admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-08 03:27:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-10-27 17:00:32 +00:00
parent bd3edb4028
commit fac2f31508
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
11 changed files with 539 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

106
2022/24xxx/CVE-2022-24669.json
View File

@ -1,18 +1,112 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@forgerock.com",
"DATE_PUBLIC": "2022-10-20T15:33:00.000Z",
"ID": "CVE-2022-24669",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Anonymous users can register / de-register for configuration change notifications"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Access Management",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "6.5.5"
},
{
"version_affected": "<",
"version_value": "7.1.2"
},
{
"version_affected": "<",
"version_value": "7.2.0"
}
]
}
}
]
},
"vendor_name": "ForgeRock"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "It may be possible to gain some details of the deployment through a well-crafted attack. This may allow that data to be used to probe internal network services."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://backstage.forgerock.com/knowledge/kb/article/a90639318",
"name": "https://backstage.forgerock.com/knowledge/kb/article/a90639318"
},
{
"refsource": "MISC",
"url": "https://backstage.forgerock.com/downloads/browse/am/featured",
"name": "https://backstage.forgerock.com/downloads/browse/am/featured"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to the latest versions."
}
],
"source": {
"advisory": "202204",
"defect": [
"https://bugster.forgerock.org/jira/browse/OPENAM-18367",
"(not",
"public)"
],
"discovery": "EXTERNAL"
}
}

106
2022/24xxx/CVE-2022-24670.json
View File

@ -1,18 +1,112 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@forgerock.com",
"DATE_PUBLIC": "2022-10-20T15:33:00.000Z",
"ID": "CVE-2022-24670",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Any user can run unrestricted LDAP queries against a configuration endpoint"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Access Management",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "6.5.5"
},
{
"version_affected": "<",
"version_value": "7.1.2"
},
{
"version_affected": "<",
"version_value": "7.2.0"
}
]
}
}
]
},
"vendor_name": "ForgeRock"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An attacker can use the unrestricted LDAP queries to determine configuration entries"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://backstage.forgerock.com/knowledge/kb/article/a90639318",
"name": "https://backstage.forgerock.com/knowledge/kb/article/a90639318"
},
{
"refsource": "MISC",
"url": "https://backstage.forgerock.com/downloads/browse/am/featured",
"name": "https://backstage.forgerock.com/downloads/browse/am/featured"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to the latest versions."
}
],
"source": {
"advisory": "202204",
"defect": [
"https://bugster.forgerock.org/jira/browse/OPENAM-18368",
"(not",
"public)"
],
"discovery": "EXTERNAL"
}
}

10
2022/3xxx/CVE-2022-3527.json
View File

@ -1,12 +1,12 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2022-3527",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -15,4 +15,4 @@
}
]
}
}
}

10
2022/3xxx/CVE-2022-3528.json
View File

@ -1,12 +1,12 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2022-3528",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -15,4 +15,4 @@
}
]
}
}
}

10
2022/3xxx/CVE-2022-3529.json
View File

@ -1,12 +1,12 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2022-3529",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -15,4 +15,4 @@
}
]
}
}
}

10
2022/3xxx/CVE-2022-3530.json
View File

@ -1,12 +1,12 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2022-3530",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -15,4 +15,4 @@
}
]
}
}
}

10
2022/3xxx/CVE-2022-3593.json
View File

@ -1,12 +1,12 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2022-3593",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -15,4 +15,4 @@
}
]
}
}
}

84
2022/3xxx/CVE-2022-3725.json
View File

@ -4,15 +4,91 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3725",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Wireshark Foundation",
"product": {
"product_data": [
{
"product_name": "Wireshark",
"version": {
"version_data": [
{
"version_value": ">=3.6.0, <3.6.8"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer copy without checking size of input ('classic buffer overflow') in Wireshark"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wireshark.org/security/wnpa-sec-2022-07.html",
"url": "https://www.wireshark.org/security/wnpa-sec-2022-07.html",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/wireshark/wireshark/-/issues/18378",
"url": "https://gitlab.com/wireshark/wireshark/-/issues/18378",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3725.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3725.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file"
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"version": "3.1",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
}
},
"credit": [
{
"lang": "eng",
"value": "Qiuhao Li of Zoom Video Communications, Inc."
}
]
}

71
2022/40xxx/CVE-2022-40183.json
View File

@ -4,15 +4,80 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-40183",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@bosch.com",
"TITLE": "Reflected Cross Site Scripting (XSS) in VIDEOJET multi 4000",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Bosch",
"product": {
"product_data": [
{
"product_name": "VIDEOJET multi 4000",
"version": {
"version_data": [
{
"version_value": "6.31.0010",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM"
}
},
"references": {
"reference_data": [
{
"url": "https://psirt.bosch.com/security-advisories/bosch-sa-454166-bt.html",
"name": "https://psirt.bosch.com/security-advisories/bosch-sa-454166-bt.html",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An error in the URL handler of the VIDEOJET multi 4000 may lead to a reflected cross site scripting (XSS) in the web-based interface. An attacker with knowledge of the encoder address can send a crafted link to a user, which will execute JavaScript code in the context of the user."
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

71
2022/40xxx/CVE-2022-40184.json
View File

@ -4,15 +4,80 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-40184",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@bosch.com",
"TITLE": "Stored Cross Site Scripting (XSS) in VIDEOJET multi 4000",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Bosch",
"product": {
"product_data": [
{
"product_name": "VIDEOJET multi 4000",
"version": {
"version_data": [
{
"version_value": "6.31.0010",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM"
}
},
"references": {
"reference_data": [
{
"url": "https://psirt.bosch.com/security-advisories/bosch-sa-454166-bt.html",
"name": "https://psirt.bosch.com/security-advisories/bosch-sa-454166-bt.html",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Incomplete filtering of JavaScript code in different configuration fields of the web based interface of the VIDEOJET multi 4000 allows an attacker with administrative credentials to store JavaScript code which will be executed for all administrators accessing the same configuration option."
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

104
2022/41xxx/CVE-2022-41996.json
View File

@ -1,18 +1,110 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-10-20T14:08:00.000Z",
"ID": "CVE-2022-41996",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress Avada premium theme <= 7.8.1 - Cross-Site Request Forgery (CSRF) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avada (premium WordPress theme)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 7.8.1",
"version_value": "7.8.1"
}
]
}
}
]
},
"vendor_name": "ThemeFusion"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Dave Jong (Patchstack)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada premium theme versions <= 7.8.1 on WordPress leading to arbitrary plugin installation/activation."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://patchstack.com/database/vulnerability/avada/wordpress-avada-premium-theme-7-8-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/avada/wordpress-avada-premium-theme-7-8-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
},
{
"name": "https://theme-fusion.com/documentation-assets/avada/changelog.txt",
"refsource": "CONFIRM",
"url": "https://theme-fusion.com/documentation-assets/avada/changelog.txt"
},
{
"name": "https://themeforest.net/item/avada-responsive-multipurpose-theme/2833226",
"refsource": "CONFIRM",
"url": "https://themeforest.net/item/avada-responsive-multipurpose-theme/2833226"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to 7.8.2 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
}
}