admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-12-30 05:58:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-06-09 15:01:53 +00:00
parent f4ab4e3e56
commit c92f4a24d5
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
5 changed files with 211 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
2021/40xxx/CVE-2021-40961.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-40961",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-40961",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://seclists.org/fulldisclosure/2021/Mar/49",
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2021/Mar/49"
},
{
"url": "https://github.com/beerpwn/CVE/blob/master/cms_made_simple_2021/sqli_order_by/CMS-MS-SQLi-report.md",
"refsource": "MISC",
"name": "https://github.com/beerpwn/CVE/blob/master/cms_made_simple_2021/sqli_order_by/CMS-MS-SQLi-report.md"
},
{
"url": "https://packetstormsecurity.com/files/161895/CMS-Made-Simple-2.2.15-SQL-Injection.html",
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/161895/CMS-Made-Simple-2.2.15-SQL-Injection.html"
}
]
}

5
2022/1xxx/CVE-2022-1734.json
View File

@ -53,6 +53,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20220605 Re: Linux kernel: UAF, null-ptr-deref and double-free vulnerabilities in nfcmrvl module",
"url": "http://www.openwall.com/lists/oss-security/2022/06/05/4"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220609 Re: Linux kernel: UAF, null-ptr-deref and double-free vulnerabilities in nfcmrvl module",
"url": "http://www.openwall.com/lists/oss-security/2022/06/09/1"
}
]
},

55
2022/1xxx/CVE-2022-1998.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1998",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Kernel",
"version": {
"version_data": [
{
"version_value": "Linux kernel 5.17-rc3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/notify/fanotify/fanotify_user.c?h=v5.17&id=ee12595147ac1fbfb5bcb23837e26dd58d94b15d",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/notify/fanotify/fanotify_user.c?h=v5.17&id=ee12595147ac1fbfb5bcb23837e26dd58d94b15d"
},
{
"refsource": "MISC",
"name": "https://seclists.org/oss-sec/2022/q1/99",
"url": "https://seclists.org/oss-sec/2022/q1/99"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the system or potentially escalate their privileges on the system."
}
]
}

50
2022/23xxx/CVE-2022-23138.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-23138",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@zte.com.cn",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "MF297D",
"version": {
"version_data": [
{
"version_value": "MF297D_Nordic1_B05"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "cryptographic issues"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024624",
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024624"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ZTE's MF297D product has cryptographic issues vulnerability. Due to the use of weak random values, the security of the device is reduced, and it may face the risk of attack."
}
]
}

50
2022/2xxx/CVE-2022-2035.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2035",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Rustici Software SCORM Engine",
"version": {
"version_data": [
{
"version_value": "< 20.1.45.914, 21.1.x < 21.1.7.219"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2022-21",
"url": "https://www.tenable.com/security/research/tra-2022-21"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A reflected cross-site scripting (XSS) vulnerability exists in the playerConfUrl parameter in the /defaultui/player/modern.html file for SCORM Engine versions < 20.1.45.914, 21.1.x < 21.1.7.219. The issue exists because there are no limitations on the domain or format of the url supplied by the user, allowing an attacker to craft malicious urls which can trigger a reflected XSS payload in the context of a victim's browser."
}
]
}