admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-12-30 05:58:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-05-18 16:01:42 +00:00
parent 7100e07ffb
commit dfd4e913d2
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
8 changed files with 555 additions and 113 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

166
2022/1xxx/CVE-2022-1795.json
View File

@ -1,89 +1,89 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1795",
"STATE": "PUBLIC",
"TITLE": "Use After Free in gpac/gpac"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "gpac/gpac",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "v2.1.0-DEV"
}
]
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1795",
"STATE": "PUBLIC",
"TITLE": "Use After Free in gpac/gpac"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "gpac/gpac",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "v2.1.0-DEV"
}
]
}
}
]
},
"vendor_name": "gpac"
}
}
]
},
"vendor_name": "gpac"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416 Use After Free"
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/9c312763-41a6-4fc7-827b-269eb86efcbc",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/9c312763-41a6-4fc7-827b-269eb86efcbc"
},
{
"name": "https://github.com/gpac/gpac/commit/c535bad50d5812d27ee5b22b54371bddec411514",
"refsource": "MISC",
"url": "https://github.com/gpac/gpac/commit/c535bad50d5812d27ee5b22b54371bddec411514"
}
]
},
"source": {
"advisory": "9c312763-41a6-4fc7-827b-269eb86efcbc",
"discovery": "EXTERNAL"
}
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416 Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/9c312763-41a6-4fc7-827b-269eb86efcbc",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/9c312763-41a6-4fc7-827b-269eb86efcbc"
},
{
"name": "https://github.com/gpac/gpac/commit/c535bad50d5812d27ee5b22b54371bddec411514",
"refsource": "MISC",
"url": "https://github.com/gpac/gpac/commit/c535bad50d5812d27ee5b22b54371bddec411514"
}
]
},
"source": {
"advisory": "9c312763-41a6-4fc7-827b-269eb86efcbc",
"discovery": "EXTERNAL"
}
}

18
2022/1xxx/CVE-2022-1796.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1796",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

129
2022/22xxx/CVE-2022-22784.json
View File

@ -1,18 +1,135 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"AKA": "Zoom Video Communications Inc",
"ASSIGNER": "security@zoom.us",
"DATE_PUBLIC": "2022-05-17T12:00:00.000Z",
"ID": "CVE-2022-22784",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Improper XML Parsing in Zoom Client for Meetings"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zoom Client for Meetings for Android",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.10.0"
}
]
}
},
{
"product_name": "Zoom Client for Meetings for iOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.10.0"
}
]
}
},
{
"product_name": "Zoom Client for Meetings for Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.10.0"
}
]
}
},
{
"product_name": "Zoom Client for Meetings for MacOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.10.0"
}
]
}
},
{
"product_name": "Zoom Client for Meetings for Windows",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.10.0"
}
]
}
}
]
},
"vendor_name": "Zoom Video Communications Inc"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Ivan Fratric of Google Project Zero"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly parse XML stanzas in XMPP messages. This can allow a malicious user to break out of the current XMPP message context and create a new message context to have the receiving users client perform a variety of actions.This issue could be used in a more sophisticated attack to forge XMPP messages from the server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://explore.zoom.us/en/trust/security/security-bulletin",
"name": "https://explore.zoom.us/en/trust/security/security-bulletin"
}
]
},
"source": {
"discovery": "USER"
}
}

129
2022/22xxx/CVE-2022-22785.json
View File

@ -1,18 +1,135 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"AKA": "Zoom Video Communications Inc",
"ASSIGNER": "security@zoom.us",
"DATE_PUBLIC": "2022-05-17T12:00:00.000Z",
"ID": "CVE-2022-22785",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Improperly constrained session cookies in Zoom Client for Meetings"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zoom Client for Meetings for Android",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.10.0"
}
]
}
},
{
"product_name": "Zoom Client for Meetings for iOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.10.0"
}
]
}
},
{
"product_name": "Zoom Client for Meetings for Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.10.0"
}
]
}
},
{
"product_name": "Zoom Client for Meetings for MacOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.10.0"
}
]
}
},
{
"product_name": "Zoom Client for Meetings for Windows",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.10.0"
}
]
}
}
]
},
"vendor_name": "Zoom Video Communications Inc"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Ivan Fratric of Google Project Zero"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly constrain client session cookies to Zoom domains. This issue could be used in a more sophisticated attack to send an unsuspecting users Zoom-scoped session cookies to a non-Zoom domain. This could potentially allow for spoofing of a Zoom user."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Exposure of Resource to Wrong Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://explore.zoom.us/en/trust/security/security-bulletin",
"name": "https://explore.zoom.us/en/trust/security/security-bulletin"
}
]
},
"source": {
"discovery": "USER"
}
}

96
2022/22xxx/CVE-2022-22786.json
View File

@ -1,18 +1,102 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"AKA": "Zoom Video Communications Inc",
"ASSIGNER": "security@zoom.us",
"DATE_PUBLIC": "2022-05-17T12:00:00.000Z",
"ID": "CVE-2022-22786",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Update package downgrade in Zoom Client for Meetings for Windows"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zoom Client for Meetings for Windows",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.10.0"
}
]
}
},
{
"product_name": "Zoom Rooms for Conference Room for Windows",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.10.0"
}
]
}
}
]
},
"vendor_name": "Zoom Video Communications Inc"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Ivan Fratric of Google Project Zero"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room for Windows before version 5.10.0, fails to properly check the installation version during the update process. This issue could be used in a more sophisticated attack to trick a user into downgrading their Zoom client to a less secure version."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Less Trusted Source"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://explore.zoom.us/en/trust/security/security-bulletin",
"name": "https://explore.zoom.us/en/trust/security/security-bulletin"
}
]
},
"source": {
"discovery": "USER"
}
}

56
2022/28xxx/CVE-2022-28917.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-28917",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-28917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tenda AX12 v22.03.01.21_cn was discovered to contain a stack overflow via the lanIp parameter in /goform/AdvSetLanIp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/NSSCYCTFER/SRC-CVE",
"refsource": "MISC",
"name": "https://github.com/NSSCYCTFER/SRC-CVE"
}
]
}

18
2022/29xxx/CVE-2022-29496.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-29496",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

56
2022/30xxx/CVE-2022-30105.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-30105",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-30105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Belkin N300 Firmware 1.00.08, the script located at /setting_hidden.asp, which is accessible before and after configuring the device, exhibits multiple remote command injection vulnerabilities. The following parameters in the [form name] form; [list vulnerable parameters], are not properly sanitized after being submitted to the web interface in a POST request. With specially crafted parameters, it is possible to inject a an OS command which will be executed with root privileges, as the web interface, and all processes on the device, run as root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.exploitee.rs/index.php/Belkin_N300#Remote_Root",
"refsource": "MISC",
"name": "https://www.exploitee.rs/index.php/Belkin_N300#Remote_Root"
}
]
}