From 22a9bf868dca61684e641a87fdc208a63466c281 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 26 May 2022 14:01:47 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/34xxx/CVE-2021-34360.json | 7 +- 2021/4xxx/CVE-2021-4231.json | 208 +++++++++++++++++---------------- 2022/1xxx/CVE-2022-1664.json | 30 +++-- 2022/1xxx/CVE-2022-1895.json | 18 +++ 2022/1xxx/CVE-2022-1896.json | 18 +++ 2022/21xxx/CVE-2022-21500.json | 102 ++++++++-------- 2022/29xxx/CVE-2022-29660.json | 56 ++++++++- 2022/29xxx/CVE-2022-29661.json | 56 ++++++++- 2022/29xxx/CVE-2022-29662.json | 56 ++++++++- 2022/29xxx/CVE-2022-29663.json | 56 ++++++++- 2022/29xxx/CVE-2022-29664.json | 56 ++++++++- 2022/29xxx/CVE-2022-29665.json | 56 ++++++++- 2022/29xxx/CVE-2022-29666.json | 56 ++++++++- 2022/29xxx/CVE-2022-29667.json | 56 ++++++++- 2022/29xxx/CVE-2022-29669.json | 56 ++++++++- 2022/29xxx/CVE-2022-29670.json | 56 ++++++++- 2022/29xxx/CVE-2022-29676.json | 56 ++++++++- 2022/29xxx/CVE-2022-29680.json | 56 ++++++++- 2022/29xxx/CVE-2022-29681.json | 56 ++++++++- 2022/29xxx/CVE-2022-29682.json | 56 ++++++++- 2022/29xxx/CVE-2022-29683.json | 56 ++++++++- 2022/29xxx/CVE-2022-29684.json | 56 ++++++++- 2022/29xxx/CVE-2022-29685.json | 56 ++++++++- 2022/29xxx/CVE-2022-29686.json | 56 ++++++++- 2022/29xxx/CVE-2022-29687.json | 56 ++++++++- 2022/29xxx/CVE-2022-29688.json | 56 ++++++++- 2022/29xxx/CVE-2022-29689.json | 56 ++++++++- 27 files changed, 1267 insertions(+), 292 deletions(-) create mode 100644 2022/1xxx/CVE-2022-1895.json create mode 100644 2022/1xxx/CVE-2022-1896.json diff --git a/2021/34xxx/CVE-2021-34360.json b/2021/34xxx/CVE-2021-34360.json index cc2c31bba60..1241110c56a 100644 --- a/2021/34xxx/CVE-2021-34360.json +++ b/2021/34xxx/CVE-2021-34360.json @@ -57,7 +57,7 @@ "description_data": [ { "lang": "eng", - "value": "A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code.\nWe have already fixed this vulnerability in the following versions of Proxy Server:\nQTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later\nQuTS hero h5.0.0: Proxy Server 1.4.3 ( 2022/01/18 ) and later\nQuTScloud c4.5.6: Proxy Server 1.4.2 ( 2021/12/30 ) and later\n" + "value": "A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later QuTS hero h5.0.0: Proxy Server 1.4.3 ( 2022/01/18 ) and later QuTScloud c4.5.6: Proxy Server 1.4.2 ( 2021/12/30 ) and later" } ] }, @@ -95,8 +95,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.qnap.com/en/security-advisory/qsa-22-18" + "refsource": "MISC", + "url": "https://www.qnap.com/en/security-advisory/qsa-22-18", + "name": "https://www.qnap.com/en/security-advisory/qsa-22-18" } ] }, diff --git a/2021/4xxx/CVE-2021-4231.json b/2021/4xxx/CVE-2021-4231.json index 42acf636f5c..d76e2773322 100644 --- a/2021/4xxx/CVE-2021-4231.json +++ b/2021/4xxx/CVE-2021-4231.json @@ -1,101 +1,109 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-4231", - "TITLE": "Angular Comment cross site scripting", - "REQUESTER": "cna@vuldb.com", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" - }, - "generator": "vuldb.com", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "", - "product": { - "product_data": [ - { - "product_name": "Angular", - "version": { - "version_data": [ - { - "version_value": "11.0.0" - }, - { - "version_value": "11.0.1" - }, - { - "version_value": "11.0.2" - }, - { - "version_value": "11.0.3" - }, - { - "version_value": "11.0.4" - }, - { - "version_value": "11.1.0-next.0" - }, - { - "version_value": "11.1.0-next.1" - }, - { - "version_value": "11.1.0-next.2" - } - ] - } - } - ] - } - } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Cross Site Scripting" - } - ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability was found in Angular up to 11.0.4\/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 11.0.5 and 11.1.0-next.3 is able to address this issue. The name of the patch is ba8da742e3b243e8f43d4c63aa842b44e14f2b09. It is recommended to upgrade the affected component." - } - ] - }, - "credit": "Mi\u0161ko Hevery", - "impact": { - "cvss": { - "version": "3.1", - "baseScore": "3.5", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" - } - }, - "references": { - "reference_data": [ - { - "url": "https:\/\/github.com\/angular\/angular\/issues\/40136" - }, - { - "url": "https:\/\/github.com\/angular\/angular\/commit\/ba8da742e3b243e8f43d4c63aa842b44e14f2b09" - }, - { - "url": "https:\/\/security.snyk.io\/vuln\/SNYK-JS-ANGULARCORE-1070902" - }, - { - "url": "https:\/\/vuldb.com\/?id.181356" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4231", + "TITLE": "Angular Comment cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "Angular", + "version": { + "version_data": [ + { + "version_value": "11.0.0" + }, + { + "version_value": "11.0.1" + }, + { + "version_value": "11.0.2" + }, + { + "version_value": "11.0.3" + }, + { + "version_value": "11.0.4" + }, + { + "version_value": "11.1.0-next.0" + }, + { + "version_value": "11.1.0-next.1" + }, + { + "version_value": "11.1.0-next.