admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-08 03:27:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-10-07 16:00:33 +00:00
parent c19172c5aa
commit e50aad1028
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
31 changed files with 244 additions and 383 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
2022/22xxx/CVE-2022-22503.json
View File

@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Gain Access"
"value": "n/a"
}
]
}
@ -70,18 +70,18 @@
"product": {
"product_data": [
{
"product_name": "Robotic Process Automation",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "21.0.0"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "IBM"
"vendor_name": "n/a"
}
]
}

17
2022/27xxx/CVE-2022-27810.json
View File

@ -9,26 +9,21 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Facebook",
"product": {
"product_data": [
{
"product_name": "Hermes",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "!>=",
"version_value": "0.12.0"
},
{
"version_affected": "<",
"version_value": "0.12.0"
"version_value": "n/a"
}
]
}
}
]
}
},
"vendor_name": "n/a"
}
]
}
@ -50,7 +45,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-674: Uncontrolled Recursion"
"value": "n/a"
}
]
}
@ -65,4 +60,4 @@
}
]
}
}
}

9
2022/2xxx/CVE-2022-2637.json
View File

@ -12,19 +12,18 @@
"product": {
"product_data": [
{
"product_name": "Hitachi Storage Plug-in for VMware vCenter",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "04.8.0"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Hitachi"
"vendor_name": "n/a"
}
]
}
@ -65,7 +64,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-266 Incorrect Privilege Assignment"
"value": "n/a"
}
]
}

31
2022/2xxx/CVE-2022-2781.json
View File

@ -11,42 +11,21 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Octopus Deploy",
"product": {
"product_data": [
{
"product_name": "Octopus Server",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "3.2.10",
"version_affected": ">="
},
{
"version_value": "2022.1.3154",
"version_affected": "<"
},
{
"version_value": "2022.2.6729",
"version_affected": ">="
},
{
"version_value": "2022.2.7897",
"version_affected": "<"
},
{
"version_value": "2022.3.348",
"version_affected": ">="
},
{
"version_value": "2022.3.10586",
"version_affected": "<"
"version_value": "n/a"
}
]
}
}
]
}
},
"vendor_name": "n/a"
}
]
}
@ -57,7 +36,7 @@
"description": [
{
"lang": "eng",
"value": "Encryption"
"value": "n/a"
}
]
}

31
2022/2xxx/CVE-2022-2783.json
View File

@ -11,42 +11,21 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Octopus Deploy",
"product": {
"product_data": [
{
"product_name": "Octopus Server",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "3.12.0",
"version_affected": ">="
},
{
"version_value": "2022.1.3154",
"version_affected": "<"
},
{
"version_value": "2022.2.6729",
"version_affected": ">="
},
{
"version_value": "2022.2.7897",
"version_affected": "<"
},
{
"version_value": "2022.3.348",
"version_affected": ">="
},
{
"version_value": "2022.3.10586",
"version_affected": "<"
"version_value": "n/a"
}
]
}
}
]
}
},
"vendor_name": "n/a"
}
]
}
@ -57,7 +36,7 @@
"description": [
{
"lang": "eng",
"value": "CSRF"
"value": "n/a"
}
]
}

13
2022/2xxx/CVE-2022-2928.json
View File

@ -16,23 +16,18 @@
"product": {
"product_data": [
{
"product_name": "ISC DHCP",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_name": "4.4",
"version_value": "4.4.0 through versions before 4.4.3-P1"
},
{
"version_name": "4.1 ESV",
"version_value": "4.1-ESV-R1 through versions before 4.1-ESV-R16-P1"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "ISC"
"vendor_name": "n/a"
}
]
}
@ -79,7 +74,7 @@
"description": [
{
"lang": "eng",
"value": "A DHCP server configured with allow leasequery;, a remote machine with access to the server can send lease queries for the same lease multiple times, leading to the add_option() function being repeatedly called. This could cause an option's refcount field to overflow and the server to abort. Internally, reference counters are integers and thus overflow at 2^31 references, so even at 1000 lease query responses per second, it would take more than three weeks to crash the server. Affects In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1"
"value": "n/a"
}
]
}

