From 30c2c8a79d656e80ccc6d5c2ca66ca53ba89800e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 1 Aug 2022 20:00:51 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/2xxx/CVE-2022-2602.json | 18 ++++++++++ 2022/31xxx/CVE-2022-31177.json | 2 +- 2022/31xxx/CVE-2022-31178.json | 2 +- 2022/31xxx/CVE-2022-31179.json | 10 +++--- 2022/31xxx/CVE-2022-31181.json | 2 +- 2022/31xxx/CVE-2022-31186.json | 12 +++---- 2022/31xxx/CVE-2022-31188.json | 2 +- 2022/31xxx/CVE-2022-31321.json | 61 ++++++++++++++++++++++++++++++---- 2022/34xxx/CVE-2022-34530.json | 61 ++++++++++++++++++++++++++++++---- 2022/35xxx/CVE-2022-35118.json | 61 ++++++++++++++++++++++++++++++---- 10 files changed, 198 insertions(+), 33 deletions(-) create mode 100644 2022/2xxx/CVE-2022-2602.json diff --git a/2022/2xxx/CVE-2022-2602.json b/2022/2xxx/CVE-2022-2602.json new file mode 100644 index 00000000000..225db595243 --- /dev/null +++ b/2022/2xxx/CVE-2022-2602.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2602", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/31xxx/CVE-2022-31177.json b/2022/31xxx/CVE-2022-31177.json index 027782aafb6..518ac8eda2f 100644 --- a/2022/31xxx/CVE-2022-31177.json +++ b/2022/31xxx/CVE-2022-31177.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "Flask-AppBuilder is an application development framework built on top of Flask python framework. In versions prior to 4.1.3 an authenticated Admin user could query other users by their salted and hashed passwords strings. These filters could be made by using partial hashed password strings. The response would not include the hashed passwords, but an attacker could infer partial password hashes and their respective users. This issue has been fixed in version 4.1.3. Users are advised to upgrade. There are no known workarounds for this issue.\n" + "value": "Flask-AppBuilder is an application development framework built on top of Flask python framework. In versions prior to 4.1.3 an authenticated Admin user could query other users by their salted and hashed passwords strings. These filters could be made by using partial hashed password strings. The response would not include the hashed passwords, but an attacker could infer partial password hashes and their respective users. This issue has been fixed in version 4.1.3. Users are advised to upgrade. There are no known workarounds for this issue." } ] }, diff --git a/2022/31xxx/CVE-2022-31178.json b/2022/31xxx/CVE-2022-31178.json index 346510853fd..b1d881ccf07 100644 --- a/2022/31xxx/CVE-2022-31178.json +++ b/2022/31xxx/CVE-2022-31178.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "eLabFTW is an electronic lab notebook manager for research teams. A vulnerability was discovered which allows a logged in user to read a template without being authorized to do so. This vulnerability has been patched in 4.3.4. Users are advised to upgrade. There are no known workarounds for this issue.\n" + "value": "eLabFTW is an electronic lab notebook manager for research teams. A vulnerability was discovered which allows a logged in user to read a template without being authorized to do so. This vulnerability has been patched in 4.3.4. Users are advised to upgrade. There are no known workarounds for this issue." } ] }, diff --git a/2022/31xxx/CVE-2022-31179.json b/2022/31xxx/CVE-2022-31179.json index 3582456f17e..c0aaf724b62 100644 --- a/2022/31xxx/CVE-2022-31179.json +++ b/2022/31xxx/CVE-2022-31179.json @@ -69,6 +69,11 @@ }, "references": { "reference_data": [ + { + "name": "https://github.com/ericcornelissen/shescape/releases/tag/v1.5.8", + "refsource": "MISC", + "url": "https://github.com/ericcornelissen/shescape/releases/tag/v1.5.8" + }, { "name": "https://github.com/ericcornelissen/shescape/security/advisories/GHSA-jjc5-fp7p-6f8w", "refsource": "CONFIRM", @@ -78,11 +83,6 @@ "name": "https://github.com/ericcornelissen/shescape/pull/332", "refsource": "MISC", "url": "https://github.com/ericcornelissen/shescape/pull/332" - }, - { - "name": "https://github.com/ericcornelissen/shescape/releases/tag/v1.5.8", - "refsource": "MISC", - "url": "https://github.com/ericcornelissen/shescape/releases/tag/v1.5.8" } ] }, diff --git a/2022/31xxx/CVE-2022-31181.json b/2022/31xxx/CVE-2022-31181.json index 1633b89b369..6eb697fbc28 100644 --- a/2022/31xxx/CVE-2022-31181.json +++ b/2022/31xxx/CVE-2022-31181.