From 33e808fdd72d8ea000d2791e45de6d918c8632c1 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 26 Oct 2022 16:00:31 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/36xxx/CVE-2022-36783.json | 157 +++++++++++++++++++++++---------- 2022/40xxx/CVE-2022-40238.json | 68 ++++++++++++-- 2022/43xxx/CVE-2022-43831.json | 18 ++++ 2022/43xxx/CVE-2022-43832.json | 18 ++++ 2022/43xxx/CVE-2022-43833.json | 18 ++++ 2022/43xxx/CVE-2022-43834.json | 18 ++++ 2022/43xxx/CVE-2022-43835.json | 18 ++++ 2022/43xxx/CVE-2022-43836.json | 18 ++++ 2022/43xxx/CVE-2022-43837.json | 18 ++++ 2022/43xxx/CVE-2022-43838.json | 18 ++++ 2022/43xxx/CVE-2022-43839.json | 18 ++++ 2022/43xxx/CVE-2022-43840.json | 18 ++++ 2022/43xxx/CVE-2022-43841.json | 18 ++++ 2022/43xxx/CVE-2022-43842.json | 18 ++++ 2022/43xxx/CVE-2022-43843.json | 18 ++++ 2022/43xxx/CVE-2022-43844.json | 18 ++++ 2022/43xxx/CVE-2022-43845.json | 18 ++++ 2022/43xxx/CVE-2022-43846.json | 18 ++++ 2022/43xxx/CVE-2022-43847.json | 18 ++++ 2022/43xxx/CVE-2022-43848.json | 18 ++++ 20 files changed, 495 insertions(+), 54 deletions(-) create mode 100644 2022/43xxx/CVE-2022-43831.json create mode 100644 2022/43xxx/CVE-2022-43832.json create mode 100644 2022/43xxx/CVE-2022-43833.json create mode 100644 2022/43xxx/CVE-2022-43834.json create mode 100644 2022/43xxx/CVE-2022-43835.json create mode 100644 2022/43xxx/CVE-2022-43836.json create mode 100644 2022/43xxx/CVE-2022-43837.json create mode 100644 2022/43xxx/CVE-2022-43838.json create mode 100644 2022/43xxx/CVE-2022-43839.json create mode 100644 2022/43xxx/CVE-2022-43840.json create mode 100644 2022/43xxx/CVE-2022-43841.json create mode 100644 2022/43xxx/CVE-2022-43842.json create mode 100644 2022/43xxx/CVE-2022-43843.json create mode 100644 2022/43xxx/CVE-2022-43844.json create mode 100644 2022/43xxx/CVE-2022-43845.json create mode 100644 2022/43xxx/CVE-2022-43846.json create mode 100644 2022/43xxx/CVE-2022-43847.json create mode 100644 2022/43xxx/CVE-2022-43848.json diff --git a/2022/36xxx/CVE-2022-36783.json b/2022/36xxx/CVE-2022-36783.json index c6435042836..314fe4ac7c0 100644 --- a/2022/36xxx/CVE-2022-36783.json +++ b/2022/36xxx/CVE-2022-36783.json @@ -1,20 +1,110 @@ { - "data_version": "4.0", - "data_type": "CVE", - "data_format": "MITRE", "CVE_data_meta": { - "ID": "CVE-2022-36783", "ASSIGNER": "cna@cyber.gov.il", - "STATE": "PUBLIC" + "DATE_PUBLIC": "2022-10-23T06:49:00.000Z", + "ID": "CVE-2022-36783", + "STATE": "PUBLIC", + "TITLE": "AlgoSec \u2013 FireFlow Reflected Cross-Site-Scripting (RXSS)" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FireFlow A32.0", + "version": { + "version_data": [ + { + "version_affected": ">", + "version_name": "A32.0.580-277", + "version_value": "A32.0.580-277" + } + ] + } + } + ] + }, + "vendor_name": "AlgoSec" + }, + { + "product": { + "product_data": [ + { + "product_name": "FireFlow A32.10", + "version": { + "version_data": [ + { + "version_affected": ">", + "version_name": "A32.10.410-212", + "version_value": "A32.10.410-212" + } + ] + } + } + ] + }, + "vendor_name": "AlgoSec" + }, + { + "product": { + "product_data": [ + { + "product_name": "FireFlow A32.20", + "version": { + "version_data": [ + { + "version_affected": ">", + "version_name": "A32.20.230-35", + "version_value": "A32.20.230-35" + } + ] + } + } + ] + }, + "vendor_name": "AlgoSec" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Dean Aviani - Hacktics EY" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "AlgoSec FireFlow Reflected Cross-Site-Scripting (RXSS): A malicious user injects JavaScript code into a parameter called IntersectudRule on the search/result.html page. The malicious user changes the request from POST to GET and sends the URL to another user (victim). JavaScript code is executed on the browser of the other user." + "value": "AlgoSec \u2013 FireFlow Reflected Cross-Site-Scripting (RXSS) A malicious user injects JavaScript code into a parameter called IntersectudRule on the search/result.html page. The malicious user changes the request from POST to GET and sends the URL to another user (victim). JavaScript code is executed on the browser of the other user." } ] }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", + "version": "3.1" + } + }, "problemtype": { "problemtype_data": [ { @@ -22,61 +112,30 @@ { "lang": "eng", "value": "Reflected Cross-Site-Scripting (RXSS)" - }, - { - "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "cweId": "CWE-79" } ] } ] }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "AlgoSec", - "product": { - "product_data": [ - { - "product_name": "FireFlow", - "version": { - "version_data": [ - { - "version_value": "A32.0", - "version_affected": "=" - }, - { - "version_value": "A32.10", - "version_affected": "=" - }, - { - "version_value": "A32.20", - "version_affected": "=" - } - ] - } - } - ] - } - } - ] - } - }, "references": { "reference_data": [ { - "url": "https://www.gov.il/en/departments/faq/cve_advisories", "refsource": "MISC", - "name": "https://www.gov.il/en/departments/faq/cve_advisories" + "url": "https://www.gov.il/en/Departments/faq/cve_advisories", + "name": "https://www.gov.il/en/Departments/faq/cve_advisories" } ] }, - "credits": [ + "solution": [ { - "lang": "en", - "value": "Dean Aviani - Hacktics EY" + "lang": "eng", + "value": "Update released for the following versions:\nFor A32.0 : A32.0.580-277\nFor A32.10 : A32.10.410-212\nFor A32.20 : A32.20.230-35" } - ] + ], + "source": { + "defect": [ + "ILVN-2022-0054" + ], + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/40xxx/CVE-2022-40238.json b/2022/40xxx/CVE-2022-40238.json index e9c000184d0..1d18b8c1093 100644 --- a/2022/40xxx/CVE-2022-40238.json +++ b/2022/40xxx/CVE-2022-40238.json @@ -1,18 +1,76 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-40238", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cert@cert.