diff --git a/2020/27xxx/CVE-2020-27836.json b/2020/27xxx/CVE-2020-27836.json index e6ea5d09b4f..987d4be95d5 100644 --- a/2020/27xxx/CVE-2020-27836.json +++ b/2020/27xxx/CVE-2020-27836.json @@ -4,14 +4,73 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-27836", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "cluster-ingress-operator", + "version": { + "version_data": [ + { + "version_value": "Fixed in ose-cluster-ingress-operator-container-v4.6.0-202012161211.p0." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-732 - Incorrect Permission Assignment for Critical Resource" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1906267", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1906267" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1905490", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905490" + }, + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2020-27836", + "url": "https://access.redhat.com/security/cve/CVE-2020-27836" + }, + { + "refsource": "MISC", + "name": "https://github.com/openshift/cluster-ingress-operator/pull/507/commits/92c83f281ba5fb6a1d91ecc3beaa4bcf2647a729", + "url": "https://github.com/openshift/cluster-ingress-operator/pull/507/commits/92c83f281ba5fb6a1d91ecc3beaa4bcf2647a729" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in cluster-ingress-operator. A change to how the router-default service allows only certain IP source ranges could allow an attacker to access resources that would otherwise be restricted to specified IP ranges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.." } ] } diff --git a/2021/36xxx/CVE-2021-36847.json b/2021/36xxx/CVE-2021-36847.json index 1aa58d88499..d8b2148a9c8 100644 --- a/2021/36xxx/CVE-2021-36847.json +++ b/2021/36xxx/CVE-2021-36847.json @@ -1,18 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-04-15T08:28:00.000Z", "ID": "CVE-2021-36847", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress Webba Booking plugin <= 4.2.21 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Webba Booking (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 4.2.21", + "version_value": "4.2.21" + } + ] + } + } + ] + }, + "vendor_name": "WebbaPlugins" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Asif Nawaz Minhas (Patchstack Alliance)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WebbaPlugins Webba Booking plugin <= 4.2.21 at WordPress." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://patchstack.com/database/vulnerability/webba-booking-lite/wordpress-webba-booking-plugin-4-2-21-authenticated-stored-cross-site-scripting-xss-vulnerability", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/webba-booking-lite/wordpress-webba-booking-plugin-4-2-21-authenticated-stored-cross-site-scripting-xss-vulnerability" + }, + { + "name": "https://wordpress.org/plugins/webba-booking-lite/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/webba-booking-lite/#developers" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to 4.2.22 or higher version." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36852.json b/2021/36xxx/CVE-2021-36852.json index 85c0f852096..23c40372a27 100644 --- a/2021/36xxx/CVE-2021-36852.json +++ b/2021/36xxx/CVE-2021-36852.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-08-02T10:11:00.000Z", "ID": "CVE-2021-36852", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress WP Hotel Booking plugin <= 1.10.5 - Cross-Site Request Forgery (CSRF) vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WP Hotel Booking", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 1.10.5", + "version_value": "1.10.5" + } + ] + } + } + ] + }, + "vendor_name": "ThimPress" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Ngo Van Thien (Patchstack Alliance)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking plugin <= 1.10.5 at WordPress." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://patchstack.com/database/vulnerability/wp-hotel-booking/wordpress-wp-hotel-booking-plugin-1-10-5-cross-site-request-forgery-csrf-vulnerability", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/wp-hotel-booking/wordpress-wp-hotel-booking-plugin-1-10-5-cross-site-request-forgery-csrf-vulnerability" + }, + { + "name": "https://wordpress.org/plugins/wp-hotel-booking/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/wp-hotel-booking/#developers" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36857.json b/2021/36xxx/CVE-2021-36857.json index 4a33ba1a63b..8a8ce13e4b3 100644 --- a/2021/36xxx/CVE-2021-36857.json +++ b/2021/36xxx/CVE-2021-36857.json @@ -1,18 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2021-11-08T12:19:00.000Z", "ID": "CVE-2021-36857", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress Testimonial Builder plugin <= 1.6.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Testimonial (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 1.6.1", + "version_value": "1.6.1" + } + ] + } + } + ] + }, + "vendor_name": "wpshopmart" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Ngo Van Thien (Patchstack Alliance)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in wpshopmart Testimonial Builder plugin <= 1.6.1 at WordPress." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://patchstack.com/database/vulnerability/testimonial-builder/wordpress-testimonial-builder-plugin-1-6-1-authenticated-stored-cross-site-scripting-xss-vulnerability", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/testimonial-builder/wordpress-testimonial-builder-plugin-1-6-1-authenticated-stored-cross-site-scripting-xss-vulnerability" + }, + { + "name": "https://wordpress.org/plugins/testimonial-builder/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/testimonial-builder/#developers" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to 1.6.2 or higher version." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/37xxx/CVE-2021-37289.json b/2021/37xxx/CVE-2021-37289.json index 4d62f0ea356..bea29f705bb 100644 --- a/2021/37xxx/CVE-2021-37289.json +++ b/2021/37xxx/CVE-2021-37289.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37289", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37289", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insecure Permissions in administration interface in Planex MZK-DP150N 1.42 and 1.43 allows attackers to execute system command as root via etc_ro/web/syscmd.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.planex.co.jp/products/mzk-dp150n/", + "refsource": "MISC", + "name": "http://www.planex.co.jp/products/mzk-dp150n/" + }, + { + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU98291763/", + "url": "https://jvn.jp/en/vu/JVNVU98291763/" + }, + { + "refsource": "MISC", + "name": "https://samy.link/blog/a-hidden-web-shell-in-the-plug-in-wireless-planex-mzk-dp150n", + "url": "https://samy.link/blog/a-hidden-web-shell-in-the-plug-in-wireless-planex-mzk-dp150n" } ] } diff --git a/2021/3xxx/CVE-2021-3442.json b/2021/3xxx/CVE-2021-3442.json index b8d4fcbed10..06a006bda0f 100644 --- a/2021/3xxx/CVE-2021-3442.json +++ b/2021/3xxx/CVE-2021-3442.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3442", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Red Hat OpenShift API Management.", + "version": { + "version_data": [ + { + "version_value": "Affects v2.9.1 GA." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 - Improper Input Validation -> CWE-134 - Use of Externally-Controlled Format String" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1930083", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930083" + }, + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2021-3442", + "url": "https://access.redhat.com/security/cve/CVE-2021-3442" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in the Red Hat OpenShift API Management product. User input is not validated allowing an authenticated user to inject scripts into some text boxes leading to a XSS attack. The highest threat from this vulnerability is to data confidentiality." } ] } diff --git a/2021/3xxx/CVE-2021-3481.json b/2021/3xxx/CVE-2021-3481.json index 9910317841a..0f37ce21619 100644 --- a/2021/3xxx/CVE-2021-3481.json +++ b/2021/3xxx/CVE-2021-3481.json @@ -4,14 +4,73 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3481", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "qt", + "version": { + "version_data": [ + { + "version_value": "Fixed in qt 5.12.11, qt 5.15.4, qt 6.0.3, qt 6.1.0RC." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125 - Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugreports.qt.io/browse/QTBUG-91507", + "url": "https://bugreports.qt.io/browse/QTBUG-91507" + }, + { + "refsource": "MISC", + "name": "https://codereview.qt-project.org/c/qt/qtsvg/+/337646", + "url": "https://codereview.qt-project.org/c/qt/qtsvg/+/337646" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1931444", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1931444" + }, + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2021-3481", + "url": "https://access.redhat.com/security/cve/CVE-2021-3481" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability." } ] } diff --git a/2021/3xxx/CVE-2021-3513.json b/2021/3xxx/CVE-2021-3513.json index 9e3afd89d88..d9fe2782f91 100644 --- a/2021/3xxx/CVE-2021-3513.json +++ b/2021/3xxx/CVE-2021-3513.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3513", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "keycloak", + "version": { + "version_data": [ + { + "version_value": "Fixed in keycloak v13.0.0." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-522 - Insufficiently Protected Credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1953439", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1953439" + }, + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2021-3513", + "url": "https://access.redhat.com/security/cve/CVE-2021-3513" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled. This is due to a wrong error message displayed when wrong credentials are entered. The highest threat from this vulnerability is to confidentiality." } ] } diff --git a/2021/3xxx/CVE-2021-3521.json b/2021/3xxx/CVE-2021-3521.json index 1e68fb55b61..b1bb28299b0 100644 --- a/2021/3xxx/CVE-2021-3521.json +++ b/2021/3xxx/CVE-2021-3521.json @@ -4,14 +4,73 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3521", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "RPM", + "version": { + "version_data": [ + { + "version_value": "Fixed in rpm-4.18.0-beta1, rpm-4.18.0-alpha2, rpm-4.18.0-alpha1 ." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-347 - Improper Verification of Cryptographic Signature" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1941098", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941098" + }, + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2021-3521", + "url": "https://access.redhat.com/security/cve/CVE-2021-3521" + }, + { + "refsource": "MISC", + "name": "https://github.com/rpm-software-management/rpm/pull/1795/", + "url": "https://github.com/rpm-software-management/rpm/pull/1795/" + }, + { + "refsource": "MISC", + "name": "https://github.com/rpm-software-management/rpm/commit/bd36c5dc9fb6d90c46fbfed8c2d67516fc571ec8", + "url": "https://github.com/rpm-software-management/rpm/commit/bd36c5dc9fb6d90c46fbfed8c2d67516fc571ec8" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a \"binding signature.\" RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data integrity. To exploit this flaw, an attacker must either compromise an RPM repository or convince an administrator to install an untrusted RPM or public key. It is strongly recommended to only use RPMs and public keys from trusted sources." } ] } diff --git a/2021/3xxx/CVE-2021-3586.json b/2021/3xxx/CVE-2021-3586.json index 785d45b1006..5e666850701 100644 --- a/2021/3xxx/CVE-2021-3586.json +++ b/2021/3xxx/CVE-2021-3586.