13
2022/2xxx/CVE-2022-2929.json
View File

@ -16,23 +16,18 @@
"product": {
"product_data": [
{
"product_name": "ISC DHCP",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_name": "1.0",
"version_value": "1.0 through versions before 4.1-ESV-R16-P2"
},
{
"version_name": "4.2",
"version_value": "4.2 through versions before 4.4.3.-P1"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "ISC"
"vendor_name": "n/a"
}
]
}
@ -79,7 +74,7 @@
"description": [
{
"lang": "eng",
"value": "The function fqdn_universe_decode() allocates buffer space for the contents of option 81 (fqdn) data received in a DHCP packet. The maximum length of a DNS label is 63 bytes. The function tests the length byte of each label contained in the fqdn; if it finds a label whose length byte value is larger than 63, it returns without dereferencing the buffer space. This will cause a memory leak. Affects In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1"
"value": "n/a"
}
]
}

15
2022/2xxx/CVE-2022-2975.json
View File

@ -12,25 +12,18 @@
"product": {
"product_data": [
{
"product_name": "Avaya Aura Application Enablement Services",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "10.1.x",
"version_value": "10.1.0.1"
},
{
"version_affected": "<=",
"version_name": "8.x",
"version_value": "8.1.3.4"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Avaya"
"vendor_name": "n/a"
}
]
}
@ -71,7 +64,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
"value": "n/a"
}
]
}

10
2022/2xxx/CVE-2022-2986.json
View File

@ -11,21 +11,21 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "moodle",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "moodle 4.0.3 and moodle 3.11.9"
"version_value": "n/a"
}
]
}
}
]
}
},
"vendor_name": "n/a"
}
]
}
@ -36,7 +36,7 @@
"description": [
{
"lang": "eng",
"value": "CSRF"
"value": "n/a"
}
]
}

14
2022/31xxx/CVE-2022-31008.json
View File

@ -12,24 +12,18 @@
"product": {
"product_data": [
{
"product_name": "rabbitmq-server",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "< 3.8.32"
},
{
"version_value": ">= 3.9.0, < 3.9.18"
},
{
"version_value": ">= 3.10.0, < 3.10.2"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "rabbitmq"
"vendor_name": "n/a"
}
]
}
@ -67,7 +61,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-330: Use of Insufficiently Random Values"
"value": "n/a"
}
]
}

53
2022/31xxx/CVE-2022-31252.json
View File

@ -13,63 +13,18 @@
"product": {
"product_data": [
{
"product_name": "SUSE Linux Enterprise Server 12-SP5",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "permissions",
"version_value": "20170707"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "SUSE"
},
{
"product": {
"product_data": [
{
"product_name": "openSUSE Leap 15.3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "permissions",
"version_value": "20200127"
}
]
}
},
{
"product_name": "openSUSE Leap 15.4",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "permissions",
"version_value": "20201225"
}
]
}
},
{
"product_name": "openSUSE Leap Micro 5.2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "permissions",
"version_value": "20181225"
}
]
}
}
]
},
"vendor_name": "openSUSE"
"vendor_name": "n/a"
}
]
}
@ -116,7 +71,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-863: Incorrect Authorization"
"value": "n/a"
}
]
}

15
2022/32xxx/CVE-2022-32171.json
View File

@ -10,26 +10,21 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "zinc",
"product": {
"product_data": [
{
"product_name": "zinc",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "v0.1.9",
"version_affected": ">="
},
{
"version_value": "v0.3.1",
"version_affected": "<="
"version_value": "n/a"
}
]
}
}
]
}
},
"vendor_name": "n/a"
}
]
}
@ -90,7 +85,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
"value": "n/a"
}
]
}

15
2022/32xxx/CVE-2022-32172.json
View File

@ -10,26 +10,21 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "zinc",
"product": {
"product_data": [
{
"product_name": "zinc",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "v0.1.9",
"version_affected": ">="
},
{
"version_value": "v0.3.1",
"version_affected": "<="
"version_value": "n/a"
}
]
}
}
]
}
},
"vendor_name": "n/a"
}
]
}
@ -90,7 +85,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
"value": "n/a"
}
]
}

18
2022/36xxx/CVE-2022-36774.json
View File

@ -4,8 +4,8 @@
{
"description": [
{
"value": "File Manipulation",
"lang": "eng"
"lang": "eng",
"value": "n/a"
}
]
}
@ -35,24 +35,18 @@
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "21.0.0"
},
{
"version_value": "21.0.1"
},
{
"version_value": "21.0.2"
"version_value": "n/a"
}
]
},
"product_name": "Robotic Process Automation"
}
}
]
},
"vendor_name": "IBM"
"vendor_name": "n/a"
}
]
}

