From 338dadac961e9044befb2bcb065478752a181abf Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 8 Nov 2022 15:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/0xxx/CVE-2022-0564.json | 156 ++++++++++++++++----------------- 2022/24xxx/CVE-2022-24384.json | 132 ++++++++++++++-------------- 2022/24xxx/CVE-2022-24385.json | 132 ++++++++++++++-------------- 2022/24xxx/CVE-2022-24386.json | 132 ++++++++++++++-------------- 2022/24xxx/CVE-2022-24387.json | 131 +++++++++++++-------------- 2022/25xxx/CVE-2022-25151.json | 132 ++++++++++++++-------------- 2022/25xxx/CVE-2022-25152.json | 132 ++++++++++++++-------------- 2022/25xxx/CVE-2022-25153.json | 132 ++++++++++++++-------------- 2022/29xxx/CVE-2022-29822.json | 134 ++++++++++++++-------------- 2022/29xxx/CVE-2022-29823.json | 132 ++++++++++++++-------------- 2022/2xxx/CVE-2022-2421.json | 132 ++++++++++++++-------------- 2022/2xxx/CVE-2022-2422.json | 132 ++++++++++++++-------------- 2022/3xxx/CVE-2022-3892.json | 18 ++++ 2022/41xxx/CVE-2022-41757.json | 56 ++++++++++-- 2022/43xxx/CVE-2022-43343.json | 56 ++++++++++-- 2022/44xxx/CVE-2022-44311.json | 56 ++++++++++-- 2022/44xxx/CVE-2022-44312.json | 61 +++++++++++-- 2022/44xxx/CVE-2022-44313.json | 61 +++++++++++-- 2022/44xxx/CVE-2022-44314.json | 61 +++++++++++-- 2022/44xxx/CVE-2022-44315.json | 61 +++++++++++-- 2022/44xxx/CVE-2022-44316.json | 61 +++++++++++-- 2022/44xxx/CVE-2022-44317.json | 61 +++++++++++-- 2022/44xxx/CVE-2022-44318.json | 61 +++++++++++-- 2022/44xxx/CVE-2022-44319.json | 61 +++++++++++-- 2022/44xxx/CVE-2022-44320.json | 61 +++++++++++-- 2022/44xxx/CVE-2022-44321.json | 61 +++++++++++-- 2022/45xxx/CVE-2022-45049.json | 18 ++++ 2022/45xxx/CVE-2022-45050.json | 18 ++++ 2022/45xxx/CVE-2022-45051.json | 18 ++++ 2022/45xxx/CVE-2022-45052.json | 18 ++++ 2022/45xxx/CVE-2022-45053.json | 18 ++++ 2022/45xxx/CVE-2022-45054.json | 18 ++++ 2022/45xxx/CVE-2022-45055.json | 18 ++++ 2022/45xxx/CVE-2022-45056.json | 18 ++++ 2022/45xxx/CVE-2022-45057.json | 18 ++++ 2022/45xxx/CVE-2022-45058.json | 18 ++++ 36 files changed, 1703 insertions(+), 882 deletions(-) create mode 100644 2022/3xxx/CVE-2022-3892.json create mode 100644 2022/45xxx/CVE-2022-45049.json create mode 100644 2022/45xxx/CVE-2022-45050.json create mode 100644 2022/45xxx/CVE-2022-45051.json create mode 100644 2022/45xxx/CVE-2022-45052.json create mode 100644 2022/45xxx/CVE-2022-45053.json create mode 100644 2022/45xxx/CVE-2022-45054.json create mode 100644 2022/45xxx/CVE-2022-45055.json create mode 100644 2022/45xxx/CVE-2022-45056.json create mode 100644 2022/45xxx/CVE-2022-45057.json create mode 100644 2022/45xxx/CVE-2022-45058.json diff --git a/2022/0xxx/CVE-2022-0564.json b/2022/0xxx/CVE-2022-0564.json index 6912c7d1d65..07d9fbf9a7a 100644 --- a/2022/0xxx/CVE-2022-0564.json +++ b/2022/0xxx/CVE-2022-0564.json @@ -1,45 +1,12 @@ { - "CVE_data_meta": { - "ASSIGNER": "csirt@divd.nl", - "DATE_PUBLIC": "2022-02-21T14:30:00.000Z", - "ID": "CVE-2022-0564", - "STATE": "PUBLIC", - "TITLE": "Qlik Sense Enterprise Domain User enumeration" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Qlik Sense Enterprise on Windows", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "14.x", - "version_value": "14.44.0" - } - ] - } - } - ] - }, - "vendor_name": "Qlik Sense" - } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "This issue was discovered by Hidde Smit of DIVD. " - } - ], - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-0564", + "ASSIGNER": "csirt@divd.nl", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { @@ -48,70 +15,103 @@ } ] }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 5.3, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "version": "3.1" - } - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-204: Observable Response Discrepancy" + "value": "CWE-204: Observable Response Discrepancy", + "cweId": "CWE-204" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Qlik Sense", + "product": { + "product_data": [ + { + "product_name": "Qlik Sense Enterprise on Windows", + "version": { + "version_data": [ + { + "version_value": "14.x", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://csirt.divd.nl/cases/DIVD-2021-00021", - "refsource": "CONFIRM", - "url": "https://csirt.divd.nl/cases/DIVD-2021-00021" + "url": "https://csirt.divd.nl/cases/DIVD-2021-00021", + "refsource": "MISC", + "name": "https://csirt.divd.nl/cases/DIVD-2021-00021" }, { - "name": "https://csirt.divd.nl/cves/CVE-2022-0564", - "refsource": "CONFIRM", - "url": "https://csirt.divd.nl/cves/CVE-2022-0564" + "url": "https://csirt.divd.nl/cves/CVE-2022-0564", + "refsource": "MISC", + "name": "https://csirt.divd.nl/cves/CVE-2022-0564" }, { - "name": "https://community.qlik.com/t5/Release-Notes/Qlik-Sense-Enterprise-on-Windows-November-2021-Initial-Release/ta-p/1856531", - "refsource": "CONFIRM", - "url": "https://community.qlik.com/t5/Release-Notes/Qlik-Sense-Enterprise-on-Windows-November-2021-Initial-Release/ta-p/1856531" + "url": "https://community.qlik.com/t5/Release-Notes/Qlik-Sense-Enterprise-on-Windows-November-2021-Initial-Release/ta-p/1856531", + "refsource": "MISC", + "name": "https://community.qlik.com/t5/Release-Notes/Qlik-Sense-Enterprise-on-Windows-November-2021-Initial-Release/ta-p/1856531" } ] }, - "solution": [ - { - "lang": "eng", - "value": "Update Qlik Sense Enterprise on Windows to version 14.44.0 or higher." - } - ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, "source": { "advisory": "DIVD-2021-00021", "discovery": "INTERNAL" }, "work_around": [ { - "lang": "eng", + "lang": "en", "value": "Disable internet-facing NTLM endpoints, e.g. internal_windows_authentication, to avoid domain enumeration." } - ] -} + ], + "solution": [ + { + "lang": "en", + "value": "Update Qlik Sense Enterprise on Windows to version 14.44.0 or higher." + } + ], + "credits": [ + { + "lang": "en", + "value": "This issue was discovered by Hidde Smit of DIVD. " + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + ] + } +} \ No newline at end of file diff --git a/2022/24xxx/CVE-2022-24384.json b/2022/24xxx/CVE-2022-24384.json index c9406de1735..ead916ac897 100644 --- a/2022/24xxx/CVE-2022-24384.json +++ b/2022/24xxx/CVE-2022-24384.json @@ -1,45 +1,12 @@ { - "CVE_data_meta": { - "ASSIGNER": "csirt@divd.nl", - "DATE_PUBLIC": "2022-03-11T23:00:00.000Z", - "ID": "CVE-2022-24384", - "STATE": "PUBLIC", - "TITLE": "Reflective XSS on SmarterTrack v100.0.8019.14010" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "SmarterTrack", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "100.x", - "version_value": "Build 8075" - } - ] - } - } - ] - }, - "vendor_name": "SmarterTools" - } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "Discovered by Wietse Boonstra of DIVD" - } - ], - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-24384", + "ASSIGNER": "csirt@divd.nl", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { @@ -48,53 +15,86 @@ } ] }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.1" - } - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-79 Cross-site Scripting (XSS)" + "value": "CWE-79 Cross-site Scripting (XSS)", + "cweId": "CWE-79" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SmarterTools", + "product": { + "product_data": [ + { + "product_name": "SmarterTrack", + "version": { + "version_data": [ + { + "version_value": "100.x", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://csirt.divd.nl/DIVD-2021-00029", - "refsource": "CONFIRM", - "url": "https://csirt.divd.nl/DIVD-2021-00029" + "url": "https://csirt.divd.nl/DIVD-2021-00029", + "refsource": "MISC", + "name": "https://csirt.divd.nl/DIVD-2021-00029" }, { - "name": "https://csirt.divd.nl/CVE-2022-24384", - "refsource": "CONFIRM", - "url": "https://csirt.divd.nl/CVE-2022-24384" + "url": "https://csirt.divd.nl/CVE-2022-24384", + "refsource": "MISC", + "name": "https://csirt.divd.nl/CVE-2022-24384" } ] }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, "source": { "advisory": "DIVD-2021-00029", "discovery": "INTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Discovered by Wietse Boonstra of DIVD" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + ] } } \ No newline at end of file diff --git a/2022/24xxx/CVE-2022-24385.json b/2022/24xxx/CVE-2022-24385.json index 899640866f2..e5c5b581be6 100644 --- a/2022/24xxx/CVE-2022-24385.json +++ b/2022/24xxx/CVE-2022-24385.json @@ -1,45 +1,12 @@ { - "CVE_data_meta": { - "ASSIGNER": "csirt@divd.nl", - "DATE_PUBLIC": "2022-03-11T23:00:00.000Z", - "ID": "CVE-2022-24385", - "STATE": "PUBLIC", - "TITLE": "Information disclosure via direct object access on SmarterTrack v100.0.8019.14010" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "SmarterTrack", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "100.x", - "version_value": "Build 8075" - } - ] - } - } - ] - }, - "vendor_name": "SmarterTools" - } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "Discovered by Wietse Boonstra of DIVD" - } - ], - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-24385", + "ASSIGNER": "csirt@divd.nl", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { @@ -48,53 +15,86 @@ } ] }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 6.5, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "version": "3.1" - } - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-425 Direct Request (Forced Browsing)" + "value": "CWE-425 Direct Request (Forced Browsing)", + "cweId": "CWE-425" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SmarterTools", + "product": { + "product_data": [ + { + "product_name": "SmarterTrack", + "version": { + "version_data": [ + { + "version_value": "100.x", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://csirt.divd.nl/DIVD-2021-00029", - "refsource": "CONFIRM", - "url": "https://csirt.divd.nl/DIVD-2021-00029" + "url": "https://csirt.divd.nl/DIVD-2021-00029", + "refsource": "MISC", + "name": "https://csirt.divd.nl/DIVD-2021-00029" }, { - "name": "https://csirt.divd.nl/CVE-2022-24385", - "refsource": "CONFIRM", - "url": "https://csirt.divd.nl/CVE-2022-24385" + "url": "https://csirt.divd.nl/CVE-2022-24385", + "refsource": "MISC", + "name": "https://csirt.divd.nl/CVE-2022-24385" } ] }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, "source": { "advisory": "DIVD-2021-00029", "discovery": "INTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Discovered by Wietse Boonstra of DIVD" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + ] } } \ No newline at end of file diff --git a/2022/24xxx/CVE-2022-24386.json b/2022/24xxx/CVE-2022-24386.json index e10f4343757..2548453dd51 100644 --- a/2022/24xxx/CVE-2022-24386.json +++ b/2022/24xxx/CVE-2022-24386.json @@ -1,45 +1,12 @@ { - "CVE_data_meta": { - "ASSIGNER": "csirt@divd.nl", - "DATE_PUBLIC": "2022-03-11T23:00:00.000Z", - "ID": "CVE-2022-24386", - "STATE": "PUBLIC", - "TITLE": "Stored XSS in SmarterTrack v100.0.8019.14010" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "SmarterTrack", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "100.x", - "version_value": "Build 