admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-02-11 16:01:22 +00:00
parent 8cadd21abb
commit ea081e4413
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
17 changed files with 255 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
2020/13xxx/CVE-2020-13668.json
View File

@ -47,7 +47,7 @@
"description_data": [
{
"lang": "eng",
"value": "Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability.\nThis issue affects:\nDrupal Core\n8.8.x versions prior to 8.8.10;\n8.9.x versions prior to 8.9.6;\n9.0.x versions prior to 9.0.6."
"value": "Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6."
}
]
},
@ -78,4 +78,4 @@
"source": {
"discovery": "UNKNOWN"
}
}
}

4
2020/13xxx/CVE-2020-13669.json
View File

@ -46,7 +46,7 @@
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) vulnerability in ckeditor of Drupal Core allows attacker to inject XSS. \nThis issue affects:\nDrupal Core\n8.8.x versions prior to 8.8.10.;\n8.9.x versions prior to 8.9.6;\n9.0.x versions prior to 9.0.6."
"value": "Cross-site Scripting (XSS) vulnerability in ckeditor of Drupal Core allows attacker to inject XSS. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10.; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6."
}
]
},
@ -71,4 +71,4 @@
}
]
}
}
}

4
2020/13xxx/CVE-2020-13670.json
View File

@ -46,7 +46,7 @@
"description_data": [
{
"lang": "eng",
"value": "Information Disclosure vulnerability in file module of Drupal Core allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file.\n\nThis issue affects:\nDrupal Core\n8.8.x versions prior to 8.8.10;\n8.9.x versions prior to 8.9.6;\n9.0.x versions prior to 9.0.6."
"value": "Information Disclosure vulnerability in file module of Drupal Core allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6."
}
]
},
@ -71,4 +71,4 @@
}
]
}
}
}

4
2020/13xxx/CVE-2020-13672.json
View File

@ -51,7 +51,7 @@
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances.\nThis issue affects:\nDrupal Core\n9.1.x versions prior to 9.1.7;\n9.0.x versions prior to 9.0.12;\n8.9.x versions prior to 8.9.14;\n7.x versions prior to 7.80."
"value": "Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. This issue affects: Drupal Core 9.1.x versions prior to 9.1.7; 9.0.x versions prior to 9.0.12; 8.9.x versions prior to 8.9.14; 7.x versions prior to 7.80."
}
]
},
@ -76,4 +76,4 @@
}
]
}
}
}

4
2020/13xxx/CVE-2020-13673.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "The Entity Embed module provides a filter to allow embedding entities in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it is accessed by a trusted user with permission to embed entities. In some cases, this could lead to cross-site scripting.\n\n"
"value": "The Entity Embed module provides a filter to allow embedding entities in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it is accessed by a trusted user with permission to embed entities. In some cases, this could lead to cross-site scripting."
}
]
},
@ -61,4 +61,4 @@
}
]
}
}
}

4
2020/13xxx/CVE-2020-13674.json
View File

@ -46,7 +46,7 @@
"description_data": [
{
"lang": "eng",
"value": "The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues.\n\nSites are only affected if the QuickEdit module (which comes with the Standard profile) is installed. Removing the \"access in-place editing\" permission from untrusted users will not fully mitigate the vulnerability.\n\n"
"value": "The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed. Removing the \"access in-place editing\" permission from untrusted users will not fully mitigate the vulnerability."
}
]
},
@ -71,4 +71,4 @@
}
]
}
}
}

4
2020/13xxx/CVE-2020-13676.json
View File

@ -46,7 +46,7 @@
"description_data": [
{
"lang": "eng",
"value": "The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data.\n\nSites are only affected if the QuickEdit module (which comes with the Standard profile) is installed."
"value": "The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed."
}
]
},
@ -71,4 +71,4 @@
}
]
}
}
}

4
2020/13xxx/CVE-2020-13677.json
View File

@ -46,7 +46,7 @@
"description_data": [
{
"lang": "eng",
"value": "Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass.\n\nSites that do not have the JSON:API module enabled are not affected."
"value": "Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass. Sites that do not have the JSON:API module enabled are not affected."
}
]
},
@ -71,4 +71,4 @@
}
]
}
}
}

