diff --git a/2020/20xxx/CVE-2020-20402.json b/2020/20xxx/CVE-2020-20402.json index 22cf171fdcb..b7b5a72819a 100644 --- a/2020/20xxx/CVE-2020-20402.json +++ b/2020/20xxx/CVE-2020-20402.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-20402", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-20402", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Westbrookadmin portfolioCMS v1.05 allows attackers to bypass password validation and access sensitive information via session fixation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Westbrookadmin/portfolioCMS/issues/2", + "refsource": "MISC", + "name": "https://github.com/Westbrookadmin/portfolioCMS/issues/2" } ] } diff --git a/2022/24xxx/CVE-2022-24963.json b/2022/24xxx/CVE-2022-24963.json index a6533b6e8e7..fba92a3a5c5 100644 --- a/2022/24xxx/CVE-2022-24963.json +++ b/2022/24xxx/CVE-2022-24963.json @@ -1,18 +1,76 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-24963", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190 Integer Overflow or Wraparound", + "cweId": "CWE-190" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Portable Runtime (APR)", + "version": { + "version_data": [ + { + "version_value": "1.7.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9", + "refsource": "MISC", + "name": "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Ronald Crane (Zippenhop LLC)" + } + ] } \ No newline at end of file diff --git a/2022/25xxx/CVE-2022-25147.json b/2022/25xxx/CVE-2022-25147.json index 6bacc752fe6..6b2be38da29 100644 --- a/2022/25xxx/CVE-2022-25147.json +++ b/2022/25xxx/CVE-2022-25147.json @@ -1,18 +1,76 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-25147", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190 Integer Overflow or Wraparound", + "cweId": "CWE-190" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Portable Runtime Utility (APR-util)", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://lists.apache.org/thread/np5gjqlohc4f62lr09vrn61vl44cylh8", + "refsource": "MISC", + "name": "https://lists.apache.org/thread/np5gjqlohc4f62lr09vrn61vl44cylh8" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Ronald Crane (Zippenhop LLC)" + } + ] } \ No newline at end of file diff --git a/2022/28xxx/CVE-2022-28331.json b/2022/28xxx/CVE-2022-28331.json index caffefe194b..a10394de335 100644 --- a/2022/28xxx/CVE-2022-28331.json +++ b/2022/28xxx/CVE-2022-28331.json @@ -1,18 +1,76 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-28331", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787 Out-of-bounds Write", + "cweId": "CWE-787" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Portable Runtime (APR)", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r", + "refsource": "MISC", + "name": "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Ronald Crane (Zippenhop LLC)" + } + ] } \ No newline at end of file diff --git a/2022/45xxx/CVE-2022-45598.json b/2022/45xxx/CVE-2022-45598.json index f574df360ba..2f66f01ebfd 100644 --- a/2022/45xxx/CVE-2022-45598.json +++ b/2022/45xxx/CVE-2022-45598.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-45598", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-45598", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting vulnerability in Joplin Desktop App before v2.9.17 allows attacker to execute arbitrary code via improper santization." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/laurent22/joplin/commit/a2de167b95debad83a0f0c7925a88c0198db812e", + "refsource": "MISC", + "name": "https://github.com/laurent22/joplin/commit/a2de167b95debad83a0f0c7925a88c0198db812e" + }, + { + "url": "https://github.com/laurent22/joplin/releases/tag/v2.9.17", + "refsource": "MISC", + "name": "https://github.com/laurent22/joplin/releases/tag/v2.9.17" } ] } diff --git a/2022/47xxx/CVE-2022-47035.json b/2022/47xxx/CVE-2022-47035.json index 72932e80d56..5492604986b 100644 --- a/2022/47xxx/CVE-2022-47035.json +++ b/2022/47xxx/CVE-2022-47035.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-47035", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-47035", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedded and below allows attacker to execute arbitrary code via the GetConfig method to the /CPE endpoint." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.dlink.com/en/security-bulletin/", + "refsource": "MISC", + "name": "https://www.dlink.com/en/security-bulletin/" + }, + { + "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10314", + "refsource": "MISC", + "name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10314" } ] } diff --git a/2022/47xxx/CVE-2022-47780.json b/2022/47xxx/CVE-2022-47780.json index 827d4ae978e..9649efac4c2 100644 --- a/2022/47xxx/CVE-2022-47780.json +++ b/2022/47xxx/CVE-2022-47780.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-47780", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-47780", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Injection vulnerability in Bangresto 1.0 via the itemID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/Bangresto", + "refsource": "MISC", + "name": "https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/Bangresto" } ] } diff --git a/2023/0xxx/CVE-2023-0598.json b/2023/0xxx/CVE-2023-0598.json new file mode 100644 index 00000000000..f7b3fd035e8 --- /dev/null +++ b/2023/0xxx/CVE-2023-0598.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-0598", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/24xxx/CVE-2023-24162.json b/2023/24xxx/CVE-2023-24162.json index 132b17ee5be..e7a3a6ba79e 100644 --- a/2023/24xxx/CVE-2023-24162.json +++ b/2023/24xxx/CVE-2023-24162.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-24162", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-24162", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacker to execute arbitrary code via the XmlUtil.readObjectFromXml parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/dromara/hutool/issues/2855", + "refsource": "MISC", + "name": "https://github.com/dromara/hutool/issues/2855" + }, + { + "url": "https://gitee.com/dromara/hutool/issues/I6AEX2", + "refsource": "MISC", + "name": "https://gitee.com/dromara/hutool/issues/I6AEX2" } ] } diff --git a/2023/24xxx/CVE-2023-24163.json b/2023/24xxx/CVE-2023-24163.json index 9b95a9f2d43..9b300e65b70 100644 --- a/2023/24xxx/CVE-2023-24163.json +++ b/2023/24xxx/CVE-2023-24163.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-24163", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-24163", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Inection vulnerability in Dromara hutool v5.8.11 allows attacker to execute arbitrary code via the aviator template engine." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gitee.com/dromara/hutool/issues/I6AJWJ#note_15801868", + "refsource": "MISC", + "name": "https://gitee.com/dromara/hutool/issues/I6AJWJ#note_15801868" } ] } diff --git a/2023/24xxx/CVE-2023-24845.json b/2023/24xxx/CVE-2023-24845.json new file mode 100644 index 00000000000..4a7be9a5b29 --- /dev/null +++ b/2023/24xxx/CVE-2023-24845.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-24845", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file