admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-08 03:27:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-09-23 00:00:38 +00:00
parent f00390513a
commit e210fcb3e9
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
7 changed files with 188 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2022/25xxx/CVE-2022-25146.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "The Remote App module in Liferay Portal through v7.4.3.8 and Liferay DXP through v7.4 does not check if the origin of event messages it receives matches the origin of the Remote App, allowing attackers to exfiltrate the CSRF token via a crafted event message."
"value": "The Remote App module in Liferay Portal Liferay Portal v7.4.3.4 through v7.4.3.8 and Liferay DXP 7.4 before update 5 does not check if the origin of event messages it receives matches the origin of the Remote App, allowing attackers to exfiltrate the CSRF token via a crafted event message."
}
]
},

7
2022/28xxx/CVE-2022-28979.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP v7.3 before service pack 3 was discovered to contain a cross-site scripting (XSS) vulnerability in the Portal Search module's Custom Facet widget. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Parameter Name text field."
"value": "Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 was discovered to contain a cross-site scripting (XSS) vulnerability in the Portal Search module's Custom Facet widget. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Parameter Name text field."
}
]
},
@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28979-xss-in-custom-facet-widget",
"url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28979-xss-in-custom-facet-widget"
},
{
"refsource": "MISC",
"name": "https://issues.liferay.com/browse/LPE-17381",
"url": "https://issues.liferay.com/browse/LPE-17381"
}
]
}

66
2022/30xxx/CVE-2022-30426.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-30426",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-30426",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is a stack buffer overflow vulnerability, which could lead to arbitrary code execution in UEFI DXE driver on some Acer products. An attack could exploit this vulnerability to escalate privilege from ring 3 to ring 0, and hijack control flow during UEFI DXE execution. This affects Altos T110 F3 firmware version <= P13 (latest) and AP130 F2 firmware version <= P04 (latest) and Aspire 1600X firmware version <= P11.A3L (latest) and Aspire 1602M firmware version <= P11.A3L (latest) and Aspire 7600U firmware version <= P11.A4 (latest) and Aspire MC605 firmware version <= P11.A4L (latest) and Aspire TC-105 firmware version <= P12.B0L (latest) and Aspire TC-120 firmware version <= P11-A4 (latest) and Aspire U5-620 firmware version <= P11.A1 (latest) and Aspire X1935 firmware version <= P11.A3L (latest) and Aspire X3475 firmware version <= P11.A3L (latest) and Aspire X3995 firmware version <= P11.A3L (latest) and Aspire XC100 firmware version <= P11.B3 (latest) and Aspire XC600 firmware version <= P11.A4 (latest) and Aspire Z3-615 firmware version <= P11.A2L (latest) and Veriton E430G firmware version <= P21.A1 (latest) and Veriton B630_49 firmware version <= AAP02SR (latest) and Veriton E430 firmware version <= P11.A4 (latest) and Veriton M2110G firmware version <= P21.A3 (latest) and Veriton M2120G fir."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://acer.com",
"refsource": "MISC",
"name": "http://acer.com"
},
{
"url": "http://altos.com",
"refsource": "MISC",
"name": "http://altos.com"
},
{
"refsource": "MISC",
"name": "https://github.com/10TG/vulnerabilities/blob/main/Acer/CVE-2022-30426/CVE-2022-30426.md",
"url": "https://github.com/10TG/vulnerabilities/blob/main/Acer/CVE-2022-30426/CVE-2022-30426.md"
}
]
}

7
2022/36xxx/CVE-2022-36642.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.5.0+r1 allows attackers to escalate privileges to root and execute arbitrary commands."
"value": "A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.0.0-1.4.9 allows attackers to access users credentials which makes him able to gain initial access to the control panel with high privilege because the cleartext storage of sensitive information which can be unlatched by exploiting the LFD vulnerability."
}
]
},
@ -71,6 +71,11 @@
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/50996",
"url": "https://www.exploit-db.com/exploits/50996"
},
{
"refsource": "MISC",
"name": "https://cyber-guy.gitbook.io/cyber-guys-blog/blogs/bypassing-mpx-node-authentication-firmware-analysis",
"url": "https://cyber-guy.gitbook.io/cyber-guys-blog/blogs/bypassing-mpx-node-authentication-firmware-analysis"
}
]
}

61
2022/38xxx/CVE-2022-38573.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-38573",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-38573",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "10-Strike Network Inventory Explorer v9.3 was discovered to contain a buffer overflow via the Add Computers function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://packetstormsecurity.com",
"refsource": "MISC",
"name": "https://packetstormsecurity.com"
},
{
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/168133/10-Strike-Network-Inventory-Explorer-9.3-Buffer-Overflow.html",
"url": "https://packetstormsecurity.com/files/168133/10-Strike-Network-Inventory-Explorer-9.3-Buffer-Overflow.html"
}
]
}

5
2022/39xxx/CVE-2022-39207.json
View File

@ -78,6 +78,11 @@
"name": "https://github.com/theonedev/onedev/commit/adb6e31476621f824fc3227a695232df830d83ab",
"refsource": "MISC",
"url": "https://github.com/theonedev/onedev/commit/adb6e31476621f824fc3227a695232df830d83ab"
},
{
"refsource": "MISC",
"name": "https://blog.sonarsource.com/onedev-remote-code-execution/",
"url": "https://blog.sonarsource.com/onedev-remote-code-execution/"
}
]
},

61
2022/40xxx/CVE-2022-40298.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-40298",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-40298",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Crestron AirMedia for Windows before 5.5.1.84 has insecure inherited permissions, which leads to a privilege escalation vulnerability found in the AirMedia Windows Application, version 4.3.1.39. A low privileged user can initiate a repair of the system and gain a SYSTEM level shell."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.crestron.com/Security/Security_Advisories",
"url": "https://www.crestron.com/Security/Security_Advisories"
},
{
"url": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf",
"refsource": "MISC",
"name": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf"
}
]
}