diff --git a/2022/4xxx/CVE-2022-4637.json b/2022/4xxx/CVE-2022-4637.json index 5904d7290100..1be52116e38e 100644 --- a/2022/4xxx/CVE-2022-4637.json +++ b/2022/4xxx/CVE-2022-4637.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4637", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "ep3-bs cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "ep3-bs", + "version": { + "version_data": [ + { + "version_value": "1.8.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic has been found in ep3-bs 1.8.0. This affects an unknown part. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.8.1 is able to address this issue. The name of the patch is ef49e709c8adecc3a83cdc6164a67162991d2213. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216495." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/tkrebs\/ep3-bs\/issues\/564" + }, + { + "url": "https:\/\/github.com\/tkrebs\/ep3-bs\/releases\/tag\/1.8.1" + }, + { + "url": "https:\/\/github.com\/tkrebs\/ep3-bs\/commit\/ef49e709c8adecc3a83cdc6164a67162991d2213" + }, + { + "url": "https:\/\/vuldb.com\/?id.216495" } ] } diff --git a/2022/4xxx/CVE-2022-4638.json b/2022/4xxx/CVE-2022-4638.json index fb0c0acb3b12..b0be8bdcd0c5 100644 --- a/2022/4xxx/CVE-2022-4638.json +++ b/2022/4xxx/CVE-2022-4638.json @@ -4,14 +4,105 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4638", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "collective.contact.widget widgets.py title cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "collective.contact.widget", + "version": { + "version_data": [ + { + "version_value": "1.0" + }, + { + "version_value": "1.1" + }, + { + "version_value": "1.2" + }, + { + "version_value": "1.3" + }, + { + "version_value": "1.4" + }, + { + "version_value": "1.5" + }, + { + "version_value": "1.6" + }, + { + "version_value": "1.7" + }, + { + "version_value": "1.8" + }, + { + "version_value": "1.9" + }, + { + "version_value": "1.10" + }, + { + "version_value": "1.11" + }, + { + "version_value": "1.12" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic was found in collective.contact.widget up to 1.12. This vulnerability affects the function title of the file src\/collective\/contact\/widget\/widgets.py. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 5da36305ca7ed433782be8901c47387406fcda12. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216496." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/collective\/collective.contact.widget\/commit\/5da36305ca7ed433782be8901c47387406fcda12" + }, + { + "url": "https:\/\/vuldb.com\/?id.216496" } ] } diff --git a/2022/4xxx/CVE-2022-4639.json b/2022/4xxx/CVE-2022-4639.json index 4f7fa336a5b2..b0bbed64eb14 100644 --- a/2022/4xxx/CVE-2022-4639.json +++ b/2022/4xxx/CVE-2022-4639.json @@ -4,14 +4,72 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4639", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "sslh Packet Dumping probe.c hexdump format string", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "sslh", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119 Memory Corruption -> CWE-134 Format String" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, has been found in sslh. This issue affects the function hexdump of the file probe.c of the component Packet Dumping Handler. The manipulation of the argument msg_info leads to format string. The attack may be initiated remotely. The name of the patch is b19f8a6046b080e4c2e28354a58556bb26040c6f. It is recommended to apply a patch to fix this issue. The identifier VDB-216497 was assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "5.6", + "vectorString": "CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/yrutschle\/sslh\/pull\/353" + }, + { + "url": "https:\/\/github.com\/yrutschle\/sslh\/commit\/b19f8a6046b080e4c2e28354a58556bb26040c6f" + }, + { + "url": "https:\/\/vuldb.com\/?id.216497" } ] } diff --git a/2022/4xxx/CVE-2022-4640.json b/2022/4xxx/CVE-2022-4640.json index 4568c442e8df..1e558add7335 100644 --- a/2022/4xxx/CVE-2022-4640.json +++ b/2022/4xxx/CVE-2022-4640.json @@ -4,14 +4,69 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4640", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "Mingsoft MCMS Article save cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mingsoft", + "product": { + "product_data": [ + { + "product_name": "MCMS", + "version": { + "version_data": [ + { + "version_value": "5.2.9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in Mingsoft MCMS 5.2.9 and classified as problematic. Affected by this vulnerability is the function save of the component Article Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216499." