtering for special characters in the user request, which allows an unauthenticated LAN attacker to perform command injection attack, execute arbitrary commands and disrupt or terminate service."
}
]
},
@ -76,8 +76,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/tw/cp-132-5794-09c33-1.html"
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-5794-09c33-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-5794-09c33-1.html"
}
]
},

11
2022/26xxx/CVE-2022-26612.json
View File

@ -49,7 +49,7 @@
"credit": [
{
"lang": "eng",
"value": "This issue was reported by a member of GitHub Security Lab, Jaroslav Lobačevski (https://github.com/JarLob)."
"value": "This issue was reported by a member of GitHub Security Lab, Jaroslav Loba\u010devski (https://github.com/JarLob)."
}
],
"data_format": "MITRE",
@ -59,7 +59,7 @@
"description_data": [
{
"lang": "eng",
"value": "In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an arbitrary file into the external directory using the symlink name. This however would be caught by the same targetDirPath check on Unix because of the getCanonicalPath call. However on Windows, getCanonicalPath doesn't resolve symbolic links, which bypasses the check. unpackEntries during TAR extraction follows symbolic links which allows writing outside expected base directory on Windows.\n\nThis was addressed in Apache Hadoop 3.2.3"
"value": "In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an arbitrary file into the external directory using the symlink name. This however would be caught by the same targetDirPath check on Unix because of the getCanonicalPath call. However on Windows, getCanonicalPath doesn't resolve symbolic links, which bypasses the check. unpackEntries during TAR extraction follows symbolic links which allows writing outside expected base directory on Windows. This was addressed in Apache Hadoop 3.2.3"
}
]
},
@ -86,8 +86,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://lists.apache.org/thread/hslo7wzw2449gv1jyjk8g6ttd7935fyz"
"refsource": "MISC",
"url": "https://lists.apache.org/thread/hslo7wzw2449gv1jyjk8g6ttd7935fyz",
"name": "https://lists.apache.org/thread/hslo7wzw2449gv1jyjk8g6ttd7935fyz"
}
]
},
@ -136,4 +137,4 @@
"value": "Announcement review by the reporter completed."
}
]
}
}

5
2022/26xxx/CVE-2022-26670.json
View File

@ -76,8 +76,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/tw/cp-132-5972-c259e-1.html"
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-5972-c259e-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-5972-c259e-1.html"
}
]
},

7
2022/26xxx/CVE-2022-26671.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "Taiwan Secom Dr.ID Access Control systems login page has a hard-coded credential in the source code. An unauthenticated remote attacker can use the hard-coded credential to acquire partial system information and modify system setting to cause partial disrupt of service."
"value": "Taiwan Secom Dr.ID Access Control system\u2019s login page has a hard-coded credential in the source code. An unauthenticated remote attacker can use the hard-coded credential to acquire partial system information and modify system setting to cause partial disrupt of service."
}
]
},
@ -76,8 +76,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/tw/cp-132-5971-b691f-1.html"
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-5971-b691f-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-5971-b691f-1.html"
}
]
},

5
2022/26xxx/CVE-2022-26675.json
View File

@ -76,8 +76,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/tw/cp-132-5969-a5d4a-1.html"
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-5969-a5d4a-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-5969-a5d4a-1.html"
}
]
},

5
2022/26xxx/CVE-2022-26676.json
View File

@ -76,8 +76,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/tw/cp-132-5970-2f405-1.html"
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-5970-2f405-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-5970-2f405-1.html"
}
]
},