8075" - } - ] - } - } - ] - }, - "vendor_name": "SmarterTools" - } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "Discovered by Wietse Boonstra of DIVD" - } - ], - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-24386", + "ASSIGNER": "csirt@divd.nl", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { @@ -48,53 +15,86 @@ } ] }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.1" - } - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-79 Cross-site Scripting (XSS)" + "value": "CWE-79 Cross-site Scripting (XSS)", + "cweId": "CWE-79" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SmarterTools", + "product": { + "product_data": [ + { + "product_name": "SmarterTrack", + "version": { + "version_data": [ + { + "version_value": "100.x", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://csirt.divd.nl/DIVD-2021-00029", - "refsource": "CONFIRM", - "url": "https://csirt.divd.nl/DIVD-2021-00029" + "url": "https://csirt.divd.nl/DIVD-2021-00029", + "refsource": "MISC", + "name": "https://csirt.divd.nl/DIVD-2021-00029" }, { - "name": "https://csirt.divd.nl/CVE-2022-24386", - "refsource": "CONFIRM", - "url": "https://csirt.divd.nl/CVE-2022-24386" + "url": "https://csirt.divd.nl/CVE-2022-24386", + "refsource": "MISC", + "name": "https://csirt.divd.nl/CVE-2022-24386" } ] }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, "source": { "advisory": "DIVD-2021-00029", "discovery": "INTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Discovered by Wietse Boonstra of DIVD" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + ] } } \ No newline at end of file diff --git a/2022/24xxx/CVE-2022-24387.json b/2022/24xxx/CVE-2022-24387.json index 0a5f6eea542..4f385c32f06 100644 --- a/2022/24xxx/CVE-2022-24387.json +++ b/2022/24xxx/CVE-2022-24387.json @@ -1,44 +1,12 @@ { - "CVE_data_meta": { - "ASSIGNER": "csirt@divd.nl", - "ID": "CVE-2022-24387", - "STATE": "PUBLIC", - "TITLE": "File upload and overwrite to app_data/Config in SmarterTrack v100.0.8019.14010" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "SmarterTrack", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "100.0.8019.x", - "version_value": "Build 8075" - } - ] - } - } - ] - }, - "vendor_name": "SmarterTools" - } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "Wietse Boonstra of DIVD" - } - ], - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-24387", + "ASSIGNER": "csirt@divd.nl", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { @@ -47,53 +15,86 @@ } ] }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 9.1, - "baseSeverity": "CRITICAL", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "HIGH", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", - "version": "3.1" - } - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-434 Unrestricted Upload of File with Dangerous Type" + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type", + "cweId": "CWE-434" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SmarterTools", + "product": { + "product_data": [ + { + "product_name": "SmarterTrack", + "version": { + "version_data": [ + { + "version_value": "100.0.8019.x", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://csirt.divd.nl/DIVD-2021-00029", - "refsource": "CONFIRM", - "url": "https://csirt.divd.nl/DIVD-2021-00029" + "url": "https://csirt.divd.nl/DIVD-2021-00029", + "refsource": "MISC", + "name": "https://csirt.divd.nl/DIVD-2021-00029" }, { - "name": "https://csrit.divd.nl/CVE-2022-24387", - "refsource": "CONFIRM", - "url": "https://csrit.divd.nl/CVE-2022-24387" + "url": "https://csrit.divd.nl/CVE-2022-24387", + "refsource": "MISC", + "name": "https://csrit.divd.nl/CVE-2022-24387" } ] }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, "source": { "advisory": "DIVD-2021-00029", "discovery": "INTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Wietse Boonstra of DIVD" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + ] } } \ No newline at end of file diff --git a/2022/25xxx/CVE-2022-25151.json b/2022/25xxx/CVE-2022-25151.json index f1beedeff34..de0527cd6e4 100644 --- a/2022/25xxx/CVE-2022-25151.json +++ b/2022/25xxx/CVE-2022-25151.json @@ -1,45 +1,12 @@ { - "CVE_data_meta": { - "ASSIGNER": "csirt@divd.nl", - "DATE_PUBLIC": "2022-02-23T16:42:00.000Z", - "ID": "CVE-2022-25151", - "STATE": "PUBLIC", - "TITLE": "ITarian - Session cookie not protected by HttpOnly flag" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "ITarian SaaS platform / on-premise", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "any version", - "version_value": "6.35.37347.20040" - } - ] - } - } - ] - }, - "vendor_name": "ITarian" - } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "This issue was discovered by Wietse Boonstra & Hidde Smit of DIVD. " - } - ], - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-25151", + "ASSIGNER": "csirt@divd.nl", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { @@ -48,53 +15,86 @@ } ] }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, - "impact": { - "cvss": { - "attackComplexity": "HIGH", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 7.5, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.1" - } - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-614 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute" + "value": "CWE-614 Sensitive Cookie in HTTPS Session Without Secure Attribute", + "cweId": "CWE-614" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ITarian", + "product": { + "product_data": [ + { + "product_name": "ITarian SaaS platform / on-premise", + "version": { + "version_data": [ + { + "version_value": "any version", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://csirt.divd.nl/DIVD-2021-00037", - "refsource": "CONFIRM", - "url": "https://csirt.divd.nl/DIVD-2021-00037" + "url": "https://csirt.divd.nl/DIVD-2021-00037", + "refsource": "MISC", + "name": "https://csirt.divd.nl/DIVD-2021-00037" }, { - "name": "https://csirt.divd.nl/CVE-2022-25151", - "refsource": "CONFIRM", - "url": "https://csirt.divd.nl/CVE-2022-25151" + "url": "https://csirt.divd.nl/CVE-2022-25151", + "refsource": "MISC", + "name": "https://csirt.divd.nl/CVE-2022-25151" } ] }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, "source": { "advisory": "DIVD-2021-00037", "discovery": "INTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "This issue was discovered by Wietse Boonstra & Hidde Smit of DIVD. " + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + ] } } \ No newline at end of file diff --git a/2022/25xxx/CVE-2022-25152.json b/2022/25xxx/CVE-2022-25152.json index 627245dece9..ed48e65fadd 100644 --- a/2022/25xxx/CVE-2022-25152.json +++ b/2022/25xxx/CVE-2022-25152.json @@ -1,45 +1,12 @@ { - "CVE_data_meta": { - "ASSIGNER": "csirt@divd.nl", - "DATE_PUBLIC": "2022-02-23T12:42:00.000Z", - "ID": "CVE-2022-25152", - "STATE": "PUBLIC", - "TITLE": "ITarian - Any user with a valid session token can create and execute agent procedures and bypass mandatory approvals" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "ITarian platform (SAAS / on-premise)", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "any version", - "version_value": "6.35.37347.20040" - } - ] - } - } - ] - }, - "vendor_name": "ITarian" - } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "This issue was discovered by Wietse Boonstra & Hidde Smit of DIVD. " - } - ], - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-25152", + "ASSIGNER": "csirt@divd.nl", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { @@ -48,53 +15,86 @@ } ] }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 9.9, - "baseSeverity": "CRITICAL", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", - "version": "3.1" - } - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-358 Improperly Implemented Security Check for Standard" + "value": "CWE-358 Improperly Implemented Security Check for Standard", + "cweId": "CWE-358" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ITarian", + "product": { + "product_data": [ + { + "product_name": "ITarian platform (SAAS / on-premise)", + "version": { + "version_data": [ + { + "version_value": "any version", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://csirt.divd.nl/DIVD-2021-00037", - "refsource": "CONFIRM", - "url": "https://csirt.divd.nl/DIVD-2021-00037" + "url": "https://csirt.divd.nl/DIVD-2021-00037", + "refsource": "MISC", + "name": "https://csirt.divd.nl/DIVD-2021-00037" }, { - "name": "https://csirt.divd.nl/CVE-2022-25152", - "refsource": "CONFIRM", - "url": "https://csirt.divd.nl/CVE-2022-25152" + "url": "https://csirt.divd.nl/CVE-2022-25152", + "refsource": "MISC", + "name": "https://csirt.divd.nl/CVE-2022-25152" } ] }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, "source": { "advisory": "DIVD-2021-00037", "discovery": "INTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "This issue was discovered by Wietse Boonstra & Hidde Smit of DIVD. " + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + ] } } \ No newline at end of file diff --git a/2022/25xxx/CVE-2022-25153.json b/2022/25xxx/CVE-2022-25153.json index 3970f0ea8e2..76d27349463 100644 --- a/2022/25xxx/CVE-2022-25153.json +++ b/2022/25xxx/CVE-2022-25153.json @@ -1,45 +1,12 @@ { - "CVE_data_meta": { - "ASSIGNER": "csirt@divd.nl", - "DATE_PUBLIC": "2022-02-23T10:40:00.000Z", - "ID": "CVE-2022-25153", - "STATE": "PUBLIC", - "TITLE": "ITarian - Local privilege escalation in Endpoint Manager agent on Windows" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Endpoint Manager Communication Client for Windows", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "any version", - "version_value": "6.43.41148.21120" - } - ] - } - } - ] - }, - "vendor_name": "ITarian" - } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "This issue was discovered by Wietse Boonstra & Hidde Smit of DIVD. " - } - ], - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-25153", + "ASSIGNER": "csirt@divd.nl", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { @@ -48,53 +15,86 @@ } ] }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "version": "3.1" - } - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-275 Permission Issues" + "value": "CWE-275 Permission Issues", + "cweId": "CWE-275" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ITarian", + "product": { + "product_data": [ + { + "product_name": "Endpoint Manager Communication Client for Windows", + "version": { + "version_data": [ + { + "version_value": "any version", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://csirt.divd.nl/cases/DIVD-2021-00037", - "refsource": "CONFIRM", - "url": "https://csirt.divd.nl/cases/DIVD-2021-00037" + "url": "https://csirt.divd.nl/cases/DIVD-2021-00037", + "refsource": "MISC", + "name": "https://csirt.divd.nl/cases/DIVD-2021-00037" }, { - "name": "https://csirt.divd.nl/CVE-2022-25153", - "refsource": "CONFIRM", - "url": "https://csirt.divd.nl/CVE-2022-25153" + "url": "https://csirt.divd.nl/CVE-2022-25153", + "refsource": "MISC", + "name": "https://csirt.divd.nl/CVE-2022-25153" } ] }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, "source": { "advisory": "DIVD-2021-00037", "discovery": "INTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "This