Skip to content

Commit

Permalink
CVE-2022-4637 - CVE-2022-4643
Browse files Browse the repository at this point in the history
  • Loading branch information
@marcruef
marcruef authored Dec 21, 2022
1 parent 6cd1e15 commit 19fb307
Show file tree
Hide file tree
Showing 7 changed files with 481 additions and 21 deletions.
67 changes: 64 additions & 3 deletions 2022/4xxx/CVE-2022-4637.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,14 +4,75 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4637",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "ep3-bs cross site scripting",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "ep3-bs",
"version": {
"version_data": [
{
"version_value": "1.8.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as problematic has been found in ep3-bs 1.8.0. This affects an unknown part. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.8.1 is able to address this issue. The name of the patch is ef49e709c8adecc3a83cdc6164a67162991d2213. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216495."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "3.5",
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/github.com\/tkrebs\/ep3-bs\/issues\/564"
},
{
"url": "https:\/\/github.com\/tkrebs\/ep3-bs\/releases\/tag\/1.8.1"
},
{
"url": "https:\/\/github.com\/tkrebs\/ep3-bs\/commit\/ef49e709c8adecc3a83cdc6164a67162991d2213"
},
{
"url": "https:\/\/vuldb.com\/?id.216495"
}
]
}
Expand Down
97 changes: 94 additions & 3 deletions 2022/4xxx/CVE-2022-4638.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,14 +4,105 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4638",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "collective.contact.widget widgets.py title cross site scripting",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "collective.contact.widget",
"version": {
"version_data": [
{
"version_value": "1.0"
},
{
"version_value": "1.1"
},
{
"version_value": "1.2"
},
{
"version_value": "1.3"
},
{
"version_value": "1.4"
},
{
"version_value": "1.5"
},
{
"version_value": "1.6"
},
{
"version_value": "1.7"
},
{
"version_value": "1.8"
},
{
"version_value": "1.9"
},
{
"version_value": "1.10"
},
{
"version_value": "1.11"
},
{
"version_value": "1.12"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as problematic was found in collective.contact.widget up to 1.12. This vulnerability affects the function title of the file src\/collective\/contact\/widget\/widgets.py. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 5da36305ca7ed433782be8901c47387406fcda12. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216496."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "3.5",
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/github.com\/collective\/collective.contact.widget\/commit\/5da36305ca7ed433782be8901c47387406fcda12"
},
{
"url": "https:\/\/vuldb.com\/?id.216496"
}
]
}
Expand Down
64 changes: 61 additions & 3 deletions 2022/4xxx/CVE-2022-4639.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,14 +4,72 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4639",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "sslh Packet Dumping probe.c hexdump format string",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "sslh",
"version": {
"version_data": [
{
"version_value": "n\/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119 Memory Corruption -> CWE-134 Format String"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, has been found in sslh. This issue affects the function hexdump of the file probe.c of the component Packet Dumping Handler. The manipulation of the argument msg_info leads to format string. The attack may be initiated remotely. The name of the patch is b19f8a6046b080e4c2e28354a58556bb26040c6f. It is recommended to apply a patch to fix this issue. The identifier VDB-216497 was assigned to this vulnerability."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "5.6",
"vectorString": "CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/github.com\/yrutschle\/sslh\/pull\/353"
},
{
"url": "https:\/\/github.com\/yrutschle\/sslh\/commit\/b19f8a6046b080e4c2e28354a58556bb26040c6f"
},
{
"url": "https:\/\/vuldb.com\/?id.216497"
}
]
}
Expand Down
61 changes: 58 additions & 3 deletions 2022/4xxx/CVE-2022-4640.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,14 +4,69 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4640",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Mingsoft MCMS Article save cross site scripting",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mingsoft",
"product": {
"product_data": [
{
"product_name": "MCMS",
"version": {
"version_data": [
{
"version_value": "5.2.9"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been found in Mingsoft MCMS 5.2.9 and classified as problematic. Affected by this vulnerability is the function save of the component Article Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216499."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "3.5",
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/gitee.com\/mingSoft\/MCMS\/issues\/I65KI5"
},
{
"url": "https:\/\/vuldb.com\/?id.216499"
}
]
}
Expand Down
Loading

0 comments on commit 19fb307

Please sign in to comment.