diff --git a/2021/24xxx/CVE-2021-24962.json b/2021/24xxx/CVE-2021-24962.json index 4e65c6484f3..fd1b2e26a9f 100644 --- a/2021/24xxx/CVE-2021-24962.json +++ b/2021/24xxx/CVE-2021-24962.json @@ -1,92 +1,92 @@ { - "CVE_data_meta": { - "ID": "CVE-2021-24962", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "WordPress File Upload < 4.16.3 - Contributor+ Path Traversal to RCE" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "WordPress File Upload", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "4.16.3", - "version_value": "4.16.3" + "CVE_data_meta": { + "ID": "CVE-2021-24962", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "WordPress File Upload < 4.16.3 - Contributor+ Path Traversal to RCE" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WordPress File Upload", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.16.3", + "version_value": "4.16.3" + } + ] + } + }, + { + "product_name": "WordPress File Upload Pro", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.16.3", + "version_value": "4.16.3" + } + ] + } + } + ] } - ] } - }, - { - "product_name": "WordPress File Upload Pro", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "4.16.3", - "version_value": "4.16.3" - } - ] - } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The WordPress File Upload Free and Pro WordPress plugins before 4.16.3 allow users with a role as low as Contributor to perform path traversal via a shortcode argument, which can then be used to upload a PHP code disguised as an image inside the auto-loaded directory of the plugin, resulting in arbitrary code execution." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "url": "https://wpscan.com/vulnerability/7a95b3f2-285e-40e3-aead-41932c207623", - "name": "https://wpscan.com/vulnerability/7a95b3f2-285e-40e3-aead-41932c207623" - }, - { - "refsource": "CONFIRM", - "url": "https://plugins.trac.wordpress.org/changeset/2677722", - "name": "https://plugins.trac.wordpress.org/changeset/2677722" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WordPress File Upload Free and Pro WordPress plugins before 4.16.3 allow users with a role as low as Contributor to perform path traversal via a shortcode argument, which can then be used to upload a PHP code disguised as an image inside the auto-loaded directory of the plugin, resulting in arbitrary code execution." + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "apple502j" + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://plugins.trac.wordpress.org/changeset/2677722", + "name": "https://plugins.trac.wordpress.org/changeset/2677722" + }, + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/7a95b3f2-285e-40e3-aead-41932c207623", + "name": "https://wpscan.com/vulnerability/7a95b3f2-285e-40e3-aead-41932c207623" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "apple502j" + } + ], + "source": { + "discovery": "EXTERNAL" } - ], - "source": { - "discovery": "EXTERNAL" - } -} +} \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25071.json b/2021/25xxx/CVE-2021-25071.json index c90f23e78f9..5f0427f7189 100644 --- a/2021/25xxx/CVE-2021-25071.json +++ b/2021/25xxx/CVE-2021-25071.json @@ -1,75 +1,75 @@ { - "CVE_data_meta": { - "ID": "CVE-2021-25071", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "Akismet Privacy Policies <= 2.0.1 - Reflected Cross-Site Scripting" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "Akismet Privacy Policies", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "2.0.1", - "version_value": "2.0.1" + "CVE_data_meta": { + "ID": "CVE-2021-25071", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Akismet Privacy Policies <= 2.0.1 - Reflected Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Akismet Privacy Policies", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "2.0.1", + "version_value": "2.0.1" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The WordPress plugin through 2.0.1 does not sanitise and escape the translation parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting" - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "url": "https://wpscan.com/vulnerability/53085936-fa07-4f00-a7dc-bbe98c51320e", - "name": "https://wpscan.com/vulnerability/53085936-fa07-4f00-a7dc-bbe98c51320e" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-79 Cross-site Scripting (XSS)", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WordPress plugin through 2.0.1 does not sanitise and escape the translation parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting" + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "Krzysztof ZajÄ…c" + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/53085936-fa07-4f00-a7dc-bbe98c51320e", + "name": "https://wpscan.com/vulnerability/53085936-fa07-4f00-a7dc-bbe98c51320e" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Krzysztof