issue was discovered by Wietse Boonstra & Hidde Smit of DIVD. " + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + ] } } \ No newline at end of file diff --git a/2022/29xxx/CVE-2022-29822.json b/2022/29xxx/CVE-2022-29822.json index 4466bc89919..97ea7b501bd 100644 --- a/2022/29xxx/CVE-2022-29822.json +++ b/2022/29xxx/CVE-2022-29822.json @@ -1,45 +1,12 @@ { - "CVE_data_meta": { - "ASSIGNER": "csirt@divd.nl", - "DATE_PUBLIC": "2022-10-25T22:00:00.000Z", - "ID": "CVE-2022-29822", - "STATE": "PUBLIC", - "TITLE": "Feathers - Improper parameter filtering in the Feathers js library, which may ultimately lead to SQL injection" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Feathers-Sequalize", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "6.x", - "version_value": "6.3.4" - } - ] - } - } - ] - }, - "vendor_name": "Feather js" - } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "Discovered by Thomas Rinsma and Kevin Valk (Codean)" - } - ], - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-29822", + "ASSIGNER": "csirt@divd.nl", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { @@ -48,53 +15,86 @@ } ] }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 10, - "baseSeverity": "CRITICAL", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "version": "3.1" - } - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-89 SQL Injection" + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Feather js", + "product": { + "product_data": [ + { + "product_name": "Feathers-Sequalize", + "version": { + "version_data": [ + { + "version_value": "6.x", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://csirt.divd.nl/cves/CVE-2022-29822/", - "refsource": "CONFIRM", - "url": "https://csirt.divd.nl/cves/CVE-2022-29822/" + "url": "https://csirt.divd.nl/cases/DIVD-2022-00020", + "refsource": "MISC", + "name": "https://csirt.divd.nl/cases/DIVD-2022-00020" }, { - "name": "https://csirt.divd.nl/cases/DIVD-2022-00020", - "refsource": "CONFIRM", - "url": "https://csirt.divd.nl/cases/DIVD-2022-00020" + "url": "https://csirt.divd.nl/cves/CVE-2022-29822/", + "refsource": "MISC", + "name": "https://csirt.divd.nl/cves/CVE-2022-29822/" } ] }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, "source": { "advisory": "DIVD-2022-00020", "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Discovered by Thomas Rinsma and Kevin Valk (Codean)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + ] } -} +} \ No newline at end of file diff --git a/2022/29xxx/CVE-2022-29823.json b/2022/29xxx/CVE-2022-29823.json index 7091a82019e..237e8e1d23c 100644 --- a/2022/29xxx/CVE-2022-29823.json +++ b/2022/29xxx/CVE-2022-29823.json @@ -1,45 +1,12 @@ { - "CVE_data_meta": { - "ASSIGNER": "csirt@divd.nl", - "DATE_PUBLIC": "2022-10-25T22:00:00.000Z", - "ID": "CVE-2022-29823", - "STATE": "PUBLIC", - "TITLE": "Feathers - Query \u201c__proto__\u201d is converted to real prototype" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Feathers-Sequalize", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "6.x", - "version_value": "6.3.4" - } - ] - } - } - ] - }, - "vendor_name": "Feather js" - } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "Discovered by Thomas Rinsma and Kevin Valk (Codean)" - } - ], - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-29823", + "ASSIGNER": "csirt@divd.nl", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { @@ -48,53 +15,86 @@ } ] }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 10, - "baseSeverity": "CRITICAL", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "version": "3.1" - } - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')" + "value": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\"Prototype Pollution\")", + "cweId": "CWE-1321" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Feather js", + "product": { + "product_data": [ + { + "product_name": "Feathers-Sequalize", + "version": { + "version_data": [ + { + "version_value": "6.x", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://csirt.divd.nl/cases/DIVD-2022-00020", - "refsource": "CONFIRM", - "url": "https://csirt.divd.nl/cases/DIVD-2022-00020" + "url": "https://csirt.divd.nl/cases/DIVD-2022-00020", + "refsource": "MISC", + "name": "https://csirt.divd.nl/cases/DIVD-2022-00020" }, { - "name": "https://csirt.divd.nl/cves/CVE-2022-29823/", - "refsource": "CONFIRM", - "url": "https://csirt.divd.nl/cves/CVE-2022-29823/" + "url": "https://csirt.divd.nl/cves/CVE-2022-29823/", + "refsource": "MISC", + "name": "https://csirt.divd.nl/cves/CVE-2022-29823/" } ] }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, "source": { "advisory": "DIVD-2022-00020", "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Discovered by Thomas Rinsma and Kevin Valk (Codean)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + ] } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2421.json b/2022/2xxx/CVE-2022-2421.json index 4535bd52d90..753f2afc6e6 100644 --- a/2022/2xxx/CVE-2022-2421.json +++ b/2022/2xxx/CVE-2022-2421.json @@ -1,45 +1,12 @@ { - "CVE_data_meta": { - "ASSIGNER": "csirt@divd.nl", - "DATE_PUBLIC": "2022-10-25T22:00:00.000Z", - "ID": "CVE-2022-2421", - "STATE": "PUBLIC", - "TITLE": "Socket.io - Improper type validation in attachment parsing" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Socket.io-Parser", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "4.x", - "version_value": "4.2.1" - } - ] - } - } - ] - }, - "vendor_name": "Socket.io" - } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "Discovered