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/gitee.com\/mingSoft\/MCMS\/issues\/I65KI5" + }, + { + "url": "https:\/\/vuldb.com\/?id.216499" } ] } diff --git a/2022/4xxx/CVE-2022-4641.json b/2022/4xxx/CVE-2022-4641.json index fee9bd639947..118f2d66b699 100644 --- a/2022/4xxx/CVE-2022-4641.json +++ b/2022/4xxx/CVE-2022-4641.json @@ -4,14 +4,72 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4641", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "pig-vector LogisticRegression.java LogisticRegression temp file", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "pig-vector", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-377 Insecure Temporary File" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in pig-vector and classified as problematic. Affected by this issue is the function LogisticRegression of the file src\/main\/java\/org\/apache\/mahout\/pig\/LogisticRegression.java. The manipulation leads to insecure temporary file. The attack needs to be approached locally. The name of the patch is 1e7bd9fab5401a2df18d2eabd802adcf0dcf1f15. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216500." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "2.5", + "vectorString": "CVSS:3.1\/AV:L\/AC:H\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/tdunning\/pig-vector\/pull\/2" + }, + { + "url": "https:\/\/github.com\/tdunning\/pig-vector\/commit\/1e7bd9fab5401a2df18d2eabd802adcf0dcf1f15" + }, + { + "url": "https:\/\/vuldb.com\/?id.216500" } ] } diff --git a/2022/4xxx/CVE-2022-4642.json b/2022/4xxx/CVE-2022-4642.json index 8864dbb2910f..c2fb362e547b 100644 --- a/2022/4xxx/CVE-2022-4642.json +++ b/2022/4xxx/CVE-2022-4642.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4642", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "tatoeba2 Profile Name cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "tatoeba2", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in tatoeba2. It has been classified as problematic. This affects an unknown part of the component Profile Name Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version prod_2022-10-30 is able to address this issue. The name of the patch is 91110777fc8ddf1b4a2cf4e66e67db69b9700361. It is recommended to upgrade the affected component. The identifier VDB-216501 was assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/Tatoeba\/tatoeba2\/issues\/3002" + }, + { + "url": "https:\/\/github.com\/Tatoeba\/tatoeba2\/releases\/tag\/prod_2022-10-30" + }, + { + "url": "https:\/\/github.com\/Tatoeba\/tatoeba2\/commit\/91110777fc8ddf1b4a2cf4e66e67db69b9700361" + }, + { + "url": "https:\/\/vuldb.com\/?id.216501" } ] } diff --git a/2022/4xxx/CVE-2022-4643.json b/2022/4xxx/CVE-2022-4643.json index ba9406657c1a..e4c9b819d3d7 100644 --- a/2022/4xxx/CVE-2022-4643.json +++ b/2022/4xxx/CVE-2022-4643.json @@ -4,14 +4,90 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4643", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "docconv pdf_ocr.go ConvertPDFImages os command injection", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "docconv", + "version": { + "version_data": [ + { + "version_value": "1.2.1" + }, + { + "version_value": "1.3.0" + }, + { + "version_value": "1.3.1" + }, + { + "version_value": "1.3.2" + }, + { + "version_value": "1.3.3" + }, + { + "version_value": "1.3.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-78 OS Command Injection" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in docconv up to 1.3.4. It has been declared as critical. This vulnerability affects the function ConvertPDFImages of the file pdf_ocr.go. The manipulation of the argument path leads to os command injection. The attack can be initiated remotely. Upgrading to version 1.3.5 is able to address this issue. The name of the patch is b19021ade3d0b71c89d35cb00eb9e589a121faa5. It is recommended to upgrade the affected component. VDB-216502 is the identifier assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "6.3", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:L\/I:L\/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/sajari\/docconv\/pull\/110" + }, + { + "url": "https:\/\/github.com\/sajari\/docconv\/releases\/tag\/v1.3.5" + }, + { + "url": "https:\/\/github.com\/sajari\/docconv\/commit\/b19021ade3d0b71c89d35cb00eb9e589a121faa5" + }, + { + "url": "https:\/\/vuldb.com\/?id.216502" } ] }