From 0d41f58e815b597acf894bdfb7c72d1e4b2d580f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 19 Apr 2022 17:01:50 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/39xxx/CVE-2021-39033.json | 192 ++++++++++++++++----------------- 2021/39xxx/CVE-2021-39072.json | 176 +++++++++++++++--------------- 2021/39xxx/CVE-2021-39076.json | 178 +++++++++++++++--------------- 2021/39xxx/CVE-2021-39078.json | 176 +++++++++++++++--------------- 2021/4xxx/CVE-2021-4039.json | 5 + 2022/0xxx/CVE-2022-0995.json | 5 + 2022/1xxx/CVE-2022-1011.json | 5 + 2022/25xxx/CVE-2022-25648.json | 17 +-- 2022/27xxx/CVE-2022-27055.json | 66 ++++++++++-- 2022/27xxx/CVE-2022-27104.json | 66 ++++++++++-- 2022/29xxx/CVE-2022-29072.json | 5 + 11 files changed, 511 insertions(+), 380 deletions(-) diff --git a/2021/39xxx/CVE-2021-39033.json b/2021/39xxx/CVE-2021-39033.json index a847da12032..625e0fdc9ae 100644 --- a/2021/39xxx/CVE-2021-39033.json +++ b/2021/39xxx/CVE-2021-39033.json @@ -1,99 +1,99 @@ { - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 213963." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - }, - "BM" : { - "UI" : "N", - "SCORE" : "4.300", - "PR" : "L", - "S" : "U", - "I" : "N", - "A" : "N", - "C" : "L", - "AC" : "L", - "AV" : "N" - } - } - }, - "CVE_data_meta" : { - "DATE_PUBLIC" : "2022-04-18T00:00:00", - "STATE" : "PUBLIC", - "ID" : "CVE-2021-39033", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "data_type" : "CVE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "6.0.0.0" - }, - { - "version_value" : "6.1.0.0" - }, - { - "version_value" : "6.1.1.0" - }, - { - "version_value" : "6.0.3.5" - } - ] - }, - "product_name" : "Sterling B2B Integrator" - } - ] - }, - "vendor_name" : "IBM" + "lang": "eng", + "value": "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 213963." } - ] - } - }, - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6573049", - "title" : "IBM Security Bulletin 6573049 (Sterling B2B Integrator)", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6573049" - }, - { - "name" : "ibm-sterling-cve202139033-info-disc (213963)", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/213963" - } - ] - }, - "data_version" : "4.0" -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + }, + "BM": { + "UI": "N", + "SCORE": "4.300", + "PR": "L", + "S": "U", + "I": "N", + "A": "N", + "C": "L", + "AC": "L", + "AV": "N" + } + } + }, + "CVE_data_meta": { + "DATE_PUBLIC": "2022-04-18T00:00:00", + "STATE": "PUBLIC", + "ID": "CVE-2021-39033", + "ASSIGNER": "psirt@us.ibm.com" + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "6.0.0.0" + }, + { + "version_value": "6.1.0.0" + }, + { + "version_value": "6.1.1.0" + }, + { + "version_value": "6.0.3.5" + } + ] + }, + "product_name": "Sterling B2B Integrator" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "data_format": "MITRE", + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/6573049", + "title": "IBM Security Bulletin 6573049 (Sterling B2B Integrator)", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6573049" + }, + { + "name": "ibm-sterling-cve202139033-info-disc (213963)", + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213963" + } + ] + }, + "data_version": "4.0" +} \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39072.json b/2021/39xxx/CVE-2021-39072.json index 4de8954d3fd..504d130facf 100644 --- a/2021/39xxx/CVE-2021-39072.json +++ b/2021/39xxx/CVE-2021-39072.json @@ -1,90 +1,90 @@ { - "data_format" : "MITRE", - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Security Guardium", - "version" : { - "version_data" : [ - { - "version_value" : "11.3" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6573005 (Security Guardium)", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6573005", - "name" : "https://www.ibm.com/support/pages/node/6573005" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/215581", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-guardium-cve202139072-info-disc (215581)" - } - ] - }, - "data_version" : "4.0", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "data_format": "MITRE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Guardium", + "version": { + "version_data": [ + { + "version_value": "11.