admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-07-06 12:00:46 +00:00
parent 7f59ebcbb3
commit cf2087ace8
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
10 changed files with 332 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
2022/29xxx/CVE-2022-29858.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Silverstripe silverstripe/assets through 1.10 allows XSS."
"value": "Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content."
}
]
},
@ -71,6 +71,16 @@
"refsource": "MISC",
"name": "https://www.silverstripe.org/download/security-releases/cve-2022-29858",
"url": "https://www.silverstripe.org/download/security-releases/cve-2022-29858"
},
{
"refsource": "MISC",
"name": "https://huntr.dev/bounties/90e17d95-9f2f-44eb-9f26-49fa13a41d5a/",
"url": "https://huntr.dev/bounties/90e17d95-9f2f-44eb-9f26-49fa13a41d5a/"
},
{
"refsource": "MISC",
"name": "https://github.com/silverstripe/silverstripe-assets/commit/5f6a73b010c01587ffbfb954441f6b7cbb54e767",
"url": "https://github.com/silverstripe/silverstripe-assets/commit/5f6a73b010c01587ffbfb954441f6b7cbb54e767"
}
]
}

18
2022/2xxx/CVE-2022-2327.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2327",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

56
2022/30xxx/CVE-2022-30591.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-30591",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-30591",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** DISPUTED ** quic-go through 0.27.0 allows remote attackers to cause a denial of service (CPU consumption) via a Slowloris variant in which incomplete QUIC or HTTP/3 requests are sent. This occurs because mtu_discoverer.go misparses the MTU Discovery service and consequently overflows the probe timer. NOTE: the vendor's position is that this behavior should not be listed as a vulnerability on the CVE List."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/lucas-clemente/quic-go/blob/84e03e59760ceee37359688871bb0688fcc4e98f/mtu_discoverer.go",
"refsource": "MISC",
"name": "https://github.com/lucas-clemente/quic-go/blob/84e03e59760ceee37359688871bb0688fcc4e98f/mtu_discoverer.go"
}
]
}

61
2022/32xxx/CVE-2022-32290.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-32290",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-32290",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control. It listens on a random, unprivileged TCP port and exposes an HTTP proxy to facilitate API calls from additional client components running on the device. However, it listens on all network interfaces instead of only the localhost interface. Therefore, any client on the same network can connect to this TCP port and send HTTP requests. The Mender Client will forward these requests to the Mender Server. Additionally, if mTLS is set up, the Mender Client will connect to the Mender Server using the device's client certificate, making it possible for the attacker to bypass mTLS authentication and send requests to the Mender Server without direct access to the client certificate and related private key. Accessing the HTTP proxy from the local network doesn't represent a direct threat, because it doesn't expose any device or server-specific data. However, it increases the attack surface and can be a potential vector to exploit other vulnerabilities both on the Client and the Server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://northern.tech",
"refsource": "MISC",
"name": "https://northern.tech"
},
{
"refsource": "MISC",
"name": "https://mender.io/blog/cve-2022-32290-mender-client-listening-on-all-the-interfaces",
"url": "https://mender.io/blog/cve-2022-32290-mender-client-listening-on-all-the-interfaces"
}
]
}

61
2022/32xxx/CVE-2022-32383.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-32383",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-32383",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tenda AC23 v16.03.07.44 was discovered to contain a stack overflow via the AdvSetMacMtuWan function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://drive.google.com/file/d/1M18rn2N7GzmBRI770S07IbbzmvX-5IPe/view?usp=sharing",
"refsource": "MISC",
"name": "https://drive.google.com/file/d/1M18rn2N7GzmBRI770S07IbbzmvX-5IPe/view?usp=sharing"
},
{
"refsource": "MISC",
"name": "https://github.com/LuGakki/Vuln/blob/main/Tenda%20AC23.pdf",
"url": "https://github.com/LuGakki/Vuln/blob/main/Tenda%20AC23.pdf"
}
]
}