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Remote Code Injection vulnerability exists in CERT software prior to version 1.50.5. An authenticated attacker can inject arbitrary pickle object as part of a user's profile. This can lead to code execution on the server when the user's profile is accessed." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502: Deserialization of Untrusted Data", + "cweId": "CWE-502" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "CERT/CC", + "product": { + "product_data": [ + { + "product_name": "VINCE - The Vulnerability Information and Coordination Environment", + "version": { + "version_data": [ + { + "version_value": "1.50.5", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/CERTCC/VINCE/issues?q=label%3Asecurity", + "refsource": "MISC", + "name": "https://github.com/CERTCC/VINCE/issues?q=label%3Asecurity" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.13" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Rapid7 researcher Marcus Chang discovered and reported this security vulnerability to CERT/CC " + } + ] } \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43831.json b/2022/43xxx/CVE-2022-43831.json new file mode 100644 index 00000000000..f58f002094b --- /dev/null +++ b/2022/43xxx/CVE-2022-43831.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43831", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43832.json b/2022/43xxx/CVE-2022-43832.json new file mode 100644 index 00000000000..d6e17f61987 --- /dev/null +++ b/2022/43xxx/CVE-2022-43832.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43832", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43833.json b/2022/43xxx/CVE-2022-43833.json new file mode 100644 index 00000000000..68b05e5ec05 --- /dev/null +++ b/2022/43xxx/CVE-2022-43833.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43833", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43834.json b/2022/43xxx/CVE-2022-43834.json new file mode 100644 index 00000000000..12b081e360c --- /dev/null +++ b/2022/43xxx/CVE-2022-43834.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43834", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43835.json b/2022/43xxx/CVE-2022-43835.json new file mode 100644 index 00000000000..a7a5a3c045f --- /dev/null +++ b/2022/43xxx/CVE-2022-43835.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43835", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43836.json b/2022/43xxx/CVE-2022-43836.json new file mode 100644 index 00000000000..7d5e82f33ed --- /dev/null +++ b/2022/43xxx/CVE-2022-43836.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43836", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43837.json b/2022/43xxx/CVE-2022-43837.json new file mode 100644 index 00000000000..1ccf4414969 --- /dev/null +++ b/2022/43xxx/CVE-2022-43837.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43837", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43838.json b/2022/43xxx/CVE-2022-43838.json new file mode 100644 index 00000000000..7bb86422e59 --- /dev/null +++ b/2022/43xxx/CVE-2022-43838.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43838", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43839.json b/2022/43xxx/CVE-2022-43839.json new file mode 100644 index 00000000000..929b356ab90 --- /dev/null +++ b/2022/43xxx/CVE-2022-43839.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43839", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43840.json b/2022/43xxx/CVE-2022-43840.json new file mode 100644 index 00000000000..c67119a6a64 --- /dev/null +++ b/2022/43xxx/CVE-2022-43840.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43840", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43841.json b/2022/43xxx/CVE-2022-43841.json new file mode 100644 index 00000000000..a0abe3b231b --- /dev/null +++ b/2022/43xxx/CVE-2022-43841.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43841", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43842.json b/2022/43xxx/CVE-2022-43842.json new file mode 100644 index 00000000000..9fa9ac04f70 --- /dev/null +++ b/2022/43xxx/CVE-2022-43842.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43842", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43843.json b/2022/43xxx/CVE-2022-43843.json new file mode 100644 index 00000000000..d6239fa606a --- /dev/null +++ b/2022/43xxx/CVE-2022-43843.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43843", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43844.json b/2022/43xxx/CVE-2022-43844.json new file mode 100644 index 00000000000..4a7de96086c --- /dev/null +++ b/2022/43xxx/CVE-2022-43844.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43844", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43845.json b/2022/43xxx/CVE-2022-43845.json new file mode 100644 index 00000000000..e3d4c38ab06 --- /dev/null +++ b/2022/43xxx/CVE-2022-43845.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43845", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43846.json b/2022/43xxx/CVE-2022-43846.json new file mode 100644 index 00000000000..a5d5425fda1 --- /dev/null +++ b/2022/43xxx/CVE-2022-43846.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43846", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43847.json b/2022/43xxx/CVE-2022-43847.json new file mode 100644 index 00000000000..ea3bc4fdd1f --- /dev/null +++ b/2022/43xxx/CVE-2022-43847.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43847", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43848.json b/2022/43xxx/CVE-2022-43848.json new file mode 100644 index 00000000000..da63c7e7be1 --- /dev/null +++ b/2022/43xxx/CVE-2022-43848.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43848", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file