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 11.0.5 and 11.1.0-next.3 is able to address this issue. The name of the patch is ba8da742e3b243e8f43d4c63aa842b44e14f2b09. It is recommended to upgrade the affected component." + } + ] + }, + "credit": "Mi\u0161ko Hevery", + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/angular/angular/issues/40136", + "refsource": "MISC", + "name": "https://github.com/angular/angular/issues/40136" + }, + { + "url": "https://github.com/angular/angular/commit/ba8da742e3b243e8f43d4c63aa842b44e14f2b09", + "refsource": "MISC", + "name": "https://github.com/angular/angular/commit/ba8da742e3b243e8f43d4c63aa842b44e14f2b09" + }, + { + "url": "https://security.snyk.io/vuln/SNYK-JS-ANGULARCORE-1070902", + "refsource": "MISC", + "name": "https://security.snyk.io/vuln/SNYK-JS-ANGULARCORE-1070902" + }, + { + "url": "https://vuldb.com/?id.181356", + "refsource": "MISC", + "name": "https://vuldb.com/?id.181356" + } + ] + } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1664.json b/2022/1xxx/CVE-2022-1664.json index 3802bcf9472..7ee7f04bba5 100644 --- a/2022/1xxx/CVE-2022-1664.json +++ b/2022/1xxx/CVE-2022-1664.json @@ -75,28 +75,34 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b" + "refsource": "MISC", + "url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b", + "name": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b" }, { - "refsource": "CONFIRM", - "url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5" + "refsource": "MISC", + "url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5", + "name": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5" }, { - "refsource": "CONFIRM", - "url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495" + "refsource": "MISC", + "url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495", + "name": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495" }, { - "refsource": "CONFIRM", - "url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be" + "refsource": "MISC", + "url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be", + "name": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be" }, { - "refsource": "CONFIRM", - "url": "https://lists.debian.org/debian-security-announce/2022/msg00115.html" + "refsource": "MISC", + "url": "https://lists.debian.org/debian-security-announce/2022/msg00115.html", + "name": "https://lists.debian.org/debian-security-announce/2022/msg00115.html" }, { - "refsource": "CONFIRM", - "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html" + "refsource": "MISC", + "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html", + "name": "https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html" } ] }, diff --git a/2022/1xxx/CVE-2022-1895.json b/2022/1xxx/CVE-2022-1895.json new file mode 100644 index 00000000000..2c558d26c3b --- /dev/null +++ b/2022/1xxx/CVE-2022-1895.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-1895", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1896.json b/2022/1xxx/CVE-2022-1896.json new file mode 100644 index 00000000000..a0d652565c2 --- /dev/null +++ b/2022/1xxx/CVE-2022-1896.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-1896", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21500.json b/2022/21xxx/CVE-2022-21500.json index 5be3a612e1d..95e17d82db0 100644 --- a/2022/21xxx/CVE-2022-21500.json +++ b/2022/21xxx/CVE-2022-21500.json @@ -7,57 +7,57 @@ "ID": "CVE-2022-21500", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Oracle E-Business Suite", - "version": { - "version_data": [ - { - "version_value": "12.2", - "version_affected": "=" - } - ] - } - } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in Oracle E-Business Suite (component: Manage Proxies). The supported version that is affected is 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Suite accessible data. Note: Authentication is required for successful attack, however the user may be self-registered.