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3586", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "servicemesh-operator", + "version": { + "version_data": [ + { + "version_value": "Affects v2.0.5.1, Fixed in v2.0.5.2." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1188 - Insecure Default Initialization of Resource" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1967738", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1967738" + }, + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2021-3586", + "url": "https://access.redhat.com/security/cve/CVE-2021-3586" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in servicemesh-operator. The NetworkPolicy resources installed for Maistra do not properly specify which ports may be accessed, allowing access to all ports on these resources from any pod. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." } ] } diff --git a/2021/3xxx/CVE-2021-3590.json b/2021/3xxx/CVE-2021-3590.json index 793c8d97207..31f12526a82 100644 --- a/2021/3xxx/CVE-2021-3590.json +++ b/2021/3xxx/CVE-2021-3590.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3590", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "foreman", + "version": { + "version_data": [ + { + "version_value": "Affects foreman-1.6.0 onwards" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1969258", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1969258" + }, + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2021-3590", + "url": "https://access.redhat.com/security/cve/CVE-2021-3590" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." } ] } diff --git a/2021/3xxx/CVE-2021-3639.json b/2021/3xxx/CVE-2021-3639.json index 174e7c380cc..f16260c0b3f 100644 --- a/2021/3xxx/CVE-2021-3639.json +++ b/2021/3xxx/CVE-2021-3639.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3639", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "mod_auth_mellon", + "version": { + "version_data": [ + { + "version_value": "Fixed in v0.18.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1980648", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1980648" + }, + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2021-3639", + "url": "https://access.redhat.com/security/cve/CVE-2021-3639" + }, + { + "refsource": "MISC", + "name": "https://github.com/latchset/mod_auth_mellon/commit/42a11261b9dad2e48d70bdff7c53dd57a12db6f5", + "url": "https://github.com/latchset/mod_auth_mellon/commit/42a11261b9dad2e48d70bdff7c53dd57a12db6f5" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threat from this liability is to confidentiality and integrity." } ] } diff --git a/2021/3xxx/CVE-2021-3659.json b/2021/3xxx/CVE-2021-3659.json index 38df9650424..b06742c012d 100644 --- a/2021/3xxx/CVE-2021-3659.json +++ b/2021/3xxx/CVE-2021-3659.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3659", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "Fixed in Kernel 5.12" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-252 - Unchecked Return Value, CWE-476 - NULL Pointer Dereference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1165affd484889d4986cf3b724318935a0b120d8", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1165affd484889d4986cf3b724318935a0b120d8" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1975949", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975949" + }, + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2021-3659", + "url": "https://access.redhat.com/security/cve/CVE-2021-3659" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A NULL pointer dereference flaw was found in the Linux kernel\u2019s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system availability." } ] } diff --git a/2022/2xxx/CVE-2022-2873.json b/2022/2xxx/CVE-2022-2873.json index dd658810071..e5266decb85 100644 --- a/2022/2xxx/CVE-2022-2873.json +++ b/2022/2xxx/CVE-2022-2873.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2873", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "Linux kernel 5.19-rc8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-131" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://lore.kernel.org/lkml/20220729093451.551672-1-zheyuma97@gmail.com/T/", + "url": "https://lore.kernel.org/lkml/20220729093451.551672-1-zheyuma97@gmail.com/T/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds memory access flaw was found in the Linux kernel Intel\u2019s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system." } ] } diff --git a/2022/2xxx/CVE-2022-2934.json b/2022/2xxx/CVE-2022-2934.json new file mode 100644 index 00000000000..6162243fa7a --- /dev/null +++ b/2022/2xxx/CVE-2022-2934.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2934", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2935.json b/2022/2xxx/CVE-2022-2935.json new file mode 100644 index 00000000000..266d267059a --- /dev/null +++ b/2022/2xxx/CVE-2022-2935.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2935", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2936.json b/2022/2xxx/CVE-2022-2936.json new file mode 100644 index 00000000000..4db1747bbfb --- /dev/null +++ b/2022/2xxx/CVE-2022-2936.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2936", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2937.json b/2022/2xxx/CVE-2022-2937.json new file mode 100644 index 00000000000..bbd734187a0 --- /dev/null +++ b/2022/2xxx/CVE-2022-2937.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2937", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2938.json b/2022/2xxx/CVE-2022-2938.json new file mode 100644 index 00000000000..490a50658c6 --- /dev/null +++ b/2022/2xxx/CVE-2022-2938.