71
2022/32xxx/CVE-2022-32385.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-32385",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-32385",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tenda AC23 v16.03.07.44 is vulnerable to Stack Overflow that will allow for the execution of arbitrary code (remote)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://tenda.com",
"refsource": "MISC",
"name": "http://tenda.com"
},
{
"url": "http://ac23.com",
"refsource": "MISC",
"name": "http://ac23.com"
},
{
"url": "https://drive.google.com/file/d/1wyc9CBd3NW2bFbRhGcAaHEYJK1G2a21Y/view?usp=sharing",
"refsource": "MISC",
"name": "https://drive.google.com/file/d/1wyc9CBd3NW2bFbRhGcAaHEYJK1G2a21Y/view?usp=sharing"
},
{
"refsource": "MISC",
"name": "https://github.com/LuGakki/Vuln/blob/main/Tenda%20AC23.pdf",
"url": "https://github.com/LuGakki/Vuln/blob/main/Tenda%20AC23.pdf"
}
]
}

71
2022/32xxx/CVE-2022-32386.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-32386",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-32386",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tenda AC23 v16.03.07.44 was discovered to contain a buffer overflow via fromAdvSetMacMtuWan."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://tenda.com",
"refsource": "MISC",
"name": "http://tenda.com"
},
{
"url": "http://ac23.com",
"refsource": "MISC",
"name": "http://ac23.com"
},
{
"url": "https://drive.google.com/file/d/1XPTEt10yJt9WcLrIt6YpDV5OlP-U6dBR/view?usp=sharing",
"refsource": "MISC",
"name": "https://drive.google.com/file/d/1XPTEt10yJt9WcLrIt6YpDV5OlP-U6dBR/view?usp=sharing"
},
{
"refsource": "MISC",
"name": "https://github.com/LuGakki/Vuln/blob/main/Tenda%20AC23.pdf",
"url": "https://github.com/LuGakki/Vuln/blob/main/Tenda%20AC23.pdf"
}
]
}

5
2022/32xxx/CVE-2022-32533.json
View File

@ -78,6 +78,11 @@
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2022/07/06/1",
"name": "https://www.openwall.com/lists/oss-security/2022/07/06/1"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220706 CVE-2022-32533: Apache Portals Jetspeed XSS, CSRF, SSRF, and XXE issues",
"url": "http://www.openwall.com/lists/oss-security/2022/07/06/1"
}
]
},

10
2022/35xxx/CVE-2022-35229.json
View File

@ -52,9 +52,6 @@
"value": "internal research"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -97,8 +94,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://support.zabbix.com/browse/ZBX-21306"
"refsource": "MISC",
"url": "https://support.zabbix.com/browse/ZBX-21306",
"name": "https://support.zabbix.com/browse/ZBX-21306"
}
]
},
@ -117,4 +115,4 @@
"value": "The vulnerability can be exploited only by authenticated users. If an immediate update is not possible, review user access rights to your Zabbix Frontend, be attentive to browser warnings and always check any links you can receive via email or other means of communication, which lead to the discoveryconf.php page of Zabbix Frontend and contain suspicious parameters with special symbols. If you have clicked on the suspicious link, do not fill out the opened form."
}
]
}
}

10
2022/35xxx/CVE-2022-35230.json
View File

@ -44,9 +44,6 @@
"value": "internal research"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -89,8 +86,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://support.zabbix.com/browse/ZBX-21305"
"refsource": "MISC",
"url": "https://support.zabbix.com/browse/ZBX-21305",
"name": "https://support.zabbix.com/browse/ZBX-21305"
}
]
},
@ -109,4 +107,4 @@
"value": "The vulnerability can be exploited only by authenticated users. If an immediate update is not possible, review user access rights to your Zabbix Frontend, be attentive to browser warnings and always check any links you can receive via email or other means of communication, which lead to the graphs.php page of Zabbix Frontend and contain suspicious parameters with special symbols. If you have clicked on the suspicious link, do not fill out the opened form"
}
]
}
}