diff --git a/2022/25xxx/CVE-2022-25357.json b/2022/25xxx/CVE-2022-25357.json index 7e6e713fb5a..12457f3eda0 100644 --- a/2022/25xxx/CVE-2022-25357.json +++ b/2022/25xxx/CVE-2022-25357.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-25357", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-25357", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Pexip Infinity 27.x before 27.2 has Improper Access Control. An attacker can sometimes join a conference (call join) if it has a lock but not a PIN." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://docs.pexip.com/admin/security_bulletins.htm#CVE-2022-25357", + "url": "https://docs.pexip.com/admin/security_bulletins.htm#CVE-2022-25357" } ] } diff --git a/2022/26xxx/CVE-2022-26654.json b/2022/26xxx/CVE-2022-26654.json index 309d5cf7c92..cfe6f7fe184 100644 --- a/2022/26xxx/CVE-2022-26654.json +++ b/2022/26xxx/CVE-2022-26654.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-26654", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-26654", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Pexip Infinity before 27.3 allows remote attackers to force a software abort via HTTP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://docs.pexip.com/admin/security_bulletins.htm#CVE-2022-26654", + "url": "https://docs.pexip.com/admin/security_bulletins.htm#CVE-2022-26654" } ] } diff --git a/2022/26xxx/CVE-2022-26655.json b/2022/26xxx/CVE-2022-26655.json index 0b8c02e1821..24cbe487bc5 100644 --- a/2022/26xxx/CVE-2022-26655.json +++ b/2022/26xxx/CVE-2022-26655.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-26655", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-26655", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Pexip Infinity 27.x before 27.3 has Improper Input Validation. The client API allows remote attackers to trigger a software abort via a gateway call into Teams." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://docs.pexip.com/admin/security_bulletins.htm#CVE-2022-26655", + "url": "https://docs.pexip.com/admin/security_bulletins.htm#CVE-2022-26655" } ] } diff --git a/2022/26xxx/CVE-2022-26656.json b/2022/26xxx/CVE-2022-26656.json index 21a6869a22e..c136f7ef9e6 100644 --- a/2022/26xxx/CVE-2022-26656.json +++ b/2022/26xxx/CVE-2022-26656.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-26656", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-26656", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Pexip Infinity before 27.3 allows remote attackers to trigger a software abort, and possibly enumerate usernames, via One Touch Join." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://docs.pexip.com/admin/security_bulletins.htm#CVE-2022-26656", + "url": "https://docs.pexip.com/admin/security_bulletins.htm#CVE-2022-26656" } ] } diff --git a/2022/26xxx/CVE-2022-26657.json b/2022/26xxx/CVE-2022-26657.json index 8cd60e76a7f..1ab4d6c28a1 100644 --- a/2022/26xxx/CVE-2022-26657.json +++ b/2022/26xxx/CVE-2022-26657.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-26657", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-26657", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.pexip.com/admin/security_bulletins.htm", + "refsource": "MISC", + "name": "https://docs.pexip.com/admin/security_bulletins.htm" } ] } diff --git a/2022/27xxx/CVE-2022-27928.json b/2022/27xxx/CVE-2022-27928.json index 89d3b6246d6..57c433c66df 100644 --- a/2022/27xxx/CVE-2022-27928.json +++ b/2022/27xxx/CVE-2022-27928.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-27928", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-27928", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://docs.pexip.com/admin/security_bulletins.htm#CVE-2022-27928", + "url": "https://docs.pexip.com/admin/security_bulletins.htm#CVE-2022-27928" } ] } diff --git a/2022/27xxx/CVE-2022-27929.json b/2022/27xxx/CVE-2022-27929.json index 95590f6f22a..8926562267e 100644 --- a/2022/27xxx/CVE-2022-27929.json +++ b/2022/27xxx/CVE-2022-27929.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-27929", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-27929", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via HTTP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://docs.pexip.com/admin/security_bulletins.htm#CVE-2022-27929", + "url": "https://docs.pexip.com/admin/security_bulletins.htm#CVE-2022-27929" } ] } diff --git a/2022/27xxx/CVE-2022-27930.json b/2022/27xxx/CVE-2022-27930.json index 77cd9e424d6..f1980140636 100644 --- a/2022/27xxx/CVE-2022-27930.json +++ b/2022/27xxx/CVE-2022-27930.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-27930", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-27930", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via single-sign-on if a random Universally Unique Identifier is guessed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://docs.pexip.com/admin/security_bulletins.htm#CVE-2022-27930", + "url": "https://docs.pexip.com/admin/security_bulletins.htm#CVE-2022-27930" } ] } diff --git a/2022/27xxx/CVE-2022-27931.json b/2022/27xxx/CVE-2022-27931.json index 6e6a90cf7d3..db192abad9c 100644 --- a/2022/27xxx/CVE-2022-27931.json +++ b/2022/27xxx/CVE-2022-27931.