Oracle E-Business Suite 12.1 is not impacted by this vulnerability. Customers should refer to the Patch Availability Document for details. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "7.5", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Suite accessible data." - } - ] - } - ] - }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle E-Business Suite", + "version": { + "version_data": [ + { + "version_value": "12.2", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in Oracle E-Business Suite (component: Manage Proxies). The supported version that is affected is 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Suite accessible data. Note: Authentication is required for successful attack, however the user may be self-registered.

Oracle E-Business Suite 12.1 is not impacted by this vulnerability. Customers should refer to the Patch Availability Document for details. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Suite accessible data." + } + ] + } + ] + }, "references": { "reference_data": [ { diff --git a/2022/29xxx/CVE-2022-29660.json b/2022/29xxx/CVE-2022-29660.json index 2ac20710caf..e7bb552057c 100644 --- a/2022/29xxx/CVE-2022-29660.json +++ b/2022/29xxx/CVE-2022-29660.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-29660", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-29660", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/pic/del." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/chshcms/cscms/issues/25#issue-1207649017", + "refsource": "MISC", + "name": "https://github.com/chshcms/cscms/issues/25#issue-1207649017" } ] } diff --git a/2022/29xxx/CVE-2022-29661.json b/2022/29xxx/CVE-2022-29661.json index 8389f06a5ea..c9a59e2d002 100644 --- a/2022/29xxx/CVE-2022-29661.json +++ b/2022/29xxx/CVE-2022-29661.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-29661", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-29661", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/save." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/chshcms/cscms/issues/21#issue-1207638326", + "refsource": "MISC", + "name": "https://github.com/chshcms/cscms/issues/21#issue-1207638326" } ] } diff --git a/2022/29xxx/CVE-2022-29662.json b/2022/29xxx/CVE-2022-29662.json index e3f661bc926..ce7681fe003 100644 --- a/2022/29xxx/CVE-2022-29662.json +++ b/2022/29xxx/CVE-2022-29662.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-29662", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-29662", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/news/save." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/chshcms/cscms/issues/17#issue-1207624107", + "refsource": "MISC", + "name": "https://github.com/chshcms/cscms/issues/17#issue-1207624107" } ] } diff --git a/2022/29xxx/CVE-2022-29663.json b/2022/29xxx/CVE-2022-29663.json index 1ba40f18a82..3423132cdde 100644 --- a/2022/29xxx/CVE-2022-29663.json +++ b/2022/29xxx/CVE-2022-29663.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-29663", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-29663", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/hy." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/chshcms/cscms/issues/22#issue-1207641519", + "refsource": "MISC", + "name": "https://github.com/chshcms/cscms/issues/22#issue-1207641519" } ] } diff --git a/2022/29xxx/CVE-2022-29664.json b/2022/29xxx/CVE-2022-29664.json index c7b70c3b640..4096c1c8000 100644 --- a/2022/29xxx/CVE-2022-29664.json +++ b/2022/29xxx/CVE-2022-29664.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-29664", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-29664", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/pl_save." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/chshcms/cscms/issues/23#issue-1207644525", + "refsource": "MISC", + "name": "https://github.com/chshcms/cscms/issues/23#issue-1207644525" } ] } diff --git a/2022/29xxx/CVE-2022-29665.json b/2022/29xxx/CVE-2022-29665.json index 06208f31bdf..17991ce04f4 100644 --- a/2022/29xxx/CVE-2022-29665.json +++ b/2022/29xxx/CVE-2022-29665.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-29665", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-29665", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/topic/save." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/chshcms/cscms/issues/19#issue-1207631855", + "refsource": "MISC", + "name": "https://github.com/chshcms/cscms/issues/19#issue-1207631855" } ] } diff --git a/2022/29xxx/CVE-2022-29666.json b/2022/29xxx/CVE-2022-29666.json index e13b1f4dead..2ebf5960ac9 100644 --- a/2022/29xxx/CVE-2022-29666.json +++ b/2022/29xxx/CVE-2022-29666.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-29666", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-29666", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/chshcms/cscms/issues/24#issue-1207646618", + "refsource": "MISC", + "name": "https://github.com/chshcms/cscms/issues/24#issue-1207646618" } ] } diff --git a/2022/29xxx/CVE-2022-29667.json b/2022/29xxx/CVE-2022-29667.json index 5646ae0b5fb..930437f9d4f 100644 --- a/2022/29xxx/CVE-2022-29667.json +++ b/2022/29xxx/CVE-2022-29667.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-29667", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-29667", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via /admin.php/pic/admin/pic/hy. This vulnerability is exploited via restoring deleted photos." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/chshcms/cscms/issues/26#issue-1207651726", + "refsource": "MISC", + "name": "https://github.com/chshcms/cscms/issues/26#issue-1207651726" } ] } diff --git a/2022/29xxx/CVE-2022-29669.json b/2022/29xxx/CVE-2022-29669.json index 81709f802d6..67648ed054b 100644 --- a/2022/29xxx/CVE-2022-29669.json +++ b/2022/29xxx/CVE-2022-29669.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-29669", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-29669", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/lists/zhuan." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/chshcms/cscms/issues/20#issue-1207634969", + "refsource": "MISC", + "name": "https://github.com/chshcms/cscms/issues/20#issue-1207634969" } ] } diff --git a/2022/29xxx/CVE-2022-29670.json b/2022/29xxx/CVE-2022-29670.json index b2c6155965a..147101b474a 100644 --- a/2022/29xxx/CVE-2022-29670.json +++ b/2022/29xxx/CVE-2022-29670.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-29670", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-29670", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/del." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/chshcms/cscms/issues/21#issue-1207638326", + "refsource": "MISC", + "name": "https://github.com/chshcms/cscms/issues/21#issue-1207638326" } ] } diff --git a/2022/29xxx/CVE-2022-29676.json b/2022/29xxx/CVE-2022-29676.json index 565a457ddb0..4612eff02fd 100644 --- a/2022/29xxx/CVE-2022-29676.json +++ b/2022/29xxx/CVE-2022-29676.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-29676", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-29676", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/chshcms/cscms/issues/24#issue-1207646618", + "refsource": "MISC", + "name": "https://github.com/chshcms/cscms/issues/24#issue-1207646618" } ] } diff --git a/2022/29xxx/CVE-2022-29680.json b/2022/29xxx/CVE-2022-29680.json index 4d41b7a0654..7e0faa338ec 100644 --- a/2022/29xxx/CVE-2022-29680.json +++ b/2022/29xxx/CVE-2022-29680.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-29680", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-29680", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/zu_del." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/chshcms/cscms/issues/31#issue-1209052957", + "refsource": "MISC", + "name": "https://github.com/chshcms/cscms/issues/31#issue-1209052957" } ] } diff --git a/2022/29xxx/CVE-2022-29681.json b/2022/29xxx/CVE-2022-29681.json index d6957ec7d6c..8c394248582 100644 --- a/2022/29xxx/CVE-2022-29681.json +++ b/2022/29xxx/CVE-2022-29681.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-29681", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-29681", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Links/del." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/chshcms/cscms/issues/35#issue-1209058818", + "refsource": "MISC", + "name": "https://github.com/chshcms/cscms/issues/35#issue-1209058818" } ] } diff --git a/2022/29xxx/CVE-2022-29682.json b/2022/29xxx/CVE-2022-29682.json index 9c39c12b436..99003867430 100644 --- a/2022/29xxx/CVE-2022-29682.json +++ b/2022/29xxx/CVE-2022-29682.