by Thomas Rinsma (Codean)" - } - ], - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-2421", + "ASSIGNER": "csirt@divd.nl", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { @@ -48,53 +15,86 @@ } ] }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, - "impact": { - "cvss": { - "version": "3.1", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "CHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "baseScore": 10, - "baseSeverity": "CRITICAL" - } - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-89 SQL Injection" + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Socket.io", + "product": { + "product_data": [ + { + "product_name": "Socket.io-Parser", + "version": { + "version_data": [ + { + "version_value": "4.x", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://csirt.divd.nl/cves/CVE-2022-2421", - "refsource": "CONFIRM", - "url": "https://csirt.divd.nl/cves/CVE-2022-2421" + "url": "https://csirt.divd.nl/cves/CVE-2022-2421", + "refsource": "MISC", + "name": "https://csirt.divd.nl/cves/CVE-2022-2421" }, { - "name": "https://csirt.divd.nl/cases/DIVD-2022-00045", - "refsource": "CONFIRM", - "url": "https://csirt.divd.nl/cases/DIVD-2022-00045" + "url": "https://csirt.divd.nl/cases/DIVD-2022-00045", + "refsource": "MISC", + "name": "https://csirt.divd.nl/cases/DIVD-2022-00045" } ] }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, "source": { "advisory": "DIVD-2022-00045", "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Discovered by Thomas Rinsma (Codean)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + ] } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2422.json b/2022/2xxx/CVE-2022-2422.json index 0694b5c9667..87e5e054b27 100644 --- a/2022/2xxx/CVE-2022-2422.json +++ b/2022/2xxx/CVE-2022-2422.json @@ -1,45 +1,12 @@ { - "CVE_data_meta": { - "ASSIGNER": "csirt@divd.nl", - "DATE_PUBLIC": "2022-10-25T22:00:00.000Z", - "ID": "CVE-2022-2422", - "STATE": "PUBLIC", - "TITLE": "Feathers - SQL injection via attribute aliases" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Feathers-Sequalize", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "6.x", - "version_value": "6.3.4" - } - ] - } - } - ] - }, - "vendor_name": "Feather js" - } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "Discovered by Thomas Rinsma and Kevin Valk (Codean)" - } - ], - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-2422", + "ASSIGNER": "csirt@divd.nl", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { @@ -48,53 +15,86 @@ } ] }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, - "impact": { - "cvss": { - "version": "3.1", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "CHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "baseScore": 10, - "baseSeverity": "CRITICAL" - } - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-89 SQL Injection" + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Feather js", + "product": { + "product_data": [ + { + "product_name": "Feathers-Sequalize", + "version": { + "version_data": [ + { + "version_value": "6.x", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://csirt.divd.nl/cases/DIVD-2022-00020", - "refsource": "CONFIRM", - "url": "https://csirt.divd.nl/cases/DIVD-2022-00020" + "url": "https://csirt.divd.nl/cases/DIVD-2022-00020", + "refsource": "MISC", + "name": "https://csirt.divd.nl/cases/DIVD-2022-00020" }, { - "name": "https://csirt.divd.nl/cves/CVE-2022-2422", - "refsource": "CONFIRM", - "url": "https://csirt.divd.nl/cves/CVE-2022-2422" + "url": "https://csirt.divd.nl/cves/CVE-2022-2422", + "refsource": "MISC", + "name": "https://csirt.divd.nl/cves/CVE-2022-2422" } ] }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, "source": { "advisory": "DIVD-2022-00020", "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Discovered by Thomas Rinsma and Kevin Valk (Codean)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + ] } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3892.json b/2022/3xxx/CVE-2022-3892.json new file mode 100644 index 00000000000..d8adddee675 --- /dev/null +++ b/2022/3xxx/CVE-2022-3892.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3892", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41757.json b/2022/41xxx/CVE-2022-41757.json index 5905f14e858..a93184a74d8 100644 --- a/2022/41xxx/CVE-2022-41757.json +++ b/2022/41xxx/CVE-2022-41757.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41757", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41757", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to obtain write access to read-only memory, or obtain access to already freed memory. This affects Valhall r29p0 through r38p1 before r38p2, and r39p0 before r40p0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities", + "refsource": "MISC", + "name": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities" } ] } diff --git a/2022/43xxx/CVE-2022-43343.json b/2022/43xxx/CVE-2022-43343.json index 329d58ece0a..f19295c9aab 100644 --- a/2022/43xxx/CVE-2022-43343.json +++ b/2022/43xxx/CVE-2022-43343.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-43343", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-43343", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "N-Prolog v1.91 was discovered to contain a global buffer overflow vulnerability in the function gettoken() at Main.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/sasagawa888/nprolog/issues/75", + "refsource": "MISC", + "name": "https://github.com/sasagawa888/nprolog/issues/75" } ] } diff --git a/2022/44xxx/CVE-2022-44311.json b/2022/44xxx/CVE-2022-44311.json index 34886427c32..7469d003588 100644 --- a/2022/44xxx/CVE-2022-44311.json +++ b/2022/44xxx/CVE-2022-44311.