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-27931", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-27931", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://docs.pexip.com/admin/security_bulletins.htm#CVE-2022-27931", + "url": "https://docs.pexip.com/admin/security_bulletins.htm#CVE-2022-27931" } ] } diff --git a/2022/27xxx/CVE-2022-27932.json b/2022/27xxx/CVE-2022-27932.json index 37c3e09d654..2cbc56f653d 100644 --- a/2022/27xxx/CVE-2022-27932.json +++ b/2022/27xxx/CVE-2022-27932.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-27932", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-27932", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://docs.pexip.com/admin/security_bulletins.htm#CVE-2022-27932", + "url": "https://docs.pexip.com/admin/security_bulletins.htm#CVE-2022-27932" } ] } diff --git a/2022/27xxx/CVE-2022-27933.json b/2022/27xxx/CVE-2022-27933.json index effa4c50b41..96e7036070d 100644 --- a/2022/27xxx/CVE-2022-27933.json +++ b/2022/27xxx/CVE-2022-27933.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-27933", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-27933", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://docs.pexip.com/admin/security_bulletins.htm#CVE-2022-27933", + "url": "https://docs.pexip.com/admin/security_bulletins.htm#CVE-2022-27933" } ] } diff --git a/2022/27xxx/CVE-2022-27934.json b/2022/27xxx/CVE-2022-27934.json index 1ddfc9ac547..7b8f6495581 100644 --- a/2022/27xxx/CVE-2022-27934.json +++ b/2022/27xxx/CVE-2022-27934.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-27934", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-27934", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via HTTP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://docs.pexip.com/admin/security_bulletins.htm#CVE-2022-27934", + "url": "https://docs.pexip.com/admin/security_bulletins.htm#CVE-2022-27934" } ] } diff --git a/2022/27xxx/CVE-2022-27935.json b/2022/27xxx/CVE-2022-27935.json index 4f4101556cb..78b13eb4362 100644 --- a/2022/27xxx/CVE-2022-27935.json +++ b/2022/27xxx/CVE-2022-27935.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-27935", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-27935", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via Epic Telehealth." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://docs.pexip.com/admin/security_bulletins.htm#CVE-2022-27935", + "url": "https://docs.pexip.com/admin/security_bulletins.htm#CVE-2022-27935" } ] } diff --git a/2022/27xxx/CVE-2022-27936.json b/2022/27xxx/CVE-2022-27936.json index 98e68c93325..a268d09277b 100644 --- a/2022/27xxx/CVE-2022-27936.json +++ b/2022/27xxx/CVE-2022-27936.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-27936", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-27936", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via H.323." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://docs.pexip.com/admin/security_bulletins.htm#CVE-2022-27936", + "url": "https://docs.pexip.com/admin/security_bulletins.htm#CVE-2022-27936" } ] } diff --git a/2022/27xxx/CVE-2022-27937.json b/2022/27xxx/CVE-2022-27937.json index 7f5b01601cb..3d7cb78ec3f 100644 --- a/2022/27xxx/CVE-2022-27937.json +++ b/2022/27xxx/CVE-2022-27937.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-27937", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-27937", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://docs.pexip.com/admin/security_bulletins.htm#CVE-2022-27937", + "url": "https://docs.pexip.com/admin/security_bulletins.htm#CVE-2022-27937" } ] } diff --git a/2022/30xxx/CVE-2022-30622.json b/2022/30xxx/CVE-2022-30622.json index 84a09454459..7057ae2542a 100644 --- a/2022/30xxx/CVE-2022-30622.json +++ b/2022/30xxx/CVE-2022-30622.json @@ -1,18 +1,97 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cna@cyber.gov.il", + "DATE_PUBLIC": "2022-07-13T11:59:00.000Z", "ID": "CVE-2022-30622", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Chcnav - P5E GNSS Information disclosure" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chcnav - P5E GNSS ", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_name": "4.1", + "version_value": "4.2" + } + ] + } + } + ] + }, + "vendor_name": "Chcnav" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "MetaData" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Disclosure of information - the system allows you to view usernames and passwords without permissions, thus it will be possible to enter the system. Path access: http://api/sys_username_passwd.cmd - The server loads the request clearly by default. Disclosure of hard-coded credit information within the JS code sent to the customer within the Login.js file is a strong user (which is not documented) and also the password, which allow for super-user access. Username: chcadmin, Password: chcpassword." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.gov.il/en/Departments/faq/cve_advisories", + "name": "https://www.gov.il/en/Departments/faq/cve_advisories" + } + ] + }, + "source": { + "defect": [ + "ILVN-2022-0032" + ], + "discovery": "EXTERNAL" } } \ No newline at end of file