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-29682", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-29682", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/vod/admin/topic/del." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/chshcms/cscms/issues/36#issue-1209060196", + "refsource": "MISC", + "name": "https://github.com/chshcms/cscms/issues/36#issue-1209060196" } ] } diff --git a/2022/29xxx/CVE-2022-29683.json b/2022/29xxx/CVE-2022-29683.json index 25119189118..22c991fcffc 100644 --- a/2022/29xxx/CVE-2022-29683.json +++ b/2022/29xxx/CVE-2022-29683.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-29683", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-29683", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/page_del." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/chshcms/cscms/issues/34#issue-1209056912", + "refsource": "MISC", + "name": "https://github.com/chshcms/cscms/issues/34#issue-1209056912" } ] } diff --git a/2022/29xxx/CVE-2022-29684.json b/2022/29xxx/CVE-2022-29684.json index a06676dfca4..da936cf12ca 100644 --- a/2022/29xxx/CVE-2022-29684.json +++ b/2022/29xxx/CVE-2022-29684.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-29684", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-29684", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/js_del." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/chshcms/cscms/issues/33#issue-1209055493", + "refsource": "MISC", + "name": "https://github.com/chshcms/cscms/issues/33#issue-1209055493" } ] } diff --git a/2022/29xxx/CVE-2022-29685.json b/2022/29xxx/CVE-2022-29685.json index 25ffb94c819..c3639cce5d1 100644 --- a/2022/29xxx/CVE-2022-29685.json +++ b/2022/29xxx/CVE-2022-29685.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-29685", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-29685", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/User/level_sort." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/chshcms/cscms/issues/32#issue-1209054307", + "refsource": "MISC", + "name": "https://github.com/chshcms/cscms/issues/32#issue-1209054307" } ] } diff --git a/2022/29xxx/CVE-2022-29686.json b/2022/29xxx/CVE-2022-29686.json index a57603b63b2..fd271a00566 100644 --- a/2022/29xxx/CVE-2022-29686.json +++ b/2022/29xxx/CVE-2022-29686.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-29686", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-29686", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/lists/zhuan." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/chshcms/cscms/issues/29#issue-1209046027", + "refsource": "MISC", + "name": "https://github.com/chshcms/cscms/issues/29#issue-1209046027" } ] } diff --git a/2022/29xxx/CVE-2022-29687.json b/2022/29xxx/CVE-2022-29687.json index 9cf637bef28..a9434661ee3 100644 --- a/2022/29xxx/CVE-2022-29687.json +++ b/2022/29xxx/CVE-2022-29687.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-29687", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-29687", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/level_del." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/chshcms/cscms/issues/30#issue-1209049714", + "refsource": "MISC", + "name": "https://github.com/chshcms/cscms/issues/30#issue-1209049714" } ] } diff --git a/2022/29xxx/CVE-2022-29688.json b/2022/29xxx/CVE-2022-29688.json index 252d18fe474..64ace7afba1 100644 --- a/2022/29xxx/CVE-2022-29688.json +++ b/2022/29xxx/CVE-2022-29688.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-29688", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-29688", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/hy." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/chshcms/cscms/issues/27#issue-1209040138", + "refsource": "MISC", + "name": "https://github.com/chshcms/cscms/issues/27#issue-1209040138" } ] } diff --git a/2022/29xxx/CVE-2022-29689.json b/2022/29xxx/CVE-2022-29689.json index 6bcfe83d28b..7599577a668 100644 --- a/2022/29xxx/CVE-2022-29689.json +++ b/2022/29xxx/CVE-2022-29689.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-29689", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-29689", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/del." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/chshcms/cscms/issues/28#issue-1209044410", + "refsource": "MISC", + "name": "https://github.com/chshcms/cscms/issues/28#issue-1209044410" } ] }