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-44311", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-44311", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "html2xhtml v1.3 was discovered to contain an Out-Of-Bounds read in the function static void elm_close(tree_node_t *nodo) at procesador.c. This vulnerability allows attackers to access sensitive files or cause a Denial of Service (DoS) via a crafted html file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/jfisteus/html2xhtml/issues/19", + "refsource": "MISC", + "name": "https://github.com/jfisteus/html2xhtml/issues/19" } ] } diff --git a/2022/44xxx/CVE-2022-44312.json b/2022/44xxx/CVE-2022-44312.json index bee283ee598..e409d0f9535 100644 --- a/2022/44xxx/CVE-2022-44312.json +++ b/2022/44xxx/CVE-2022-44312.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-44312", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-44312", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceInteger function in expression.c when called from ExpressionInfixOperator." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/jpoirier/picoc/issues/37", + "refsource": "MISC", + "name": "https://github.com/jpoirier/picoc/issues/37" + }, + { + "url": "https://gitlab.com/zsaleeba/picoc/-/issues/48", + "refsource": "MISC", + "name": "https://gitlab.com/zsaleeba/picoc/-/issues/48" } ] } diff --git a/2022/44xxx/CVE-2022-44313.json b/2022/44xxx/CVE-2022-44313.json index d36e48882cd..b0eaf2b3f67 100644 --- a/2022/44xxx/CVE-2022-44313.json +++ b/2022/44xxx/CVE-2022-44313.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-44313", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-44313", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceUnsignedInteger function in expression.c when called from ExpressionParseFunctionCall." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/jpoirier/picoc/issues/37", + "refsource": "MISC", + "name": "https://github.com/jpoirier/picoc/issues/37" + }, + { + "url": "https://gitlab.com/zsaleeba/picoc/-/issues/48", + "refsource": "MISC", + "name": "https://gitlab.com/zsaleeba/picoc/-/issues/48" } ] } diff --git a/2022/44xxx/CVE-2022-44314.json b/2022/44xxx/CVE-2022-44314.json index e9107f886b0..5de921ccc2b 100644 --- a/2022/44xxx/CVE-2022-44314.json +++ b/2022/44xxx/CVE-2022-44314.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-44314", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-44314", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StringStrncpy function in cstdlib/string.c when called from ExpressionParseFunctionCall." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/jpoirier/picoc/issues/37", + "refsource": "MISC", + "name": "https://github.com/jpoirier/picoc/issues/37" + }, + { + "url": "https://gitlab.com/zsaleeba/picoc/-/issues/48", + "refsource": "MISC", + "name": "https://gitlab.com/zsaleeba/picoc/-/issues/48" } ] } diff --git a/2022/44xxx/CVE-2022-44315.json b/2022/44xxx/CVE-2022-44315.json index 6af7213912a..79c2df73dd4 100644 --- a/2022/44xxx/CVE-2022-44315.json +++ b/2022/44xxx/CVE-2022-44315.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-44315", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-44315", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionAssign function in expression.c when called from ExpressionParseFunctionCall." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/jpoirier/picoc/issues/37", + "refsource": "MISC", + "name": "https://github.com/jpoirier/picoc/issues/37" + }, + { + "url": "https://gitlab.com/zsaleeba/picoc/-/issues/48", + "refsource": "MISC", + "name": "https://gitlab.com/zsaleeba/picoc/-/issues/48" } ] } diff --git a/2022/44xxx/CVE-2022-44316.json b/2022/44xxx/CVE-2022-44316.json index f5a5d8c3425..1bc9d655d44 100644 --- a/2022/44xxx/CVE-2022-44316.json +++ b/2022/44xxx/CVE-2022-44316.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-44316", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-44316", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the LexGetStringConstant function in lex.c when called from LexScanGetToken." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/jpoirier/picoc/issues/37", + "refsource": "MISC", + "name": "https://github.com/jpoirier/picoc/issues/37" + }, + { + "url": "https://gitlab.com/zsaleeba/picoc/-/issues/48", + "refsource": "MISC", + "name": "https://gitlab.com/zsaleeba/picoc/-/issues/48" } ] } diff --git a/2022/44xxx/CVE-2022-44317.json b/2022/44xxx/CVE-2022-44317.json index b43e06197eb..c733a8eb725 100644 --- a/2022/44xxx/CVE-2022-44317.json +++ b/2022/44xxx/CVE-2022-44317.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-44317", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-44317", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StdioOutPutc function in cstdlib/stdio.c when called from ExpressionParseFunctionCall." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/jpoirier/picoc/issues/37", + "refsource": "MISC", + "name": "https://github.com/jpoirier/picoc/issues/37" + }, + { + "url": "https://gitlab.com/zsaleeba/picoc/-/issues/48", + "refsource": "MISC", + "name": "https://gitlab.com/zsaleeba/picoc/-/issues/48" } ] } diff --git a/2022/44xxx/CVE-2022-44318.json b/2022/44xxx/CVE-2022-44318.json index 4f5b1974664..e473eadca1b 100644 --- a/2022/44xxx/CVE-2022-44318.json +++ b/2022/44xxx/CVE-2022-44318.