66
2020/36xxx/CVE-2020-36062.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-36062",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-36062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Dairy Farm Shop Management System v1.0 was discovered to contain hardcoded credentials in the source code which allows attackers access to the control panel if compromised."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://phpgurukul.com/dairy-farm-shop-management-system-using-php-and-mysql/",
"refsource": "MISC",
"name": "https://phpgurukul.com/dairy-farm-shop-management-system-using-php-and-mysql/"
},
{
"url": "https://phpgurukul.com",
"refsource": "MISC",
"name": "https://phpgurukul.com"
},
{
"refsource": "MISC",
"name": "https://github.com/VivekPanday12/CVE-/issues/3",
"url": "https://github.com/VivekPanday12/CVE-/issues/3"
}
]
}

61
2021/42xxx/CVE-2021-42940.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-42940",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-42940",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool/saveAttachment.php, which allows an attacker to upload a SVG file containing malicious JavaScript code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.projeqtor.org/en/",
"refsource": "MISC",
"name": "https://www.projeqtor.org/en/"
},
{
"refsource": "MISC",
"name": "https://truedigitalsecurity.com/services/penetration-testing-services/advisory-summary-2.2022-cve-2021-42940",
"url": "https://truedigitalsecurity.com/services/penetration-testing-services/advisory-summary-2.2022-cve-2021-42940"
}
]
}

5
2021/44xxx/CVE-2021-44521.json
View File

@ -92,6 +92,11 @@
"refsource": "MISC",
"url": "https://lists.apache.org/thread/y4nb9s4co34j8hdfmrshyl09lokm7356",
"name": "https://lists.apache.org/thread/y4nb9s4co34j8hdfmrshyl09lokm7356"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220211 CVE-2021-44521: Apache Cassandra: Remote code execution for scripted UDFs",
"url": "http://www.openwall.com/lists/oss-security/2022/02/11/4"
}
]
},

61
2021/45xxx/CVE-2021-45385.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-45385",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-45385",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Null Pointer Dereference vulnerability exits in ffjpeg d5cfd49 (2021-12-06) in bmp_load(). When the size information in metadata of the bmp is out of range, it returns without assign memory buffer to `pb->pdata` and did not exit the program. So the program crashes when it tries to access the pb->data, in jfif_encode() at jfif.c:763. This is due to the incomplete patch for CVE-2020-13438."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/rockcarry/ffjpeg/issues/47",
"refsource": "MISC",
"name": "https://github.com/rockcarry/ffjpeg/issues/47"
},
{
"url": "https://github.com/rockcarry/ffjpeg/pull/48",
"refsource": "MISC",
"name": "https://github.com/rockcarry/ffjpeg/pull/48"
}
]
}

5
2022/24xxx/CVE-2022-24112.json
View File

@ -83,6 +83,11 @@
"refsource": "MISC",
"url": "https://lists.apache.org/thread/lcdqywz8zy94mdysk7p3gfdgn51jmt94",
"name": "https://lists.apache.org/thread/lcdqywz8zy94mdysk7p3gfdgn51jmt94"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220211 CVE-2022-24112: Apache APISIX: apisix/batch-requests plugin allows overwriting the X-REAL-IP header",
"url": "http://www.openwall.com/lists/oss-security/2022/02/11/3"
}
]
},

5
2022/24xxx/CVE-2022-24289.json
View File

@ -73,6 +73,11 @@
"refsource": "MISC",
"url": "https://lists.apache.org/thread/zthjy83t3o66x7xcbygn2vg3yjvlc9vc",
"name": "https://lists.apache.org/thread/zthjy83t3o66x7xcbygn2vg3yjvlc9vc"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220211 CVE-2022-24289: Apache Cayenne: Deserialization of untrusted data in the Hessian Component of Apache Cayenne 4.1 with older Java versions",
"url": "http://www.openwall.com/lists/oss-security/2022/02/11/1"
}
]
},

18
2022/24xxx/CVE-2022-24964.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-24964",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/24xxx/CVE-2022-24965.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-24965",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/24xxx/CVE-2022-24966.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-24966",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}