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2938", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2939.json b/2022/2xxx/CVE-2022-2939.json new file mode 100644 index 00000000000..96efb9c998a --- /dev/null +++ b/2022/2xxx/CVE-2022-2939.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2939", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2940.json b/2022/2xxx/CVE-2022-2940.json new file mode 100644 index 00000000000..64b3e186f11 --- /dev/null +++ b/2022/2xxx/CVE-2022-2940.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2940", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2941.json b/2022/2xxx/CVE-2022-2941.json new file mode 100644 index 00000000000..5cc812d4cfe --- /dev/null +++ b/2022/2xxx/CVE-2022-2941.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2941", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2942.json b/2022/2xxx/CVE-2022-2942.json new file mode 100644 index 00000000000..2e5b936025a --- /dev/null +++ b/2022/2xxx/CVE-2022-2942.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2942", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2943.json b/2022/2xxx/CVE-2022-2943.json new file mode 100644 index 00000000000..ca39b947cb9 --- /dev/null +++ b/2022/2xxx/CVE-2022-2943.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2943", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2944.json b/2022/2xxx/CVE-2022-2944.json new file mode 100644 index 00000000000..8c6d38f5986 --- /dev/null +++ b/2022/2xxx/CVE-2022-2944.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2944", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2945.json b/2022/2xxx/CVE-2022-2945.json new file mode 100644 index 00000000000..561473f1a4f --- /dev/null +++ b/2022/2xxx/CVE-2022-2945.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2945", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/33xxx/CVE-2022-33900.json b/2022/33xxx/CVE-2022-33900.json index db3553ecccf..9735afe70f5 100644 --- a/2022/33xxx/CVE-2022-33900.json +++ b/2022/33xxx/CVE-2022-33900.json @@ -1,18 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-08-10T11:40:00.000Z", "ID": "CVE-2022-33900", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress Easy Digital Downloads plugin <= 3.0.1 - PHP Object Injection vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Easy Digital Downloads", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 3.0.1", + "version_value": "3.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Easy Digital Downloads" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Robert Rowley (Patchstack)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "PHP Object Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-0-1-php-object-injection-vulnerability", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-0-1-php-object-injection-vulnerability" + }, + { + "name": "https://wordpress.org/plugins/easy-digital-downloads/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/easy-digital-downloads/#developers" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to 3.0.2 or higher version." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/34xxx/CVE-2022-34149.json b/2022/34xxx/CVE-2022-34149.json index 5f266554629..4216519a04d 100644 --- a/2022/34xxx/CVE-2022-34149.json +++ b/2022/34xxx/CVE-2022-34149.json @@ -1,18 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-08-02T12:07:00.000Z", "ID": "CVE-2022-34149", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress WP OAuth Server plugin <= 3.0.4 - Authentication Bypass vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WP OAuth Server (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 3.0.4", + "version_value": "3.0.4" + } + ] + } + } + ] + }, + "vendor_name": "miniOrange" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Lana Codes (Patchstack Alliance)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-264 Permissions, Privileges, and Access Controls" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://patchstack.com/database/vulnerability/miniorange-oauth-20-server/wordpress-wp-oauth-server-plugin-3-0-4-authentication-bypass-vulnerability", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/miniorange-oauth-20-server/wordpress-wp-oauth-server-plugin-3-0-4-authentication-bypass-vulnerability" + }, + { + "name": "https://wordpress.org/plugins/miniorange-oauth-20-server/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/miniorange-oauth-20-server/#developers" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to 4.0.1 or higher version." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/34xxx/CVE-2022-34347.json b/2022/34xxx/CVE-2022-34347.json index dd672bb979c..92a9709116f 100644 --- a/2022/34xxx/CVE-2022-34347.json +++ b/2022/34xxx/CVE-2022-34347.json @@ -1,18 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-08-02T11:27:00.000Z", "ID": "CVE-2022-34347", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress Download Manager plugin <= 3.2.48 - Cross-Site Request Forgery (CSRF) vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Download Manager (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 3.2.48", + "version_value": "3.2.48" + } + ] + } + } + ] + }, + "vendor_name": "W3 Eden, Inc." + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Muhammad Daffa (Patchstack Alliance)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in W3 Eden Download Manager plugin <= 3.2.48 at WordPress." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://patchstack.com/database/vulnerability/download-manager/wordpress-download-manager-plugin-3-2-48-cross-site-request-forgery-csrf-vulnerability", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/download-manager/wordpress-download-manager-plugin-3-2-48-cross-site-request-forgery-csrf-vulnerability" + }, + { + "name": "https://wordpress.org/plugins/download-manager/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/download-manager/#developers" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to 3.2.49 or higher version." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/34xxx/CVE-2022-34770.json b/2022/34xxx/CVE-2022-34770.json index f9259c277a6..3d07306dea7 100644 --- a/2022/34xxx/CVE-2022-34770.json +++ b/2022/34xxx/CVE-2022-34770.json @@ -1,18 +1,103 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cna@cyber.gov.il", + "DATE_PUBLIC": "2022-08-17T11:14:00.000Z", "ID": "CVE-2022-34770", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Tabit - sensitive information disclosure" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Tabit ", + "version": { + "version_data": [ + { + "version_affected": ">", + "version_name": "3.27.0", + "version_value": "3.27.0" + } + ] + } + } + ] + }, + "vendor_name": "Tabit " + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Guy Ben Simhon - Noname Security" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tabit - sensitive information disclosure. Several APIs on the web system display, without authorization, sensitive information such as health statements, previous bills in a specific restaurant, alcohol consumption and smoking habits. Each of the described API\u2019s, has in its URL one or more MongoDB ID which is not so simple to enumerate. However, they each receive a \u2018tiny URL\u2019 in Tabit\u2019s domain, in the form of https://tbit.be/{suffix} with suffix being a 5 characters long string containing numbers, lower- and upper-case letters. It is not so simple to enumerate them all, but really easy to find some that work and lead to a personal endpoint. This is both an example of OWASP: API4 - rate limiting and OWASP: API1 - Broken object level authorization. Furthermore, the redirect URL disclosed the MongoDB IDs discussed above, and we could use them to query other endpoints disclosing more personal information. For example: The URL https://tabitisrael.co.il/online-reservations/health-statement?orgId={org_id}&healthStatementId={health_statement_id} is used to invite friends to fill a health statement before attending the restaurant. We can use the health_statement_id to access the https://tgm-api.tabit.cloud/health-statement/{health_statement_id} API which disclose medical information as well as id number." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "sensitive information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.gov.il/en/departments/faq/cve_advisories", + "name": "https://www.gov.il/en/departments/faq/cve_advisories" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to version 3.27.0." + } + ], + "source": { + "defect": [ + "ILVN-2022-0042" + ], + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/34xxx/CVE-2022-34771.json b/2022/34xxx/CVE-2022-34771.json index 0e2b9075396..99e6d939e09 100644 --- a/2022/34xxx/CVE-2022-34771.json +++ b/2022/34xxx/CVE-2022-34771.json @@ -1,18 +1,103 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cna@cyber.gov.il", + "DATE_PUBLIC": "2022-08-17T11:14:00.000Z", "ID": "CVE-2022-34771", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Tabit - arbitrary SMS send on Tabits behalf" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Tabit ", + "version": { + "version_data": [ + { + "version_affected": ">", + "version_name": "3.27.0", + "version_value": "3.27.0" + } + ] + } + } + ] + }, + "vendor_name": "Tabit " + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Guy Ben Simhon - Noname Security" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tabit - arbitrary SMS send on Tabits behalf. The resend OTP API of tabit allows an adversary to send messages on tabits behalf to anyone registered on the system - the API receives the parameters: phone number, and CustomMessage, We can use that API to craft malicious messages to any user of the system. In addition, the API probably has some kind of template injection potential. When entering {{OTP}} in the custom message field it is formatted into an OTP." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "arbitrary SMS send on Tabits behalf" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.gov.il/en/departments/faq/cve_advisories", + "name": "https://www.gov.il/en/departments/faq/cve_advisories" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to version 3.27.0." + } + ], + "source": { + "defect": [ + "ILVN-2022-0043" + ], + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/34xxx/CVE-2022-34772.json b/2022/34xxx/CVE-2022-34772.json index f62707f116c..d3d07c983e4 100644 --- a/2022/34xxx/CVE-2022-34772.json +++ b/2022/34xxx/CVE-2022-34772.json @@ -1,18 +1,103 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cna@cyber.gov.il", + "DATE_PUBLIC": "2022-08-17T11:14:00.000Z", "ID": "CVE-2022-34772", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Tabit - password enumeration" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Tabit ", + "version": { + "version_data": [ + { + "version_affected": ">", + "version_name": "3.27.0", + "version_value": "3.27.0" + } + ] + } + } + ] + }, + "vendor_name": "Tabit " + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Guy Ben Simhon - Noname Security" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tabit - password enumeration. Description: Tabit - password enumeration. The passwords for the Tabit system is a 4 digit OTP. One can resend OTP and try logging in indefinitely. Once again, this is an example of OWASP: API4 - Rate limiting." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "password enumeration" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.gov.il/en/departments/faq/cve_advisories", + "name": "https://www.gov.il/en/departments/faq/cve_advisories" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to version 3.27.0." + } + ], + "source": { + "defect": [ + "ILVN-2022-0044" + ], + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/34xxx/CVE-2022-34773.json b/2022/34xxx/CVE-2022-34773.json index 64e7bc86686..c7efd5a40a5 100644 --- a/2022/34xxx/CVE-2022-34773.json +++ b/2022/34xxx/CVE-2022-34773.json @@ -1,18 +1,103 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cna@cyber.gov.il", + "DATE_PUBLIC": "2022-08-17T11:14:00.000Z", "ID": "CVE-2022-34773", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Tabit - HTTP Method manipulation" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Tabit ", + "version": { + "version_data": [ + { + "version_affected": ">", + "version_name": "3.27.0", + "version_value": "3.27.0" + } + ] + } + } + ] + }, + "vendor_name": "Tabit " + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Guy Ben Simhon - Noname Security" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tabit - HTTP Method manipulation. https://bridge.tabit.cloud/configuration/addresses-query - can be POST-ed to add addresses to the DB. This is an example of OWASP:API8 \u2013 Injection." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "HTTP Method manipulation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.gov.il/en/departments/faq/cve_advisories", + "name": "https://www.gov.il/en/departments/faq/cve_advisories" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to version 3.27.0." + } + ], + "source": { + "defect": [ + "ILVN-2022-0045" + ], + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/34xxx/CVE-2022-34774.json b/2022/34xxx/CVE-2022-34774.json index 339c588c889..c0339627568 100644 --- a/2022/34xxx/CVE-2022-34774.json +++ b/2022/34xxx/CVE-2022-34774.json @@ -1,18 +1,103 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cna@cyber.gov.il", + "DATE_PUBLIC": "2022-08-17T11:14:00.000Z", "ID": "CVE-2022-34774", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Tabit - Arbitrary account modification" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Tabit ", + "version": { + "version_data": [ + { + "version_affected": ">", + "version_name": "3.27.0", + "version_value": "3.27.0" + } + ] + } + } + ] + }, + "vendor_name": "Tabit " + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Guy Ben Simhon - Noname Security" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tabit - Arbitrary account modification. One of the endpoints mapped by the tiny URL, was a page where an adversary can modify personal details, such as email addresses and phone numbers of a specific user in a restaurant's loyalty program. Possibly allowing account takeover (the mail can be used to reset password)." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary account modification" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.gov.il/en/departments/faq/cve_advisories", + "name": "https://www.gov.il/en/departments/faq/cve_advisories" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to version 3.27.0." + } + ], + "source": { + "defect": [ + "ILVN-2022-0046" + ], + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/34xxx/CVE-2022-34775.json b/2022/34xxx/CVE-2022-34775.json index c6e4734be32..d390b02552d 100644 --- a/2022/34xxx/CVE-2022-34775.json +++ b/2022/34xxx/CVE-2022-34775.json @@ -1,18 +1,103 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cna@cyber.gov.il", + "DATE_PUBLIC": "2022-08-17T11:14:00.000Z", "ID": "CVE-2022-34775", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Tabit - Excessive data exposure" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Tabit ", + "version": { + "version_data": [ + { + "version_affected": ">", + "version_name": "3.27.0", + "version_value": "3.27.0" + } + ] + } + } + ] + }, + "vendor_name": "Tabit " + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Guy Ben Simhon - Noname Security" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tabit - Excessive data exposure. Another endpoint mapped by the tiny url, was one for reservation cancellation, containing the MongoDB ID of the reservation, and organization. This can be used to query the http://tgm-api.tabit.cloud/rsv/management/{reservationId}?organization={orgId} API which returns a lot of data regarding the reservation (OWASP: API3): Name, mail, phone number, the number of visits of the user to this specific restaurant, the money he spent there, the money he spent on alcohol, whether he left a deposit etc. This information can easily be used for a phishing attack." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Excessive data exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.gov.il/en/departments/faq/cve_advisories", + "name": "https://www.gov.il/en/departments/faq/cve_advisories" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to version 3.27.0." + } + ], + "source": { + "defect": [ + "ILVN-2022-0047" + ], + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/34xxx/CVE-2022-34776.json b/2022/34xxx/CVE-2022-34776.json index e2815eb0ff8..960205add65 100644 --- a/2022/34xxx/CVE-2022-34776.json +++ b/2022/34xxx/CVE-2022-34776.json @@ -1,18 +1,103 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cna@cyber.gov.il", + "DATE_PUBLIC": "2022-08-21T11:14:00.000Z", "ID": "CVE-2022-34776", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Tabit - giftcard stealth" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Tabit ", + "version": { + "version_data": [ + { + "version_affected": ">", + "version_name": "3.27.0", + "version_value": "3.27.0" + } + ] + } + } + ] + }, + "vendor_name": "Tabit " + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Guy Ben Simhon - Noname Security" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tabit - giftcard stealth. Several APIs on the web system display, without authorization, sensitive information such as health statements, previous bills in a specific restaurant, alcohol consumption and smoking habits. Each of the described APIs, has in its URL one or more MongoDB ID which is not so simple to enumerate. However, they each receive a 'tiny URL' in tabits domain, in the form of https://tbit.be/{suffix} with suffix being a 5 character long string containing numbers, lower and upper case letters. It is not so simple to enumerate them all, but really easy to find some that work and lead to a personal endpoint. Furthermore, the redirect URL disclosed the MongoDB IDs discussed above, and we could use them to query other endpoints disclosing more personal information." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "giftcard stealth" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.gov.il/en/departments/faq/cve_advisories", + "name": "https://www.gov.il/en/departments/faq/cve_advisories" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to version 3.27.0." + } + ], + "source": { + "defect": [ + "ILVN-2022-0048" + ], + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/34xxx/CVE-2022-34857.json b/2022/34xxx/CVE-2022-34857.json index 5f64433a65e..460b4a45e1a 100644 --- a/2022/34xxx/CVE-2022-34857.json +++ b/2022/34xxx/CVE-2022-34857.json @@ -1,18 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-08-10T12:34:00.000Z", "ID": "CVE-2022-34857", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress SP Project & Document Manager plugin <= 4.59 - Reflected Cross-Site Scripting (XSS) vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SP Project & Document Manager (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 4.59", + "version_value": "4.59" + } + ] + } + } + ] + }, + "vendor_name": "smartypants" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Vlad Vector (Patchstack)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Reflected Cross-Site Scripting (XSS) vulnerability in smartypants SP Project & Document Manager plugin <= 4.59 at WordPress" } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://patchstack.com/database/vulnerability/sp-client-document-manager/wordpress-sp-project-document-manager-plugin-4-59-reflected-cross-site-scripting-xss-vulnerability", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/sp-client-document-manager/wordpress-sp-project-document-manager-plugin-4-59-reflected-cross-site-scripting-xss-vulnerability" + }, + { + "name": "https://wordpress.org/plugins/sp-client-document-manager/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/sp-client-document-manager/#developers" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to 4.62 or higher version." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/34xxx/CVE-2022-34858.json b/2022/34xxx/CVE-2022-34858.json index 9e706868795..35c39698b1e 100644 --- a/2022/34xxx/CVE-2022-34858.json +++ b/2022/34xxx/CVE-2022-34858.json @@ -1,18 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-08-02T11:48:00.000Z", "ID": "CVE-2022-34858", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress OAuth 2.0 client for SSO plugin <= 1.11.3 - Authentication Bypass vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OAuth 2.0 client for SSO (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 1.11.3", + "version_value": "1.11.3" + } + ] + } + } + ] + }, + "vendor_name": "miniOrange" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Lana Codes (Patchstack Alliance)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for SSO plugin <= 1.11.3 at WordPress." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-264 Permissions, Privileges, and Access Controls" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://patchstack.com/database/vulnerability/oauth-client/wordpress-oauth-2-0-client-for-sso-plugin-1-11-3-authentication-bypass-vulnerability", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/oauth-client/wordpress-oauth-2-0-client-for-sso-plugin-1-11-3-authentication-bypass-vulnerability" + }, + { + "name": "https://wordpress.org/plugins/oauth-client/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/oauth-client/#developers" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to 1.11.4 or higher version." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/35xxx/CVE-2022-35654.json b/2022/35xxx/CVE-2022-35654.json index fb03d7548e3..85870147a97 100644 --- a/2022/35xxx/CVE-2022-35654.json +++ b/2022/35xxx/CVE-2022-35654.json @@ -4,14 +4,84 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-35654", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@pega.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Pegasystems", + "product": { + "product_data": [ + { + "product_name": "Pega Infinity", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "8.5.4" + }, + { + "version_affected": "<", + "version_value": "8.7.3" + } + ] + } + } + ] + } + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Kane Gamble from Blackfoot UK" + } + ], + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Cross-Site Scripting" + } + ] + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "AV": "N", + "AC": "L", + "PR": "N", + "UI": "R", + "S": "C", + "C": "L", + "I": "L", + "A": "N", + "SCORE": "6.1" + } + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.pega.com/support-doc/pega-security-advisory-c22-vulnerability-%E2%80%93-hotfix-matrix-0", + "refsource": "MISC", + "name": "https://support.pega.com/support-doc/pega-security-advisory-c22-vulnerability-%E2%80%93-hotfix-matrix-0" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Pega Platform from 8.5.4 to 8.7.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter." } ] } diff --git a/2022/35xxx/CVE-2022-35655.json b/2022/35xxx/CVE-2022-35655.json index 62801f49aa3..83a94f213c1 100644 --- a/2022/35xxx/CVE-2022-35655.json +++ b/2022/35xxx/CVE-2022-35655.json @@ -4,14 +4,84 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-35655", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@pega.