From a6a10ee25c6071ae5b229223da895239fcd0a501 Mon Sep 17 00:00:00 2001 From: ghost Date: Mon, 18 Nov 2024 17:22:57 +0000 Subject: [PATCH] =?UTF-8?q?chore:=20generate=20CVEs=20metadata=20?= =?UTF-8?q?=F0=9F=A4=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cves.json | 1 + cves.json-checksum.txt | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/cves.json b/cves.json index 23a07ac297..8cacc91204 100644 --- a/cves.json +++ b/cves.json @@ -1968,6 +1968,7 @@ {"ID":"CVE-2022-43769","Info":{"Name":"Hitachi Pentaho Business Analytics Server - Remote Code Execution","Severity":"high","Description":"Hitachi Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x, is susceptible to remote code execution via server-side template injection. Certain web services can set property values which contain Spring templates that are interpreted downstream, thereby potentially enabling an attacker to execute malware, obtain sensitive information, modify data, and/or perform unauthorized operations without entering necessary credentials.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-43769.yaml"} {"ID":"CVE-2022-44290","Info":{"Name":"WebTareas 2.4p5 - SQL Injection","Severity":"critical","Description":"webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-44290.yaml"} {"ID":"CVE-2022-44291","Info":{"Name":"WebTareas 2.4p5 - SQL Injection","Severity":"critical","Description":"webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-44291.yaml"} +{"ID":"CVE-2022-44356","Info":{"Name":"WAVLINK Quantum D4G (WL-WN531G3) - Information Disclosure","Severity":"high","Description":"WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data and log files.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-44356.yaml"} {"ID":"CVE-2022-4447","Info":{"Name":"WordPress Fontsy \u003c=1.8.6 - SQL Injection","Severity":"critical","Description":"WordPress Fontsy plugin through 1.8.6 is susceptible to SQL injection. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-4447.yaml"} {"ID":"CVE-2022-44877","Info":{"Name":"CentOS Web Panel 7 \u003c0.9.8.1147 - Remote Code Execution","Severity":"critical","Description":"CentOS Web Panel 7 before 0.9.8.1147 is susceptible to remote code execution via entering shell characters in the /login/index.php component. This can allow an attacker to execute arbitrary system commands via crafted HTTP requests and potentially execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-44877.yaml"} {"ID":"CVE-2022-44944","Info":{"Name":"Rukovoditel \u003c= 3.2.1 - Cross Site Scripting","Severity":"medium","Description":"Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages\u0026entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-44944.yaml"} diff --git a/cves.json-checksum.txt b/cves.json-checksum.txt index eb52165d39..190e30e881 100644 --- a/cves.json-checksum.txt +++ b/cves.json-checksum.txt @@ -1 +1 @@ -ff4fd3e4d95cdb61ef5e419beccc305e +3f148458bd2527afd3ea3d35327028ea