admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-07-08 19:00:48 +00:00
parent 9a12cbea75
commit f393079bf3
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
5 changed files with 178 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
2022/2xxx/CVE-2022-2354.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2354",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/2xxx/CVE-2022-2355.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2355",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

15
2022/34xxx/CVE-2022-34007.json
View File

@ -61,6 +61,21 @@
"url": "https://www.integrityline.com/",
"refsource": "MISC",
"name": "https://www.integrityline.com/"
},
{
"refsource": "MISC",
"name": "https://www.ush.it/team/ush/advisory-eqs-integrity-line/eqs_integrity_line.txt",
"url": "https://www.ush.it/team/ush/advisory-eqs-integrity-line/eqs_integrity_line.txt"
},
{
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2022/Jul/1",
"url": "https://seclists.org/fulldisclosure/2022/Jul/1"
},
{
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/167706/EQS-Integrity-Line-Cross-Site-Scripting-Information-Disclosure.html",
"url": "https://packetstormsecurity.com/files/167706/EQS-Integrity-Line-Cross-Site-Scripting-Information-Disclosure.html"
}
]
}

61
2022/34xxx/CVE-2022-34914.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34914",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-34914",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Webswing before 22.1.3 allows X-Forwarded-For header injection. The client IP address is associated with a variable in the configuration page. The {clientIp} variable can be used as an application startup argument. The X-Forwarded-For header can be manipulated by a client to store an arbitrary value that is used to replace the clientIp variable (without sanitization). A client can thus inject multiple arguments into the session startup. Systems that do not use the clientIP variable in the configuration are not vulnerable. The vulnerability is fixed in these versions: 20.1.16, 20.2.19, 21.1.8, 21.2.12, and 22.1.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.webswing.org/docs/20.1/faq/client_ip.html",
"refsource": "MISC",
"name": "https://www.webswing.org/docs/20.1/faq/client_ip.html"
},
{
"refsource": "MISC",
"name": "https://www.webswing.org/blog/header-injection-vulnerability-cve-2022-34914",
"url": "https://www.webswing.org/blog/header-injection-vulnerability-cve-2022-34914"
}
]
}

72
2022/35xxx/CVE-2022-35411.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-35411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the \"serializer: pickle\" HTTP header is sent. In other words, although JSON (not Pickle) is the default data format, an unauthenticated client can cause the data to be processed with unpickle."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://medium.com/@elias.hohl/remote-code-execution-0-day-in-rpc-py-709c76690c30",
"refsource": "MISC",
"name": "https://medium.com/@elias.hohl/remote-code-execution-0-day-in-rpc-py-709c76690c30"
},
{
"url": "https://github.com/ehtec/rpcpy-exploit",
"refsource": "MISC",
"name": "https://github.com/ehtec/rpcpy-exploit"
},
{
"url": "https://github.com/abersheeran/rpc.py/commit/491e7a841ed9a754796d6ab047a9fb16e23bf8bd",
"refsource": "MISC",
"name": "https://github.com/abersheeran/rpc.py/commit/491e7a841ed9a754796d6ab047a9fb16e23bf8bd"
}
]
}
}