diff --git a/2020/14xxx/CVE-2020-14127.json b/2020/14xxx/CVE-2020-14127.json index 88fcc7f5008..25993912519 100644 --- a/2020/14xxx/CVE-2020-14127.json +++ b/2020/14xxx/CVE-2020-14127.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-14127", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@xiaomi.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Redmi K40 ,Redmi Note10 Pro", + "version": { + "version_data": [ + { + "version_value": "Redmi K40 MIUI<2022.07.01 ,Redmi Note10 Pro MIUI<2022.07.01" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=169", + "url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=169" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by heap overflow and can be exploited by attackers to make remote denial of service." } ] } diff --git a/2022/1xxx/CVE-2022-1662.json b/2022/1xxx/CVE-2022-1662.json index a2d87dad401..329875f1c42 100644 --- a/2022/1xxx/CVE-2022-1662.json +++ b/2022/1xxx/CVE-2022-1662.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-1662", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "convert2rhel", + "version": { + "version_data": [ + { + "version_value": "convert2rhel 0.26 Vivi" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2083851", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083851" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In convert2rhel, there's an ansible playbook named ansible/run-convert2rhel.yml which passes the Red Hat Subscription Manager user password via the CLI to convert2rhel. This could allow unauthorized local users to view the password via the process list while convert2rhel is running. However, this ansible playbook is only an example in the upstream repository and it is not shipped in officially supported versions of convert2rhel." } ] } diff --git a/2022/28xxx/CVE-2022-28876.json b/2022/28xxx/CVE-2022-28876.json index 5fd85a86b16..daf3e7f2f60 100644 --- a/2022/28xxx/CVE-2022-28876.json +++ b/2022/28xxx/CVE-2022-28876.json @@ -1,18 +1,97 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-notifications-us@f-secure.com", "ID": "CVE-2022-28876", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Denial-of-Service (DoS) Vulnerability " }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "All F-Secure & WithSecure endpoint protection products for Windows and Mac. F-Secure Linux Security (32-bit). F-Secure Linux Security (64-bit). F-Secure Atlant. WithSecure Cloud Protection for Salesforce & WithSecure Collaboration Protection", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All Version " + } + ] + } + } + ] + }, + "vendor_name": "F-Secure" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aeheur.dll component can crash the scanning engine. The exploit can be triggered remotely by an attacker." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial-of-Service (DoS) Vulnerability " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories", + "name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories" + }, + { + "refsource": "MISC", + "url": "https://www.withsecure.com/en/support/security-advisories", + "name": "https://www.withsecure.com/en/support/security-advisories" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-07-04_09" + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/29xxx/CVE-2022-29593.json b/2022/29xxx/CVE-2022-29593.json index e12ca11367c..c7f765381c5 100644 --- a/2022/29xxx/CVE-2022-29593.json +++ b/2022/29xxx/CVE-2022-29593.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-29593", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-29593", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post requests without the need for authentication or a valid signed/authorized request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/", + "refsource": "MISC", + "name": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/" + }, + { + "refsource": "MISC", + "name": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2022-29593-authentication-bypass-by-capture-replay-dingtian-dt-r002/", + "url": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2022-29593-authentication-bypass-by-capture-replay-dingtian-dt-r002/" } ] } diff --git a/2022/2xxx/CVE-2022-2393.json b/2022/2xxx/CVE-2022-2393.json index 02b8034d84d..0857b7475e8 100644 --- a/2022/2xxx/CVE-2022-2393.json +++ b/2022/2xxx/CVE-2022-2393.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2393", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "pki-core", + "version": { + "version_data": [ + { + "version_value": "pki-core versions 10.12.4 and prior are affected." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2101046", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101046" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content." } ] } diff --git a/2022/32xxx/CVE-2022-32210.json b/2022/32xxx/CVE-2022-32210.json index 749b59c6f4a..79788332e96 100644 --- a/2022/32xxx/CVE-2022-32210.json +++ b/2022/32xxx/CVE-2022-32210.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-32210", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "https://github.com/nodejs/undici", + "version": { + "version_data": [ + { + "version_value": "Fixed in version >= v5.5.1. Vulnerable between v4.8.2 and v5.5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Certificate Validation (CWE-295)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/1583680", + "url": "https://hackerone.com/reports/1583680" + }, + { + "refsource": "MISC", + "name": "https://github.com/nodejs/undici/security/advisories/GHSA-pgw7-wx7w-2w33", + "url": "https://github.com/nodejs/undici/security/advisories/GHSA-pgw7-wx7w-2w33" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "`Undici.ProxyAgent` never verifies the remote server's certificate, and always exposes all request & response data to the proxy. This unexpectedly means that proxies can MitM all HTTPS traffic, and if the proxy's URL is HTTP then it also means that nominally HTTPS requests are actually sent via plain-text HTTP between Undici and the proxy server." } ] } diff --git a/2022/32xxx/CVE-2022-32212.json b/2022/32xxx/CVE-2022-32212.json index 8998a522e9a..ee2a7ab07df 100644 --- a/2022/32xxx/CVE-2022-32212.json +++ b/2022/32xxx/CVE-2022-32212.