From 2bed3fccae26d89631afd0eb61193df94cc71ef4 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 18 Feb 2022 19:01:11 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/43xxx/CVE-2021-43062.json | 15 ++- 2021/46xxx/CVE-2021-46036.json | 56 ++++++++-- 2021/46xxx/CVE-2021-46037.json | 56 ++++++++-- 2022/0xxx/CVE-2022-0633.json | 185 +++++++++++++++++---------------- 4 files changed, 205 insertions(+), 107 deletions(-) diff --git a/2021/43xxx/CVE-2021-43062.json b/2021/43xxx/CVE-2021-43062.json index c0ca6a97b99..b8e0149912c 100644 --- a/2021/43xxx/CVE-2021-43062.json +++ b/2021/43xxx/CVE-2021-43062.json @@ -11,21 +11,21 @@ "vendor": { "vendor_data": [ { + "vendor_name": "Fortinet", "product": { "product_data": [ { - "product_name": "n/a", + "product_name": "Fortinet FortiMail", "version": { "version_data": [ { - "version_value": "n/a" + "version_value": "FortiMail 7.0.1, 7.0.0, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.11, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0" } ] } } ] - }, - "vendor_name": "n/a" + } } ] } @@ -52,7 +52,7 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "Execute unauthorized code or commands" } ] } @@ -64,6 +64,11 @@ "refsource": "CONFIRM", "name": "https://fortiguard.com/advisory/FG-IR-21-185", "url": "https://fortiguard.com/advisory/FG-IR-21-185" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/166055/Fortinet-Fortimail-7.0.1-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/166055/Fortinet-Fortimail-7.0.1-Cross-Site-Scripting.html" } ] }, diff --git a/2021/46xxx/CVE-2021-46036.json b/2021/46xxx/CVE-2021-46036.json index 4d79e6c76fb..8036bc140e1 100644 --- a/2021/46xxx/CVE-2021-46036.json +++ b/2021/46xxx/CVE-2021-46036.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-46036", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-46036", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An arbitrary file upload vulnerability in the component /ms/file/uploadTemplate.do of MCMS v5.2.4 allows attackers to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://lycshub.github.io/2021/12/28/MCMS-vulnerabilities/", + "refsource": "MISC", + "name": "https://lycshub.github.io/2021/12/28/MCMS-vulnerabilities/" } ] } diff --git a/2021/46xxx/CVE-2021-46037.json b/2021/46xxx/CVE-2021-46037.json index 68736562c01..fe8b1209cd4 100644 --- a/2021/46xxx/CVE-2021-46037.json +++ b/2021/46xxx/CVE-2021-46037.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-46037", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-46037", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "MCMS v5.2.4 was discovered to contain an arbitrary file deletion vulnerability via the component /template/unzip.do." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://lycshub.github.io/2021/12/28/MCMS-vulnerabilities/", + "refsource": "MISC", + "name": "https://lycshub.github.io/2021/12/28/MCMS-vulnerabilities/" } ] } diff --git a/2022/0xxx/CVE-2022-0633.json b/2022/0xxx/CVE-2022-0633.json index b65777e7c7c..63a2466908c 100644 --- a/2022/0xxx/CVE-2022-0633.json +++ b/2022/0xxx/CVE-2022-0633.json @@ -1,97 +1,102 @@ { - "CVE_data_meta": { - "ID": "CVE-2022-0633", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "UpdraftPlus Free < 1.22.3 & Premium < 2.22.3 - Subscriber+ Backup Download" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "UpdraftPlus", - "product": { - "product_data": [ - { - "product_name": "UpdraftPlus WordPress Backup Plugin (Free)", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "1.22.3", - "version_value": "1.22.3" + "CVE_data_meta": { + "ID": "CVE-2022-0633", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "UpdraftPlus Free < 1.22.3 & Premium < 2.22.3 - Subscriber+ Backup Download" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "UpdraftPlus", + "product": { + "product_data": [ + { + "product_name": "UpdraftPlus WordPress Backup Plugin (Free)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.22.3", + "version_value": "1.22.3" + } + ] + } + }, + { + "product_name": "UpdraftPlus WordPress Backup Plugin (Premium)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.22.3", + "version_value": "2.22.3" + } + ] + } + } + ] } - ] } - }, - { - "product_name": "UpdraftPlus WordPress Backup Plugin (Premium)", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "2.22.3", - "version_value": "2.22.3" - } - ] - } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download the most recent site & database backup." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "url": "https://wpscan.com/vulnerability/d257c28f-3c7e-422b-a5c2-e618ed3c0bf3", - "name": "https://wpscan.com/vulnerability/d257c28f-3c7e-422b-a5c2-e618ed3c0bf3" - }, - { - "refsource": "CONFIRM", - "url": "https://updraftplus.com/updraftplus-security-release-1-22-3-2-22-3/", - "name": "https://updraftplus.com/updraftplus-security-release-1-22-3-2-22-3/" - }, - { - "refsource": "MISC", - "url": "https://jetpack.com/2022/02/17/severe-vulnerability-fixed-in-updraftplus-1-22-3/", - "name": "https://jetpack.com/2022/02/17/severe-vulnerability-fixed-in-updraftplus-1-22-3/" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-863 Incorrect Authorization", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download the most recent site & database backup." + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "Marc Montpas" + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/d257c28f-3c7e-422b-a5c2-e618ed3c0bf3", + "name": "https://wpscan.com/vulnerability/d257c28f-3c7e-422b-a5c2-e618ed3c0bf3" + }, + { + "refsource": "CONFIRM", + "url": "https://updraftplus.com/updraftplus-security-release-1-22-3-2-22-3/", + "name": "https://updraftplus.com/updraftplus-security-release-1-22-3-2-22-3/" + }, + { + "refsource": "MISC", + "url": "https://jetpack.com/2022/02/17/severe-vulnerability-fixed-in-updraftplus-1-22-3/", + "name": "https://jetpack.com/2022/02/17/severe-vulnerability-fixed-in-updraftplus-1-22-3/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/166059/WordPress-UpdraftPlus-1.22.2-Backup-Disclosure.html", + "url": "http://packetstormsecurity.com/files/166059/WordPress-UpdraftPlus-1.22.2-Backup-Disclosure.html" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-863 Incorrect Authorization", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Marc Montpas" + } + ], + "source": { + "discovery": "EXTERNAL" } - ], - "source": { - "discovery": "EXTERNAL" - } -} +} \ No newline at end of file