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 215581." - } - ] - }, - "data_type" : "CVE", - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2022-04-18T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2021-39072" - }, - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - }, - "BM" : { - "C" : "H", - "AC" : "H", - "AV" : "N", - "A" : "N", - "I" : "N", - "UI" : "N", - "PR" : "N", - "SCORE" : "5.900", - "S" : "U" - } - } - } -} + } + }, + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 6573005 (Security Guardium)", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6573005", + "name": "https://www.ibm.com/support/pages/node/6573005" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/215581", + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "name": "ibm-guardium-cve202139072-info-disc (215581)" + } + ] + }, + "data_version": "4.0", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 215581." + } + ] + }, + "data_type": "CVE", + "CVE_data_meta": { + "STATE": "PUBLIC", + "DATE_PUBLIC": "2022-04-18T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2021-39072" + }, + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + }, + "BM": { + "C": "H", + "AC": "H", + "AV": "N", + "A": "N", + "I": "N", + "UI": "N", + "PR": "N", + "SCORE": "5.900", + "S": "U" + } + } + } +} \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39076.json b/2021/39xxx/CVE-2021-39076.json index 4a2694e2454..b5f9a0f7b96 100644 --- a/2021/39xxx/CVE-2021-39076.json +++ b/2021/39xxx/CVE-2021-39076.json @@ -1,93 +1,93 @@ { - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6572979", - "url" : "https://www.ibm.com/support/pages/node/6572979", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6572979 (Security Guardium)" - }, - { - "name" : "ibm-guardium-cve202139076-info-disc (215585)", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/215585", - "refsource" : "XF" - } - ] - }, - "data_version" : "4.0", - "data_format" : "MITRE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "references": { + "reference_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "Security Guardium", - "version" : { - "version_data" : [ - { - "version_value" : "10.5" - }, - { - "version_value" : "11.3" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "name": "https://www.ibm.com/support/pages/node/6572979", + "url": "https://www.ibm.com/support/pages/node/6572979", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6572979 (Security Guardium)" + }, + { + "name": "ibm-guardium-cve202139076-info-disc (215585)", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/215585", + "refsource": "XF" } - ] - } - }, - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - }, - "BM" : { - "AV" : "N", - "C" : "L", - "AC" : "H", - "A" : "N", - "I" : "N", - "S" : "U", - "PR" : "N", - "SCORE" : "3.700", - "UI" : "N" - } - } - }, - "CVE_data_meta" : { - "ID" : "CVE-2021-39076", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2022-04-18T00:00:00", - "STATE" : "PUBLIC" - }, - "data_type" : "CVE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + ] + }, + "data_version": "4.0", + "data_format": "MITRE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Guardium", + "version": { + "version_data": [ + { + "version_value": "10.5" + }, + { + "version_value": "11.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Security Guardium 10.5 and 11.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 215585.", - "lang" : "eng" - } - ] - } -} + } + }, + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + }, + "BM": { + "AV": "N", + "C": "L", + "AC": "H", + "A": "N", + "I": "N", + "S": "U", + "PR": "N", + "SCORE": "3.700", + "UI": "N" + } + } + }, + "CVE_data_meta": { + "ID": "CVE-2021-39076", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2022-04-18T00:00:00", + "STATE": "PUBLIC" + }, + "data_type": "CVE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "value": "IBM Security Guardium 10.5 and 11.