diff --git a/2021/39xxx/CVE-2021-39040.json b/2021/39xxx/CVE-2021-39040.json index 130515291d5..7f680715911 100644 --- a/2021/39xxx/CVE-2021-39040.json +++ b/2021/39xxx/CVE-2021-39040.json @@ -1,90 +1,90 @@ { - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2022-04-22T00:00:00", - "ID" : "CVE-2021-39040" - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6574003", - "url" : "https://www.ibm.com/support/pages/node/6574003", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6574003 (Planning Analytics Workspace)" - }, - { - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/214025", - "name" : "ibm-planning-cve202139040-file-upload (214025)" - } - ] - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Planning Analytics Workspace 2.0 could be vulnerable to malicious file upload by not validating the file types or sizes. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 214025." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } - ] - } - ] - }, - "data_format" : "MITRE", - "impact" : { - "cvssv3" : { - "BM" : { - "I" : "H", - "UI" : "R", - "A" : "N", - "C" : "L", - "SCORE" : "6.300", - "AV" : "N", - "AC" : "L", - "PR" : "L", - "S" : "U" - }, - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - } - } - }, - "data_type" : "CVE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2022-04-22T00:00:00", + "ID": "CVE-2021-39040" + }, + "references": { + "reference_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "2.0" - } - ] - }, - "product_name" : "Planning Analytics Workspace" - } - ] - }, - "vendor_name" : "IBM" + "name": "https://www.ibm.com/support/pages/node/6574003", + "url": "https://www.ibm.com/support/pages/node/6574003", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6574003 (Planning Analytics Workspace)" + }, + { + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/214025", + "name": "ibm-planning-cve202139040-file-upload (214025)" } - ] - } - }, - "data_version" : "4.0" -} + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Planning Analytics Workspace 2.0 could be vulnerable to malicious file upload by not validating the file types or sizes. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 214025." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "data_format": "MITRE", + "impact": { + "cvssv3": { + "BM": { + "I": "H", + "UI": "R", + "A": "N", + "C": "L", + "SCORE": "6.300", + "AV": "N", + "AC": "L", + "PR": "L", + "S": "U" + }, + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + } + } + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2.0" + } + ] + }, + "product_name": "Planning Analytics Workspace" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "data_version": "4.0" +} \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22392.json b/2022/22xxx/CVE-2022-22392.json index f8ba4f6f597..4394a9f809e 100644 --- a/2022/22xxx/CVE-2022-22392.json +++ b/2022/22xxx/CVE-2022-22392.json @@ -1,90 +1,90 @@ { - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "2.0" - } - ] - }, - "product_name" : "Planning Analytics Workspace" - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_version" : "4.0", - "CVE_data_meta" : { - "ID" : "CVE-2022-22392", - "DATE_PUBLIC" : "2022-04-22T00:00:00", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2.0" + } + ] + }, + "product_name": "Planning Analytics Workspace" + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "data_format" : "MITRE", - "description" : { - "description_data" : [ - { - "value" : "IBM Planning Analytics Local 2.0 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID: 222066.", - "lang" : "eng" - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6574003", - "url" : "https://www.ibm.com/support/pages/node/6574003", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6574003 (Planning Analytics Workspace)" - }, - { - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-planning-cve202222392-code-exec (222066)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/222066" - } - ] - }, - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "BM" : { - "SCORE" : "6.800", - "AV" : "N", - "PR" : "H", - "AC" : "L", - "S" : "U", - "I" : "H", - "UI" : "R", - "C" : "H", - "A" : "H" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } - } -} + } + }, + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-22392", + "DATE_PUBLIC": "2022-04-22T00:00:00", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "data_format": "MITRE", + "description": { + "description_data": [ + { + "value": "IBM Planning Analytics Local 2.0 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID: 222066.", + "lang": "eng" + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/6574003", + "url": "https://www.ibm.com/support/pages/node/6574003", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6574003 (Planning Analytics Workspace)" + }, + { + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "name": "ibm-planning-cve202222392-code-exec (222066)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/222066" + } + ] + }, + "data_type": "CVE", + "impact": { + "cvssv3": { + "BM": { + "SCORE": "6.800", + "AV": "N", + "PR": "H", + "AC": "L", + "S": "U", + "I": "H", + "UI": "R", + "C": "H", + "A": "H" + }, + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + } + } + } +} \ No newline at end of file diff --git a/2022/26xxx/CVE-2022-26596.json b/2022/26xxx/CVE-2022-26596.json index ae29024c8ae..486b127bf9d 100644 --- a/2022/26xxx/CVE-2022-26596.json +++ b/2022/26xxx/CVE-2022-26596.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-26596", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-26596", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in Journal module's web content display configuration page in Liferay Portal 7.1.0 through 7.3.3, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 8, allows remote attackers to inject arbitrary web script or HTML via web content template names." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://liferay.com", + "refsource": "MISC", + "name": "http://liferay.com" } ] } diff --git a/2022/26xxx/CVE-2022-26597.json b/2022/26xxx/CVE-2022-26597.json index f5d09382325..a6667f3751b 100644 --- a/2022/26xxx/CVE-2022-26597.json +++ b/2022/26xxx/CVE-2022-26597.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-26597", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-26597", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in the Layout module's Open Graph integration in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the site name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://liferay.com", + "refsource": "MISC", + "name": "http://liferay.com" } ] } diff --git a/2022/27xxx/CVE-2022-27374.json b/2022/27xxx/CVE-2022-27374.json index 7d70b997b61..57d6683165e 100644 --- a/2022/27xxx/CVE-2022-27374.json +++ b/2022/27xxx/CVE-2022-27374.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-27374", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-27374", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_42E328 at /goform/SysToolReboot." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/tianhui999/myCVE/blob/main/AX12/AX12.md", + "refsource": "MISC", + "name": "https://github.com/tianhui999/myCVE/blob/main/AX12/AX12.md" } ] } diff --git a/2022/27xxx/CVE-2022-27375.json b/2022/27xxx/CVE-2022-27375.json index 64a2f5c280a..32a1d263af3 100644 --- a/2022/27xxx/CVE-2022-27375.json +++ b/2022/27xxx/CVE-2022-27375.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-27375", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-27375", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_422168 at /goform/WifiExtraSet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/tianhui999/myCVE/blob/main/AX12/AX12-2.md", + "refsource": "MISC", + "name": "https://github.com/tianhui999/myCVE/blob/main/AX12/AX12-2.md" } ] }