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP's Eval function on attacker input. The problem is fixed in version 1.7.8.7. Users are advised to upgrade. Users unable to upgrade may delete the MySQL Smarty cache feature.\n" + "value": "PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP's Eval function on attacker input. The problem is fixed in version 1.7.8.7. Users are advised to upgrade. Users unable to upgrade may delete the MySQL Smarty cache feature." } ] }, diff --git a/2022/31xxx/CVE-2022-31186.json b/2022/31xxx/CVE-2022-31186.json index a6b9da6a9f3..680e563487f 100644 --- a/2022/31xxx/CVE-2022-31186.json +++ b/2022/31xxx/CVE-2022-31186.json @@ -72,6 +72,11 @@ }, "references": { "reference_data": [ + { + "name": "https://next-auth.js.org/getting-started/upgrade-v4", + "refsource": "MISC", + "url": "https://next-auth.js.org/getting-started/upgrade-v4" + }, { "name": "https://github.com/nextauthjs/next-auth/security/advisories/GHSA-p6mm-27gq-9v3p", "refsource": "CONFIRM", @@ -82,11 +87,6 @@ "refsource": "MISC", "url": "https://next-auth.js.org/configuration/options#logger" }, - { - "name": "https://next-auth.js.org/getting-started/upgrade-v4", - "refsource": "MISC", - "url": "https://next-auth.js.org/getting-started/upgrade-v4" - }, { "name": "https://next-auth.js.org/warnings#debug_enabled", "refsource": "MISC", @@ -98,4 +98,4 @@ "advisory": "GHSA-p6mm-27gq-9v3p", "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2022/31xxx/CVE-2022-31188.json b/2022/31xxx/CVE-2022-31188.json index bb04f755c77..d88f5003aa9 100644 --- a/2022/31xxx/CVE-2022-31188.json +++ b/2022/31xxx/CVE-2022-31188.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "CVAT is an opensource interactive video and image annotation tool for computer vision. Versions prior to 2.0.0 were found to be subject to a Server-side request forgery (SSRF) vulnerability. Validation has been added to urls used in the affected code path in version 2.0.0. Users are advised to upgrade. There are no known workarounds for this issue.\n" + "value": "CVAT is an opensource interactive video and image annotation tool for computer vision. Versions prior to 2.0.0 were found to be subject to a Server-side request forgery (SSRF) vulnerability. Validation has been added to urls used in the affected code path in version 2.0.0. Users are advised to upgrade. There are no known workarounds for this issue." } ] }, diff --git a/2022/31xxx/CVE-2022-31321.json b/2022/31xxx/CVE-2022-31321.json index 6641587566a..b1f1e5d62e3 100644 --- a/2022/31xxx/CVE-2022-31321.json +++ b/2022/31xxx/CVE-2022-31321.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-31321", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-31321", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The foldername parameter in Bolt 5.1.7 was discovered to have incorrect input validation, allowing attackers to perform directory enumeration or cause a Denial of Service (DoS) via a crafted input." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://bolt.com", + "refsource": "MISC", + "name": "http://bolt.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md", + "url": "https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md" } ] } diff --git a/2022/34xxx/CVE-2022-34530.json b/2022/34xxx/CVE-2022-34530.json index 985605b6800..e8826ea00a4 100644 --- a/2022/34xxx/CVE-2022-34530.json +++ b/2022/34xxx/CVE-2022-34530.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-34530", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-34530", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers to enumerate usernames via password reset requests and distinct responses returned based on usernames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md", + "url": "https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md" + }, + { + "url": "http://backdrop.com", + "refsource": "MISC", + "name": "http://backdrop.com" } ] } diff --git a/2022/35xxx/CVE-2022-35118.json b/2022/35xxx/CVE-2022-35118.json index 9efea1a7014..062ae401e8a 100644 --- a/2022/35xxx/CVE-2022-35118.json +++ b/2022/35xxx/CVE-2022-35118.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-35118", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-35118", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PyroCMS v3.9 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md", + "url": "https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md" + }, + { + "url": "http://pyrocms.com", + "refsource": "MISC", + "name": "http://pyrocms.com" } ] }