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 215585.", + "lang": "eng" + } + ] + } +} \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39078.json b/2021/39xxx/CVE-2021-39078.json index d62f12d8e26..e1f205cc524 100644 --- a/2021/39xxx/CVE-2021-39078.json +++ b/2021/39xxx/CVE-2021-39078.json @@ -1,90 +1,90 @@ { - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "10.5" - } - ] - }, - "product_name" : "Security Guardium" - } - ] - } - } - ] - } - }, - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6572983", - "title" : "IBM Security Bulletin 6572983 (Security Guardium)", - "name" : "https://www.ibm.com/support/pages/node/6572983" - }, - { - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/215589", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-guardium-cve202139078-info-disc (215589)" - } - ] - }, - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Guardium 10.5 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215589." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "10.5" + } + ] + }, + "product_name": "Security Guardium" + } + ] + } + } ] - } - ] - }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2021-39078", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2022-04-18T00:00:00" - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - }, - "BM" : { - "A" : "N", - "AV" : "L", - "C" : "H", - "AC" : "H", - "S" : "U", - "SCORE" : "4.100", - "PR" : "H", - "UI" : "N", - "I" : "N" - } - } - }, - "data_type" : "CVE" -} + } + }, + "data_format": "MITRE", + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6572983", + "title": "IBM Security Bulletin 6572983 (Security Guardium)", + "name": "https://www.ibm.com/support/pages/node/6572983" + }, + { + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/215589", + "title": "X-Force Vulnerability Report", + "name": "ibm-guardium-cve202139078-info-disc (215589)" + } + ] + }, + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Guardium 10.5 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215589." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2021-39078", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2022-04-18T00:00:00" + }, + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + }, + "BM": { + "A": "N", + "AV": "L", + "C": "H", + "AC": "H", + "S": "U", + "SCORE": "4.100", + "PR": "H", + "UI": "N", + "I": "N" + } + } + }, + "data_type": "CVE" +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4039.json b/2021/4xxx/CVE-2021-4039.json index 125325e79cc..2001b38b646 100644 --- a/2021/4xxx/CVE-2021-4039.json +++ b/2021/4xxx/CVE-2021-4039.json @@ -48,6 +48,11 @@ "refsource": "CONFIRM", "name": "https://www.zyxel.com/support/OS-command-injection-vulnerability-of-NWA1100-NH-access-point.shtml", "url": "https://www.zyxel.com/support/OS-command-injection-vulnerability-of-NWA1100-NH-access-point.shtml" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/166752/Zyxel-NWA-1100-NH-Command-Injection.html", + "url": "http://packetstormsecurity.com/files/166752/Zyxel-NWA-1100-NH-Command-Injection.html" } ] }, diff --git a/2022/0xxx/CVE-2022-0995.json b/2022/0xxx/CVE-2022-0995.json index 74a96aa5913..abea1b72272 100644 --- a/2022/0xxx/CVE-2022-0995.json +++ b/2022/0xxx/CVE-2022-0995.json @@ -53,6 +53,11 @@ "refsource": "MISC", "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=93ce93587d36493f2f86921fa79921b3cba63fbb", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=93ce93587d36493f2f86921fa79921b3cba63fbb" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/166770/Linux-watch_queue-Filter-Out-Of-Bounds-Write.html", + "url": "http://packetstormsecurity.com/files/166770/Linux-watch_queue-Filter-Out-Of-Bounds-Write.html" } ] }, diff --git a/2022/1xxx/CVE-2022-1011.json b/2022/1xxx/CVE-2022-1011.json index cbb4ef54582..2b5c6454358 100644 --- a/2022/1xxx/CVE-2022-1011.json +++ b/2022/1xxx/CVE-2022-1011.json @@ -58,6 +58,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-de4474b89d", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C5AUUDGSDLGYU7SZSK4PFAN22NISQZBT/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/166772/Linux-FUSE-Use-After-Free.html", + "url": "http://packetstormsecurity.com/files/166772/Linux-FUSE-Use-After-Free.html" } ] }, diff --git a/2022/25xxx/CVE-2022-25648.json b/2022/25xxx/CVE-2022-25648.json index 44b6a1b443e..4fab96c33eb 100644 --- a/2022/25xxx/CVE-2022-25648.json +++ b/2022/25xxx/CVE-2022-25648.json @@ -48,16 +48,19 