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-32212", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "https://github.com/nodejs/node", + "version": { + "version_data": [ + { + "version_value": "Fixed in 14.20.0+, 16.20.0+,18.5.0+" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection (CWE-78)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22884", + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22884" + }, + { + "refsource": "MISC", + "name": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7160", + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7160" + }, + { + "refsource": "MISC", + "name": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/", + "url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks." } ] } diff --git a/2022/32xxx/CVE-2022-32213.json b/2022/32xxx/CVE-2022-32213.json index 638cf69a563..2a752bd8631 100644 --- a/2022/32xxx/CVE-2022-32213.json +++ b/2022/32xxx/CVE-2022-32213.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-32213", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "https://github.com/nodejs/node", + "version": { + "version_data": [ + { + "version_value": "Fixed in 14.20.0+, 16.20.0+,18.5.0+" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "HTTP Request Smuggling (CWE-444)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/", + "url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The llhttp parser in the http module in Node.js v17.x does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS)." } ] } diff --git a/2022/32xxx/CVE-2022-32214.json b/2022/32xxx/CVE-2022-32214.json index d12dc6e26d0..f37aaf5348e 100644 --- a/2022/32xxx/CVE-2022-32214.json +++ b/2022/32xxx/CVE-2022-32214.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-32214", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "https://github.com/nodejs/node", + "version": { + "version_data": [ + { + "version_value": "Fixed in 14.20.0+, 16.20.0+,18.5.0+" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "HTTP Request Smuggling (CWE-444)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/", + "url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/1524692", + "url": "https://hackerone.com/reports/1524692" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS)." } ] } diff --git a/2022/32xxx/CVE-2022-32215.json b/2022/32xxx/CVE-2022-32215.json index d2f231ebf1f..b6ef271843d 100644 --- a/2022/32xxx/CVE-2022-32215.json +++ b/2022/32xxx/CVE-2022-32215.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-32215", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "https://github.com/nodejs/node", + "version": { + "version_data": [ + { + "version_value": "Fixed in 14.20.0+, 16.20.0+,18.5.0+" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "HTTP Request Smuggling (CWE-444)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/", + "url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/1501679", + "url": "https://hackerone.com/reports/1501679" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The llhttp parser in the http module in Node v17.6.0 does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS)." } ] } diff --git a/2022/32xxx/CVE-2022-32222.json b/2022/32xxx/CVE-2022-32222.json index fa6f9eb7e87..31bbb1475c6 100644 --- a/2022/32xxx/CVE-2022-32222.json +++ b/2022/32xxx/CVE-2022-32222.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-32222", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "https://github.com/nodejs/node", + "version": { + "version_data": [ + { + "version_value": "Vulnerable between v18.0.0 and 18.4.0. Fixed in v18.5.0." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cryptographic Issues - Generic (CWE-310)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/", + "url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3." } ] } diff --git a/2022/32xxx/CVE-2022-32223.json b/2022/32xxx/CVE-2022-32223.json index ab11f59a9d7..81843b8c5cd 100644 --- a/2022/32xxx/CVE-2022-32223.json +++ b/2022/32xxx/CVE-2022-32223.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-32223", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "https://github.com/nodejs/node", + "version": { + "version_data": [ + { + "version_value": "Fixed in 14.20.0+, 16.20.0+, 18.5.0+" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Uncontrolled Search Path Element (CWE-427)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/", + "url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/1447455", + "url": "https://hackerone.com/reports/1447455" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine:* OpenSSL has been installed and \u201cC:\\Program Files\\Common Files\\SSL\\openssl.cnf\u201d exists.Whenever the above conditions are present, `node.exe` will search for `providers.dll` in the current user directory.After that, `node.exe` will try to search for `providers.dll` by the DLL Search Order in Windows.It is possible for an attacker to place the malicious file `providers.dll` under a variety of paths and exploit this vulnerability." } ] } diff --git a/2022/32xxx/CVE-2022-32225.json b/2022/32xxx/CVE-2022-32225.json index c8587998f04..9de67552e32 100644 --- a/2022/32xxx/CVE-2022-32225.json +++ b/2022/32xxx/CVE-2022-32225.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-32225", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Veeam Management Pack for Microsoft System Center", + "version": { + "version_data": [ + { + "version_value": "8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - DOM (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.veeam.com/kb4338", + "url": "https://www.veeam.com/kb4338" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A reflected DOM-Based XSS vulnerability has been discovered in the Help directory of Veeam Management Pack for Microsoft System Center 8.0. This vulnerability could be exploited by an attacker by convincing a legitimate user to visit a crafted URL on a Veeam Management Pack for Microsoft System Center server, allowing for the execution of arbitrary scripts." } ] } diff --git a/2022/35xxx/CVE-2022-35864.json b/2022/35xxx/CVE-2022-35864.json new file mode 100644 index 00000000000..6a0a7d6017a --- /dev/null +++ b/2022/35xxx/CVE-2022-35864.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-35864", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/35xxx/CVE-2022-35865.json b/2022/35xxx/CVE-2022-35865.json new file mode 100644 index 00000000000..84be4dfcc0a --- /dev/null +++ b/2022/35xxx/CVE-2022-35865.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-35865", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/35xxx/CVE-2022-35866.json b/2022/35xxx/CVE-2022-35866.json new file mode 100644 index 00000000000..ac8e7e16c2e --- /dev/null +++ b/2022/35xxx/CVE-2022-35866.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-35866", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/35xxx/CVE-2022-35867.json b/2022/35xxx/CVE-2022-35867.json new file mode 100644 index 00000000000..08115787994 --- /dev/null +++ b/2022/35xxx/CVE-2022-35867.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-35867", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file