25
2022/37xxx/CVE-2022-37888.json
View File

@ -11,36 +11,21 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below"
},
{
"version_value": "Aruba InstantOS 6.5.x: 6.5.4.23 and below"
},
{
"version_value": "Aruba InstantOS 8.6.x: 8.6.0.18 and below"
},
{
"version_value": "Aruba InstantOS 8.7.x: 8.7.1.9 and below"
},
{
"version_value": "Aruba InstantOS 8.10.x: 8.10.0.1 and below"
},
{
"version_value": "ArubaOS 10.3.x: 10.3.1.0 and below"
"version_value": "n/a"
}
]
}
}
]
}
},
"vendor_name": "n/a"
}
]
}
@ -51,7 +36,7 @@
"description": [
{
"lang": "eng",
"value": "Buffer Overflow Vulnerability"
"value": "n/a"
}
]
}

23
2022/38xxx/CVE-2022-38709.json
View File

@ -4,8 +4,8 @@
{
"description": [
{
"value": "Cross-Site Scripting",
"lang": "eng"
"lang": "eng",
"value": "n/a"
}
]
}
@ -31,30 +31,21 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "21.0.0"
},
{
"version_value": "21.0.1"
},
{
"version_value": "21.0.2"
},
{
"version_value": "21.0.3"
"version_value": "n/a"
}
]
},
"product_name": "Robotic Process Automation"
}
}
]
}
},
"vendor_name": "n/a"
}
]
}

8
2022/39xxx/CVE-2022-39222.json
View File

@ -12,18 +12,18 @@
"product": {
"product_data": [
{
"product_name": "dex",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "< 2.35.0"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "dexidp"
"vendor_name": "n/a"
}
]
}
@ -61,7 +61,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
"value": "n/a"
}
]
}

8
2022/39xxx/CVE-2022-39237.json
View File

@ -12,18 +12,18 @@
"product": {
"product_data": [
{
"product_name": "sif",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "< 2.8.1"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "sylabs"
"vendor_name": "n/a"
}
]
}
@ -61,7 +61,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-347: Improper Verification of Cryptographic Signature"
"value": "n/a"
}
]
}

8
2022/39xxx/CVE-2022-39244.json
View File

@ -12,18 +12,18 @@
"product": {
"product_data": [
{
"product_name": "pjproject",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "< 2.13"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "pjsip"
"vendor_name": "n/a"
}
]
}
@ -61,7 +61,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"
"value": "n/a"
}
]
}

10
2022/39xxx/CVE-2022-39265.json
View File

@ -12,18 +12,18 @@
"product": {
"product_data": [
{
"product_name": "mybb",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "< 1.8.31"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "mybb"
"vendor_name": "n/a"
}
]
}
@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "MyBB is a free and open source forum software. The _Mail Settings_ Additional Parameters for PHP's mail() function mail_parameters setting value, in connection with the configured mail program's options and behavior, may allow access to sensitive information and Remote Code Execution (RCE). The vulnerable module requires Admin CP access with the `_Can manage settings?_` permission and may depend on configured file permissions. MyBB 1.8.31 resolves this issue with the commit `0cd318136a`. Users are advised to upgrade. There are no known workarounds for this vulnerability."
"value": "MyBB is a free and open source forum software. The _Mail Settings_ \u2192 Additional Parameters for PHP's mail() function mail_parameters setting value, in connection with the configured mail program's options and behavior, may allow access to sensitive information and Remote Code Execution (RCE). The vulnerable module requires Admin CP access with the `_Can manage settings?_` permission and may depend on configured file permissions. MyBB 1.8.31 resolves this issue with the commit `0cd318136a`. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
@ -61,7 +61,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"
"value": "n/a"
}
]
}

8
2022/39xxx/CVE-2022-39269.json
View File

@ -12,18 +12,18 @@
"product": {
"product_data": [
{
"product_name": "pjproject",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": ">= 2.11, < 2.13"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "pjsip"
"vendor_name": "n/a"
}
]
}
@ -61,7 +61,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-319: Cleartext Transmission of Sensitive Information"
"value": "n/a"
}
]
}

8
2022/39xxx/CVE-2022-39270.json
View File

@ -12,18 +12,18 @@
"product": {
"product_data": [
{
"product_name": "DiscoTOC",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "< 2.1.0"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "discourse"
"vendor_name": "n/a"
}
]
}
@ -61,7 +61,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
"value": "n/a"
}
]
}

