admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-09-28 14:00:35 +00:00
parent b566c333bf
commit d9a32861cd
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
9 changed files with 189 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
2021/43xxx/CVE-2021-43980.json
View File

@ -54,7 +54,7 @@
"description_data": [
{
"lang": "eng",
"value": "The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client. "
"value": "The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client."
}
]
},
@ -81,8 +81,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://lists.apache.org/thread/3jjqbsp6j88b198x5rmg99b1qr8ht3g3"
"refsource": "MISC",
"url": "https://lists.apache.org/thread/3jjqbsp6j88b198x5rmg99b1qr8ht3g3",
"name": "https://lists.apache.org/thread/3jjqbsp6j88b198x5rmg99b1qr8ht3g3"
}
]
},

6
2022/22xxx/CVE-2022-22523.json
View File

@ -24,7 +24,7 @@
}
},
{
"product_name": "UWP 3.0 Monitoring Gateway and Controller Security Enhanced",
"product_name": "UWP 3.0 Monitoring Gateway and Controller \u2013 Security Enhanced",
"version": {
"version_data": [
{
@ -36,7 +36,7 @@
}
},
{
"product_name": "UWP 3.0 Monitoring Gateway and Controller EDP version",
"product_name": "UWP 3.0 Monitoring Gateway and Controller \u2013 EDP version",
"version": {
"version_data": [
{
@ -79,7 +79,7 @@
"description_data": [
{
"lang": "eng",
"value": "An improper authentication vulnerability exists in the Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 Web-App which allows an authentication bypass to the context of an unauthorised user if free-access is disabled."
"value": "An improper authentication vulnerability exists in the Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 Web-App which allows an authentication bypass to the context of an unauthorised user if free-access is disabled."
}
]
},

6
2022/28xxx/CVE-2022-28811.json
View File

@ -24,7 +24,7 @@
}
},
{
"product_name": "UWP 3.0 Monitoring Gateway and Controller Security Enhanced",
"product_name": "UWP 3.0 Monitoring Gateway and Controller \u2013 Security Enhanced",
"version": {
"version_data": [
{
@ -36,7 +36,7 @@
}
},
{
"product_name": "UWP 3.0 Monitoring Gateway and Controller EDP version",
"product_name": "UWP 3.0 Monitoring Gateway and Controller \u2013 EDP version",
"version": {
"version_data": [
{
@ -79,7 +79,7 @@
"description_data": [
{
"lang": "eng",
"value": "In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could utilize an improper input validation on an API-submitted parameter to execute arbitrary OS commands."
"value": "In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could utilize an improper input validation on an API-submitted parameter to execute arbitrary OS commands."
}
]
},

6
2022/28xxx/CVE-2022-28812.json
View File

@ -24,7 +24,7 @@
}
},
{
"product_name": "UWP 3.0 Monitoring Gateway and Controller Security Enhanced",
"product_name": "UWP 3.0 Monitoring Gateway and Controller \u2013 Security Enhanced",
"version": {
"version_data": [
{
@ -36,7 +36,7 @@
}
},
{
"product_name": "UWP 3.0 Monitoring Gateway and Controller EDP version",
"product_name": "UWP 3.0 Monitoring Gateway and Controller \u2013 EDP version",
"version": {
"version_data": [
{
@ -79,7 +79,7 @@
"description_data": [
{
"lang": "eng",
"value": "In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain SuperUser access to the device."
"value": "In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain SuperUser access to the device."
}
]
},

6
2022/28xxx/CVE-2022-28813.json
View File

@ -24,7 +24,7 @@
}
},
{
"product_name": "UWP 3.0 Monitoring Gateway and Controller Security Enhanced",
"product_name": "UWP 3.0 Monitoring Gateway and Controller \u2013 Security Enhanced",
"version": {
"version_data": [
{
@ -36,7 +36,7 @@
}
},
{
"product_name": "UWP 3.0 Monitoring Gateway and Controller EDP version",
"product_name": "UWP 3.0 Monitoring Gateway and Controller \u2013 EDP version",
"version": {
"version_data": [
{
@ -79,7 +79,7 @@
"description_data": [
{
"lang": "eng",
"value": "In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of an SQL-injection to gain access to a volatile temporary database with the current states of the device.\n"
"value": "In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of an SQL-injection to gain access to a volatile temporary database with the current states of the device."
}
]
},

18
2022/3xxx/CVE-2022-3354.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3354",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

61
2022/40xxx/CVE-2022-40082.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-40082",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-40082",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Hertz v0.3.0 ws discovered to contain a path traversal vulnerability via the normalizePath function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/cloudwego/hertz/issues/228",
"refsource": "MISC",
"name": "https://github.com/cloudwego/hertz/issues/228"
},
{
"url": "https://github.com/cloudwego/hertz/pull/229",
"refsource": "MISC",
"name": "https://github.com/cloudwego/hertz/pull/229"
}
]
}

56
2022/40xxx/CVE-2022-40083.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-40083",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-40083",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/labstack/echo/issues/2259",
"refsource": "MISC",
"name": "https://github.com/labstack/echo/issues/2259"
}
]
}

56
2022/40xxx/CVE-2022-40912.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-40912",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-40912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ETAP Lighting International NV ETAP Safety Manager 1.0.0.32 is vulnerable to Cross Site Scripting (XSS). Input passed to the GET parameter 'action' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5711.php",
"refsource": "MISC",
"name": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5711.php"
}
]
}