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-44318", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-44318", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StringStrcat function in cstdlib/string.c when called from ExpressionParseFunctionCall." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/jpoirier/picoc/issues/37", + "refsource": "MISC", + "name": "https://github.com/jpoirier/picoc/issues/37" + }, + { + "url": "https://gitlab.com/zsaleeba/picoc/-/issues/48", + "refsource": "MISC", + "name": "https://gitlab.com/zsaleeba/picoc/-/issues/48" } ] } diff --git a/2022/44xxx/CVE-2022-44319.json b/2022/44xxx/CVE-2022-44319.json index ad8e2dd0060..6729ae411f4 100644 --- a/2022/44xxx/CVE-2022-44319.json +++ b/2022/44xxx/CVE-2022-44319.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-44319", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-44319", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StdioBasePrintf function in cstdlib/string.c when called from ExpressionParseFunctionCall." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/jpoirier/picoc/issues/37", + "refsource": "MISC", + "name": "https://github.com/jpoirier/picoc/issues/37" + }, + { + "url": "https://gitlab.com/zsaleeba/picoc/-/issues/48", + "refsource": "MISC", + "name": "https://gitlab.com/zsaleeba/picoc/-/issues/48" } ] } diff --git a/2022/44xxx/CVE-2022-44320.json b/2022/44xxx/CVE-2022-44320.json index 0ef40da0ce5..c7f71edb5a7 100644 --- a/2022/44xxx/CVE-2022-44320.json +++ b/2022/44xxx/CVE-2022-44320.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-44320", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-44320", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceFP function in expression.c when called from ExpressionParseFunctionCall." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/jpoirier/picoc/issues/37", + "refsource": "MISC", + "name": "https://github.com/jpoirier/picoc/issues/37" + }, + { + "url": "https://gitlab.com/zsaleeba/picoc/-/issues/48", + "refsource": "MISC", + "name": "https://gitlab.com/zsaleeba/picoc/-/issues/48" } ] } diff --git a/2022/44xxx/CVE-2022-44321.json b/2022/44xxx/CVE-2022-44321.json index dc081b78546..ac2349ee850 100644 --- a/2022/44xxx/CVE-2022-44321.json +++ b/2022/44xxx/CVE-2022-44321.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-44321", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-44321", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the LexSkipComment function in lex.c when called from LexScanGetToken." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/jpoirier/picoc/issues/37", + "refsource": "MISC", + "name": "https://github.com/jpoirier/picoc/issues/37" + }, + { + "url": "https://gitlab.com/zsaleeba/picoc/-/issues/48", + "refsource": "MISC", + "name": "https://gitlab.com/zsaleeba/picoc/-/issues/48" } ] } diff --git a/2022/45xxx/CVE-2022-45049.json b/2022/45xxx/CVE-2022-45049.json new file mode 100644 index 00000000000..80eb3b8139b --- /dev/null +++ b/2022/45xxx/CVE-2022-45049.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-45049", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/45xxx/CVE-2022-45050.json b/2022/45xxx/CVE-2022-45050.json new file mode 100644 index 00000000000..cca2080e21a --- /dev/null +++ b/2022/45xxx/CVE-2022-45050.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-45050", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/45xxx/CVE-2022-45051.json b/2022/45xxx/CVE-2022-45051.json new file mode 100644 index 00000000000..d6dc51ef80b --- /dev/null +++ b/2022/45xxx/CVE-2022-45051.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-45051", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/45xxx/CVE-2022-45052.json b/2022/45xxx/CVE-2022-45052.json new file mode 100644 index 00000000000..c58928e38ee --- /dev/null +++ b/2022/45xxx/CVE-2022-45052.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-45052", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/45xxx/CVE-2022-45053.json b/2022/45xxx/CVE-2022-45053.json new file mode 100644 index 00000000000..64d0992684d --- /dev/null +++ b/2022/45xxx/CVE-2022-45053.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-45053", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/45xxx/CVE-2022-45054.json b/2022/45xxx/CVE-2022-45054.json new file mode 100644 index 00000000000..9f22f022b84 --- /dev/null +++ b/2022/45xxx/CVE-2022-45054.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-45054", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/45xxx/CVE-2022-45055.json b/2022/45xxx/CVE-2022-45055.json new file mode 100644 index 00000000000..42fdc4dcb1d --- /dev/null +++ b/2022/45xxx/CVE-2022-45055.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-45055", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/45xxx/CVE-2022-45056.json b/2022/45xxx/CVE-2022-45056.json new file mode 100644 index 00000000000..1c2947803e2 --- /dev/null +++ b/2022/45xxx/CVE-2022-45056.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-45056", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/45xxx/CVE-2022-45057.json b/2022/45xxx/CVE-2022-45057.json new file mode 100644 index 00000000000..de3925aa9e1 --- /dev/null +++ b/2022/45xxx/CVE-2022-45057.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-45057", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/45xxx/CVE-2022-45058.json b/2022/45xxx/CVE-2022-45058.json new file mode 100644 index 00000000000..42062fc733b --- /dev/null +++ b/2022/45xxx/CVE-2022-45058.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-45058", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file