admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-12-30 05:58:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-09-02 21:00:36 +00:00
parent aa3b68d8c8
commit ef57dcba10
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
8 changed files with 219 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2021/30xxx/CVE-2021-30860.json
View File

@ -142,6 +142,11 @@
"refsource": "FULLDISC",
"name": "20210924 APPLE-SA-2021-09-23-1 iOS 12.5.5",
"url": "http://seclists.org/fulldisclosure/2021/Sep/50"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220902 JBIG2 integer overflow fixed in Xpdf 4.04, Poppler 22.09.0",
"url": "http://www.openwall.com/lists/oss-security/2022/09/02/11"
}
]
},

2
2022/31xxx/CVE-2022-31152.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of [event authorization rules](https://spec.matrix.org/v1.2/rooms/v9/#authorization-rules) which must be checked when determining if an event should be accepted into a room.\n\nIn versions of Synapse up to and including version 1.61.0, some of these rules are not correctly applied. An attacker could craft events which would be accepted by Synapse but not a spec-conformant server, potentially causing divergence in the room state between servers. Administrators of homeservers with federation enabled are advised to upgrade to version 1.62.0 or higher. Federation can be disabled by setting [`federation_domain_whitelist`](https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#federation_domain_whitelist) to an empty list (`[]`) as a workaround."
"value": "Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of [event authorization rules](https://spec.matrix.org/v1.2/rooms/v9/#authorization-rules) which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including version 1.61.0, some of these rules are not correctly applied. An attacker could craft events which would be accepted by Synapse but not a spec-conformant server, potentially causing divergence in the room state between servers. Administrators of homeservers with federation enabled are advised to upgrade to version 1.62.0 or higher. Federation can be disabled by setting [`federation_domain_whitelist`](https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#federation_domain_whitelist) to an empty list (`[]`) as a workaround."
}
]
},

61
2022/36xxx/CVE-2022-36638.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-36638",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-36638",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An access control issue in the component print.php of Garage Management System v1.0 allows unauthenticated attackers to access data for all existing orders."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://senzee.net/index.php/2022/07/21/vulnerability-of-garage-management-system-1-0/",
"refsource": "MISC",
"name": "https://senzee.net/index.php/2022/07/21/vulnerability-of-garage-management-system-1-0/"
},
{
"url": "https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html",
"refsource": "MISC",
"name": "https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html"
}
]
}

61
2022/36xxx/CVE-2022-36639.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-36639",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-36639",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A stored cross-site scripting (XSS) vulnerability in /client.php of Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://senzee.net/index.php/2022/07/21/vulnerability-of-garage-management-system-1-0/",
"refsource": "MISC",
"name": "https://senzee.net/index.php/2022/07/21/vulnerability-of-garage-management-system-1-0/"
},
{
"url": "https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html",
"refsource": "MISC",
"name": "https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html"
}
]
}

81
2022/36xxx/CVE-2022-36640.json
View File

@ -1,17 +1,86 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-36640",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-36640",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://influxdata.com",
"refsource": "MISC",
"name": "http://influxdata.com"
},
{
"url": "http://influxdb.com",
"refsource": "MISC",
"name": "http://influxdb.com"
},
{
"url": "http://www.krsecu.com/CVE/409b5310045bd6b9a984a5fb63bd8786d5c5681a8ad5b1c815c84b2b90002ad7.docx",
"refsource": "MISC",
"name": "http://www.krsecu.com/CVE/409b5310045bd6b9a984a5fb63bd8786d5c5681a8ad5b1c815c84b2b90002ad7.docx"
},
{
"url": "https://dl.influxdata.com/influxdb/releases/influxdb_1.8.10_amd64.deb",
"refsource": "MISC",
"name": "https://dl.influxdata.com/influxdb/releases/influxdb_1.8.10_amd64.deb"
},
{
"url": "https://portal.influxdata.com/downloads/",
"refsource": "MISC",
"name": "https://portal.influxdata.com/downloads/"
},
{
"url": "https://www.influxdata.com/",
"refsource": "MISC",
"name": "https://www.influxdata.com/"
}
]
}

5
2022/38xxx/CVE-2022-38171.json
View File

@ -90,6 +90,11 @@
"refsource": "MISC",
"name": "https://gist.github.com/zmanion/b2ed0d1a0cec163ecd07d5e3d9740dc6",
"url": "https://gist.github.com/zmanion/b2ed0d1a0cec163ecd07d5e3d9740dc6"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220902 JBIG2 integer overflow fixed in Xpdf 4.04, Poppler 22.09.0",
"url": "http://www.openwall.com/lists/oss-security/2022/09/02/11"
}
]
},

5
2022/38xxx/CVE-2022-38784.json
View File

@ -80,6 +80,11 @@
"name": "https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1261/diffs?commit_id=27354e9d9696ee2bc063910a6c9a6b27c5184a52",
"refsource": "CONFIRM",
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1261/diffs?commit_id=27354e9d9696ee2bc063910a6c9a6b27c5184a52"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220902 JBIG2 integer overflow fixed in Xpdf 4.04, Poppler 22.09.0",
"url": "http://www.openwall.com/lists/oss-security/2022/09/02/11"
}
]
},

18
2022/3xxx/CVE-2022-3101.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3101",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}