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-RUBY-GIT-2421270" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-RUBY-GIT-2421270", + "name": "https://snyk.io/vuln/SNYK-RUBY-GIT-2421270" }, { - "refsource": "CONFIRM", - "url": "https://github.com/ruby-git/ruby-git/releases/tag/v1.11.0" + "refsource": "MISC", + "url": "https://github.com/ruby-git/ruby-git/releases/tag/v1.11.0", + "name": "https://github.com/ruby-git/ruby-git/releases/tag/v1.11.0" }, { - "refsource": "CONFIRM", - "url": "https://github.com/ruby-git/ruby-git/pull/569" + "refsource": "MISC", + "url": "https://github.com/ruby-git/ruby-git/pull/569", + "name": "https://github.com/ruby-git/ruby-git/pull/569" } ] }, @@ -65,7 +68,7 @@ "description_data": [ { "lang": "eng", - "value": "The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {}) function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.\r\n\r\n\r\n" + "value": "The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {}) function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection." } ] }, diff --git a/2022/27xxx/CVE-2022-27055.json b/2022/27xxx/CVE-2022-27055.json index 8a37de2138f..d7ac10aacb3 100644 --- a/2022/27xxx/CVE-2022-27055.json +++ b/2022/27xxx/CVE-2022-27055.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-27055", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-27055", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** DISPUTED ** ecjia-daojia 1.38.1-20210202629 is vulnerable to information leakage via content/apps/installer/classes/Helper.php. When the web program is installed, a new environment file is created, and the database information is recorded, including the database record password. NOTE: the vendor disputes this because the environment file is in the data directory, which is not intended for access by website visitors (only the statics directory can be accessed by website visitors)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ecjia/ecjia-daojia/issues/20", + "refsource": "MISC", + "name": "https://github.com/ecjia/ecjia-daojia/issues/20" + }, + { + "refsource": "MISC", + "name": "https://github.com/ecjia/ecjia-daojia/blob/dfb322387e8d3d50719e44d23d793072616ff789/content/apps/installer/classes/Controllers/IndexController.php#L74-L78", + "url": "https://github.com/ecjia/ecjia-daojia/blob/dfb322387e8d3d50719e44d23d793072616ff789/content/apps/installer/classes/Controllers/IndexController.php#L74-L78" + }, + { + "refsource": "MISC", + "name": "https://github.com/ecjia/ecjia-daojia/blob/dfb322387e8d3d50719e44d23d793072616ff789/content/apps/installer/classes/Helper.php#L312-L318", + "url": "https://github.com/ecjia/ecjia-daojia/blob/dfb322387e8d3d50719e44d23d793072616ff789/content/apps/installer/classes/Helper.php#L312-L318" } ] } diff --git a/2022/27xxx/CVE-2022-27104.json b/2022/27xxx/CVE-2022-27104.json index 4f0db9a04ff..7b50a9a4678 100644 --- a/2022/27xxx/CVE-2022-27104.json +++ b/2022/27xxx/CVE-2022-27104.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-27104", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-27104", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Unauthenticated time-based blind SQL injection vulnerability exists in Forma LMS prior to v.1.4.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.swascan.com/it/security-blog/", + "refsource": "MISC", + "name": "https://www.swascan.com/it/security-blog/" + }, + { + "url": "https://www.formalms.org/download.html", + "refsource": "MISC", + "name": "https://www.formalms.org/download.html" + }, + { + "refsource": "MISC", + "name": "https://www.swascan.com/security-advisory-forma-lms/", + "url": "https://www.swascan.com/security-advisory-forma-lms/" } ] } diff --git a/2022/29xxx/CVE-2022-29072.json b/2022/29xxx/CVE-2022-29072.json index 1e5b12536b2..a3f1c33c44b 100644 --- a/2022/29xxx/CVE-2022-29072.json +++ b/2022/29xxx/CVE-2022-29072.json @@ -71,6 +71,11 @@ "refsource": "MISC", "name": "https://news.ycombinator.com/item?id=31070256", "url": "https://news.ycombinator.com/item?id=31070256" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/166763/7-Zip-21.07-Code-Execution-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/166763/7-Zip-21.07-Code-Execution-Privilege-Escalation.html" } ] }