From 342d7cb362f2f8ac8a7edf7ea687f8bcd741c2b3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 21 Jun 2022 09:02:39 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/9xxx/CVE-2019-9201.json | 190 +------------------------------ 2022/23xxx/CVE-2022-23072.json | 198 +++++++++++++++++---------------- 2022/23xxx/CVE-2022-23073.json | 188 +++++++++++++++++-------------- 2022/2xxx/CVE-2022-2144.json | 18 +++ 2022/2xxx/CVE-2022-2145.json | 18 +++ 5 files changed, 245 insertions(+), 367 deletions(-) create mode 100644 2022/2xxx/CVE-2022-2144.json create mode 100644 2022/2xxx/CVE-2022-2145.json diff --git a/2019/9xxx/CVE-2019-9201.json b/2019/9xxx/CVE-2019-9201.json index f753d748507..43c04937c50 100644 --- a/2019/9xxx/CVE-2019-9201.json +++ b/2019/9xxx/CVE-2019-9201.json @@ -12,200 +12,18 @@ "product": { "product_data": [ { - "product_name": "AXC 1050", + "product_name": "n/a", "version": { "version_data": [ { - "version_affected": "=", - "version_name": "All versions", - "version_value": "All versions" - } - ] - } - }, - { - "product_name": "AXC 1050 XC", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_name": "All versions", - "version_value": "All versions" - } - ] - } - }, - { - "product_name": "AXC 3050", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_name": "All versions", - "version_value": "All versions" - } - ] - } - }, - { - "product_name": "FC 350 PCI ETH", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_name": "All versions", - "version_value": "All versions" - } - ] - } - }, - { - "product_name": "ILC1x0", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_name": "All versions", - "version_value": "All versions" - } - ] - } - }, - { - "product_name": "ILC1x1", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_name": "All versions", - "version_value": "All versions" - } - ] - } - }, - { - "product_name": "ILC 1x1 GSM/GPRS", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_name": "All versions", - "version_value": "All versions" - } - ] - } - }, - { - "product_name": "PC WORX RT BASIC", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_name": "All versions", - "version_value": "All versions" - } - ] - } - }, - { - "product_name": "PC WORX SRT", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_name": "All versions", - "version_value": "All versions" - } - ] - } - }, - { - "product_name": "RFC 430 ETH-IB", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_name": "All versions", - "version_value": "All versions" - } - ] - } - }, - { - "product_name": "RFC 450 ETH-IB", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_name": "All versions", - "version_value": "All versions" - } - ] - } - }, - { - "product_name": "RFC 460R PN 3TX", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_name": "All versions", - "version_value": "All versions" - } - ] - } - }, - { - "product_name": "RFC 460R PN 3TX-S", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_name": "All versions", - "version_value": "All versions" - } - ] - } - }, - { - "product_name": "RFC 470 PN 3TX", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_name": "All versions", - "version_value": "All versions" - } - ] - } - }, - { - "product_name": "RFC 470S PN 3TX", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_name": "All versions", - "version_value": "All versions" - } - ] - } - }, - { - "product_name": "RFC 480S PN 4TX", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_name": "All versions", - "version_value": "All versions" + "version_value": "n/a" } ] } } ] }, - "vendor_name": "PHOENIX CONTACT" + "vendor_name": "n/a" } ] } @@ -246,7 +64,7 @@ "description": [ { "lang": "eng", - "value": "CWE-306 Missing Authentication for Critical Function" + "value": "n/a" } ] } diff --git a/2022/23xxx/CVE-2022-23072.json b/2022/23xxx/CVE-2022-23072.json index bb48db394d5..f6cafdc0ecf 100644 --- a/2022/23xxx/CVE-2022-23072.json +++ b/2022/23xxx/CVE-2022-23072.json @@ -1,107 +1,109 @@ { - "CVE_data_meta": { - "ASSIGNER": "vulnerabilitylab@mend.io", - "ID": "CVE-2022-23072", - "STATE": "PUBLIC", - "DATE_PUBLIC": "Jan 11, 2022, 3:10:07 PM", - "TITLE": "Recipes - Stored XSS in Add to Cart" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "recipes", - "product": { - "product_data": [ - { - "product_name": "recipes", - "version": { - "version_data": [ - { - "version_value": "1.0.5", - "version_affected": ">=" - }, - { - "version_value": "1.2.5", - "version_affected": "<=" + "CVE_data_meta": { + "ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com", + "ID": "CVE-2022-23072", + "STATE": "PUBLIC", + "DATE_PUBLIC": "Jan 11, 2022, 3:10:07 PM", + "TITLE": "Recipes - Stored XSS in Add to Cart" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "recipes", + "product": { + "product_data": [ + { + "product_name": "recipes", + "version": { + "version_data": [ + { + "version_value": "1.0.5", + "version_affected": ">=" + }, + { + "version_value": "1.2.5", + "version_affected": "<=" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "Mend Vulnerability Research Team (MVR)" - } - ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "In Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in “Add to Cart” functionality. When a victim accesses the food list page, then adds a new Food with a malicious javascript payload in the ‘Name’ parameter and clicks on the Add to Shopping Cart icon, an XSS payload will trigger. A low privileged attacker will have the victim's API key and can lead to admin's account takeover." - } - ] - }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "version": 3.1, - "baseScore": 5.4, - "baseSeverity": "MEDIUM" - } - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "url": "https://www.mend.io/vulnerability-database/CVE-2022-23072" - }, - { - "refsource": "CONFIRM", - "url": "https://github.com/TandoorRecipes/recipes/commit/7b2117c0190d4f541ba4cc7ee4122f04738c4ac6" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { + }, + "credit": [ + { "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" - } + "value": "Mend Vulnerability Research Team (MVR)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in \u201cAdd to Cart\u201d functionality. When a victim accesses the food list page, then adds a new Food with a malicious javascript payload in the \u2018Name\u2019 parameter and clicks on the Add to Shopping Cart icon, an XSS payload will trigger. A low privileged attacker will have the victim's API key and can lead to admin's account takeover." + } ] - } - ] - }, - "solution": [ - { - "lang": "eng", - "value": "Update version to 1.2.6 or later" + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": 3.1, + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.mend.io/vulnerability-database/CVE-2022-23072", + "name": "https://www.mend.io/vulnerability-database/CVE-2022-23072" + }, + { + "refsource": "MISC", + "url": "https://github.com/TandoorRecipes/recipes/commit/7b2117c0190d4f541ba4cc7ee4122f04738c4ac6", + "name": "https://github.com/TandoorRecipes/recipes/commit/7b2117c0190d4f541ba4cc7ee4122f04738c4ac6" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update version to 1.2.6 or later" + } + ], + "source": { + "advisory": "https://www.mend.io/vulnerability-database/", + "discovery": "UNKNOWN" } - ], - "source": { - "advisory": "https://www.mend.io/vulnerability-database/", - "discovery": "UNKNOWN" - } } \ No newline at end of file diff --git a/2022/23xxx/CVE-2022-23073.json b/2022/23xxx/CVE-2022-23073.json index c1455cc8382..9085c3197c5 100644 --- a/2022/23xxx/CVE-2022-23073.json +++ b/2022/23xxx/CVE-2022-23073.json @@ -1,87 +1,109 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vulnerabilitylab@mend.io", - "ID" : "CVE-2022-23073", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "Jan 11, 2022, 3:10:07 PM", - "TITLE" : "Recipes - Stored XSS in Clipboard" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ { - "vendor_name" : "recipes", - "product" : { - "product_data" : [ { - "product_name" : "recipes", - "version" : { - "version_data" : [ { - "version_value" : "1.0.5", - "version_affected" : ">=" - }, { - "version_value" : "1.2.5", - "version_affected" : "<=" - } ] - } - } ] + "CVE_data_meta": { + "ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com", + "ID": "CVE-2022-23073", + "STATE": "PUBLIC", + "DATE_PUBLIC": "Jan 11, 2022, 3:10:07 PM", + "TITLE": "Recipes - Stored XSS in Clipboard" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "recipes", + "product": { + "product_data": [ + { + "product_name": "recipes", + "version": { + "version_data": [ + { + "version_value": "1.0.5", + "version_affected": ">=" + }, + { + "version_value": "1.2.5", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] } - } ] + }, + "credit": [ + { + "lang": "eng", + "value": "Mend Vulnerability Research Team (MVR)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in copy to clipboard functionality. When a victim accesses the food list page, then adds a new Food with a malicious javascript payload in the \u2018Name\u2019 parameter and clicks on the clipboard icon, an XSS payload will trigger. A low privileged attacker will have the victim's API key and can lead to admin's account takeover." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": 3.1, + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://github.com/TandoorRecipes/recipes/commit/7b2117c0190d4f541ba4cc7ee4122f04738c4ac6", + "name": "https://github.com/TandoorRecipes/recipes/commit/7b2117c0190d4f541ba4cc7ee4122f04738c4ac6" + }, + { + "refsource": "MISC", + "url": "https://www.mend.io/vulnerability-database/CVE-2022-23073", + "name": "https://www.mend.io/vulnerability-database/CVE-2022-23073" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update version to 1.2.6 or later" + } + ], + "source": { + "advisory": "https://www.mend.io/vulnerability-database/", + "discovery": "UNKNOWN" } - }, - "credit" : [ { - "lang" : "eng", - "value" : "Mend Vulnerability Research Team (MVR)" - } ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ { - "lang" : "eng", - "value" : "In Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in copy to clipboard functionality. When a victim accesses the food list page, then adds a new Food with a malicious javascript payload in the ‘Name’ parameter and clicks on the clipboard icon, an XSS payload will trigger. A low privileged attacker will have the victim's API key and can lead to admin's account takeover." - } ] - }, - "generator" : { - "engine" : "Vulnogram 0.0.9" - }, - "impact" : { - "cvss" : { - "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "NONE", - "confidentialityImpact" : "LOW", - "integrityImpact" : "LOW", - "privilegesRequired" : "LOW", - "scope" : "CHANGED", - "userInteraction" : "REQUIRED", - "version" : 3.1, - "baseScore" : 5.4, - "baseSeverity" : "MEDIUM" - } - }, - "references" : { - "reference_data" : [ { - "refsource" : "MISC", - "url" : "https://www.mend.io/vulnerability-database/CVE-2022-23073" - }, { - "refsource" : "CONFIRM", - "url" : "https://github.com/TandoorRecipes/recipes/commit/7b2117c0190d4f541ba4cc7ee4122f04738c4ac6" - } ] - }, - "problemtype" : { - "problemtype_data" : [ { - "description" : [ { - "lang" : "eng", - "value" : "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" - } ] - } ] - }, - "solution" : [ { - "lang" : "eng", - "value" : "Update version to 1.2.6 or later" - } ], - "source" : { - "advisory" : "https://www.mend.io/vulnerability-database/", - "discovery" : "UNKNOWN" - } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2144.json b/2022/2xxx/CVE-2022-2144.json new file mode 100644 index 00000000000..9dbdffb850c --- /dev/null +++ b/2022/2xxx/CVE-2022-2144.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2144", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2145.json b/2022/2xxx/CVE-2022-2145.json new file mode 100644 index 00000000000..e251d8dc889 --- /dev/null +++ b/2022/2xxx/CVE-2022-2145.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2145", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file