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Pegasystems", + "product": { + "product_data": [ + { + "product_name": "Pega Infinity", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "7.3" + }, + { + "version_affected": "<", + "version_value": "8.7.3" + } + ] + } + } + ] + } + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Kane Gamble from Blackfoot UK" + } + ], + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Cross-Site Scripting" + } + ] + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "AV": "N", + "AC": "L", + "PR": "N", + "UI": "R", + "S": "C", + "C": "L", + "I": "L", + "A": "N", + "SCORE": "6.1" + } + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.pega.com/support-doc/pega-security-advisory-c22-vulnerability-%E2%80%93-hotfix-matrix-0", + "refsource": "MISC", + "name": "https://support.pega.com/support-doc/pega-security-advisory-c22-vulnerability-%E2%80%93-hotfix-matrix-0" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Pega Platform from 7.3 to 8.7.3 is affected by an XSS issue due to a misconfiguration of a datapage setting." } ] } diff --git a/2022/35xxx/CVE-2022-35656.json b/2022/35xxx/CVE-2022-35656.json index f3244d62ee3..5a1f3540f10 100644 --- a/2022/35xxx/CVE-2022-35656.json +++ b/2022/35xxx/CVE-2022-35656.json @@ -4,14 +4,84 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-35656", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@pega.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Pegasystems", + "product": { + "product_data": [ + { + "product_name": "Pega Infinity", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "8.3" + }, + { + "version_affected": "<", + "version_value": "8.7.3" + } + ] + } + } + ] + } + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Kane Gamble from Blackfoot UK" + } + ], + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352: Cross-Site Request Forgery" + } + ] + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "AV": "N", + "AC": "L", + "PR": "H", + "UI": "R", + "S": "U", + "C": "H", + "I": "H", + "A": "H", + "SCORE": "6.8" + } + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.pega.com/support-doc/pega-security-advisory-c22-vulnerability-%E2%80%93-hotfix-matrix-0", + "refsource": "MISC", + "name": "https://support.pega.com/support-doc/pega-security-advisory-c22-vulnerability-%E2%80%93-hotfix-matrix-0" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings directly." } ] } diff --git a/2022/36xxx/CVE-2022-36346.json b/2022/36xxx/CVE-2022-36346.json index ff8796978a1..4c36c728273 100644 --- a/2022/36xxx/CVE-2022-36346.json +++ b/2022/36xxx/CVE-2022-36346.json @@ -1,18 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-08-02T12:21:00.000Z", "ID": "CVE-2022-36346", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress MaxButtons plugin <= 9.2 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MaxButtons (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 9.2", + "version_value": "9.2" + } + ] + } + } + ] + }, + "vendor_name": "Max Foundry" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Muhammad Daffa (Patchstack Alliance)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Max Foundry MaxButtons plugin <= 9.2 at WordPress." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://patchstack.com/database/vulnerability/maxbuttons/wordpress-maxbuttons-plugins-9-2-multiple-cross-site-request-forgery-csrf-vulnerabilities", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/maxbuttons/wordpress-maxbuttons-plugins-9-2-multiple-cross-site-request-forgery-csrf-vulnerabilities" + }, + { + "name": "https://wordpress.org/plugins/maxbuttons/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/maxbuttons/#developers" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to 9.3 or higher version." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/37xxx/CVE-2022-37133.json b/2022/37xxx/CVE-2022-37133.json index 44e00b9f54b..d21c3957e1d 100644 --- a/2022/37xxx/CVE-2022-37133.json +++ b/2022/37xxx/CVE-2022-37133.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-37133", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-37133", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "D-link DIR-816 A2_v1.10CNB04.img reboots the router without authentication via /goform/doReboot. No authentication is required, and reboot is executed when the function returns at the end." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.dlink.com/en/security-bulletin/", + "refsource": "MISC", + "name": "https://www.dlink.com/en/security-bulletin/" + }, + { + "url": "https://github.com/z1r00/IOT_Vul/blob/main/dlink/Dir816/doReboot/readme.md", + "refsource": "MISC", + "name": "https://github.com/z1r00/IOT_Vul/blob/main/dlink/Dir816/doReboot/readme.md" } ] } diff --git a/2022/37xxx/CVE-2022-37134.json b/2022/37xxx/CVE-2022-37134.json index ef387a3d60d..13c4fda35ba 100644 --- a/2022/37xxx/CVE-2022-37134.json +++ b/2022/37xxx/CVE-2022-37134.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-37134", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-37134", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer Overflow via /goform/form2Wan.cgi. When wantype is 3, l2tp_usrname will be decrypted by base64, and the result will be stored in v94, which does not check the size of l2tp_usrname, resulting in stack overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.dlink.com/en/security-bulletin/", + "refsource": "MISC", + "name": "https://www.dlink.com/en/security-bulletin/" + }, + { + "url": "https://github.com/z1r00/IOT_Vul/blob/main/dlink/Dir816/form2Wan_cgi/readme.md", + "refsource": "MISC", + "name": "https://github.com/z1r00/IOT_Vul/blob/main/dlink/Dir816/form2Wan_cgi/readme.md" } ] }