8
2022/39xxx/CVE-2022-39273.json
View File

@ -12,18 +12,18 @@
"product": {
"product_data": [
{
"product_name": "flyteadmin",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "< 1.1.44"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "flyteorg"
"vendor_name": "n/a"
}
]
}
@ -61,7 +61,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-798: Use of Hard-coded Credentials"
"value": "n/a"
}
]
}

8
2022/39xxx/CVE-2022-39274.json
View File

@ -12,18 +12,18 @@
"product": {
"product_data": [
{
"product_name": "LoRaMac-node",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "< 4.7.0"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Lora-net"
"vendor_name": "n/a"
}
]
}
@ -61,7 +61,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"
"value": "n/a"
}
]
}

26
2022/39xxx/CVE-2022-39275.json
View File

@ -12,36 +12,18 @@
"product": {
"product_data": [
{
"product_name": "saleor",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": ">= 2.0.0, < 3.1.24"
},
{
"version_value": ">= 3.2.0, < 3.2.14"
},
{
"version_value": ">= 3.3.0, < 3.3.26"
},
{
"version_value": ">= 3.4.0, < 3.4.24"
},
{
"version_value": ">= 3.5.0, < 3.5.23"
},
{
"version_value": ">= 3.6.0, < 3.6.18"
},
{
"version_value": ">= 3.7.0, < 3.7.17"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "saleor"
"vendor_name": "n/a"
}
]
}
@ -79,7 +61,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-863: Incorrect Authorization"
"value": "n/a"
}
]
}

8
2022/39xxx/CVE-2022-39279.json
View File

@ -12,18 +12,18 @@
"product": {
"product_data": [
{
"product_name": "discourse-chat",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "< 0.9"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "discourse"
"vendor_name": "n/a"
}
]
}
@ -61,7 +61,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
"value": "n/a"
}
]
}

8
2022/39xxx/CVE-2022-39280.json
View File

@ -12,18 +12,18 @@
"product": {
"product_data": [
{
"product_name": "dparse",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "< 0.5.2"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "pyupio"
"vendor_name": "n/a"
}
]
}
@ -61,7 +61,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption"
"value": "n/a"
}
]
}

8
2022/39xxx/CVE-2022-39284.json
View File

@ -12,18 +12,18 @@
"product": {
"product_data": [
{
"product_name": "CodeIgniter4",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "< 4.2.7"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "codeigniter4"
"vendor_name": "n/a"
}
]
}
@ -61,7 +61,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-665: Improper Initialization"
"value": "n/a"
}
]
}

165
2022/3xxx/CVE-2022-3002.json
View File

@ -1,89 +1,88 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-3002",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "yetiforcecompany/yetiforcecrm",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "6.4.0"
}
]
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-3002",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
}
]
},
"vendor_name": "yetiforcecompany"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/d213d7ea-fe92-40b2-a1f9-2ba32dec50f5",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/d213d7ea-fe92-40b2-a1f9-2ba32dec50f5"
},
{
"name": "https://github.com/yetiforcecompany/yetiforcecrm/commit/54728becfdad9b6e686bbe336007cba2ce518248",
"refsource": "MISC",
"url": "https://github.com/yetiforcecompany/yetiforcecrm/commit/54728becfdad9b6e686bbe336007cba2ce518248"
}
]
},
"source": {
"advisory": "d213d7ea-fe92-40b2-a1f9-2ba32dec50f5",
"discovery": "EXTERNAL"
}
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/d213d7ea-fe92-40b2-a1f9-2ba32dec50f5",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/d213d7ea-fe92-40b2-a1f9-2ba32dec50f5"
},
{
"name": "https://github.com/yetiforcecompany/yetiforcecrm/commit/54728becfdad9b6e686bbe336007cba2ce518248",
"refsource": "MISC",
"url": "https://github.com/yetiforcecompany/yetiforcecrm/commit/54728becfdad9b6e686bbe336007cba2ce518248"
}
]
},
"source": {
"advisory": "d213d7ea-fe92-40b2-a1f9-2ba32dec50f5",
"discovery": "EXTERNAL"
}
}

18
2022/3xxx/CVE-2022-3427.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3427",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/3xxx/CVE-2022-3428.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3428",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}