Zaj\u0105c" + } + ], + "source": { + "discovery": "EXTERNAL" } - ], - "source": { - "discovery": "EXTERNAL" - } -} +} \ No newline at end of file diff --git a/2021/44xxx/CVE-2021-44226.json b/2021/44xxx/CVE-2021-44226.json index e87ca573882..ef45ba4f3c9 100644 --- a/2021/44xxx/CVE-2021-44226.json +++ b/2021/44xxx/CVE-2021-44226.json @@ -66,6 +66,11 @@ "refsource": "FULLDISC", "name": "20220325 [SYSS-2021-058] Razer Synapse - Local Privilege Escalation", "url": "http://seclists.org/fulldisclosure/2022/Mar/51" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/166485/Razer-Synapse-3.6.x-DLL-Hijacking.html", + "url": "http://packetstormsecurity.com/files/166485/Razer-Synapse-3.6.x-DLL-Hijacking.html" } ] } diff --git a/2022/0xxx/CVE-2022-0679.json b/2022/0xxx/CVE-2022-0679.json index b9cb041117f..31bd27a2c81 100644 --- a/2022/0xxx/CVE-2022-0679.json +++ b/2022/0xxx/CVE-2022-0679.json @@ -1,75 +1,75 @@ { - "CVE_data_meta": { - "ID": "CVE-2022-0679", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "Narnoo Distributor <= 2.5.1 - Unauthenticated LFI to Arbitrary File Read / RCE" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "Narnoo Distributor", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "2.5.1", - "version_value": "2.5.1" + "CVE_data_meta": { + "ID": "CVE-2022-0679", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Narnoo Distributor <= 2.5.1 - Unauthenticated LFI to Arbitrary File Read / RCE" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Narnoo Distributor", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "2.5.1", + "version_value": "2.5.1" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The Narnoo Distributor WordPress plugin through 2.5.1 fails to validate and sanitize the lib_path parameter before it is passed into a call to require() via the narnoo_distributor_lib_request AJAX action (available to both unauthenticated and authenticated users) which results in the disclosure of arbitrary files as the content of the file is then displayed in the response as JSON data. This could also lead to RCE with various tricks but depends on the underlying system and it's configuration." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "url": "https://wpscan.com/vulnerability/0ea79eb1-6561-4c21-a20b-a1870863b0a8", - "name": "https://wpscan.com/vulnerability/0ea79eb1-6561-4c21-a20b-a1870863b0a8" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Narnoo Distributor WordPress plugin through 2.5.1 fails to validate and sanitize the lib_path parameter before it is passed into a call to require() via the narnoo_distributor_lib_request AJAX action (available to both unauthenticated and authenticated users) which results in the disclosure of arbitrary files as the content of the file is then displayed in the response as JSON data. This could also lead to RCE with various tricks but depends on the underlying system and it's configuration." + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "cydave" + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/0ea79eb1-6561-4c21-a20b-a1870863b0a8", + "name": "https://wpscan.com/vulnerability/0ea79eb1-6561-4c21-a20b-a1870863b0a8" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "cydave" + } + ], + "source": { + "discovery": "EXTERNAL" } - ], - "source": { - "discovery": "EXTERNAL" - } } \ No newline at end of file diff --git a/2022/26xxx/CVE-2022-26659.json b/2022/26xxx/CVE-2022-26659.json index ff6903c8cc7..5316eaed01f 100644 --- a/2022/26xxx/CVE-2022-26659.json +++ b/2022/26xxx/CVE-2022-26659.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://docs.docker.com/desktop/windows/release-notes/", "url": "https://docs.docker.com/desktop/windows/release-notes/" + }, + { + "refsource": "MISC", + "name": "https://github.com/hmsec/Advisories/blob/master/CVE-2022-26659.md", + "url": "https://github.com/hmsec/Advisories/blob/master/CVE-2022-26659.md" } ] } diff --git a/2022/26xxx/CVE-2022-26980.json b/2022/26xxx/CVE-2022-26980.json index 09b8573bf2c..b743baf55e0 100644 --- a/2022/26xxx/CVE-2022-26980.json +++ b/2022/26xxx/CVE-2022-26980.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-26980", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-26980", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Teampass 2.1.26 allows reflected XSS via the index.php PATH_INFO." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/nilsteampassnet/TeamPass/commits/teampass_2", + "refsource": "MISC", + "name": "https://github.com/nilsteampassnet/TeamPass/commits/teampass_2" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/RNPG/6919286e0daebce7634d0a744e060dca", + "url": "https://gist.github.com/RNPG/6919286e0daebce7634d0a744e060dca" } ] }