From 3b9c984d730a406e5e3984f61c7ae120d8588a8e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 10 Mar 2022 17:27:04 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/20xxx/CVE-2021-20269.json | 50 ++- 2021/22xxx/CVE-2021-22570.json | 5 + 2021/32xxx/CVE-2021-32025.json | 65 +++- 2021/33xxx/CVE-2021-33851.json | 50 ++- 2021/33xxx/CVE-2021-33852.json | 50 ++- 2021/35xxx/CVE-2021-35251.json | 102 ++++- 2021/36xxx/CVE-2021-36777.json | 4 +- 2021/42xxx/CVE-2021-42786.json | 98 ++++- 2021/42xxx/CVE-2021-42787.json | 98 ++++- 2021/42xxx/CVE-2021-42853.json | 98 ++++- 2021/42xxx/CVE-2021-42854.json | 98 ++++- 2021/42xxx/CVE-2021-42855.json | 98 ++++- 2021/42xxx/CVE-2021-42856.json | 98 ++++- 2021/42xxx/CVE-2021-42857.json | 98 ++++- 2021/44xxx/CVE-2021-44622.json | 56 ++- 2021/44xxx/CVE-2021-44750.json | 86 ++++- 2021/4xxx/CVE-2021-4023.json | 50 ++- 2022/0xxx/CVE-2022-0204.json | 55 ++- 2022/0xxx/CVE-2022-0433.json | 60 ++- 2022/0xxx/CVE-2022-0618.json | 55 ++- 2022/0xxx/CVE-2022-0715.json | 7 +- 2022/0xxx/CVE-2022-0824.json | 171 ++++----- 2022/20xxx/CVE-2022-20047.json | 50 ++- 2022/20xxx/CVE-2022-20048.json | 50 ++- 2022/20xxx/CVE-2022-20049.json | 50 ++- 2022/20xxx/CVE-2022-20050.json | 50 ++- 2022/20xxx/CVE-2022-20051.json | 50 ++- 2022/20xxx/CVE-2022-20053.json | 50 ++- 2022/20xxx/CVE-2022-20054.json | 50 ++- 2022/20xxx/CVE-2022-20055.json | 50 ++- 2022/20xxx/CVE-2022-20056.json | 50 ++- 2022/20xxx/CVE-2022-20057.json | 50 ++- 2022/20xxx/CVE-2022-20058.json | 50 ++- 2022/20xxx/CVE-2022-20059.json | 50 ++- 2022/20xxx/CVE-2022-20060.json | 50 ++- 2022/21xxx/CVE-2022-21967.json | 440 +++++++++++----------- 2022/21xxx/CVE-2022-21973.json | 186 +++++----- 2022/22xxx/CVE-2022-22805.json | 9 +- 2022/22xxx/CVE-2022-22806.json | 9 +- 2022/23xxx/CVE-2022-23265.json | 131 +++---- 2022/23xxx/CVE-2022-23266.json | 131 +++---- 2022/23xxx/CVE-2022-23281.json | 653 +++++++++++++++++---------------- 2022/23xxx/CVE-2022-23299.json | 653 +++++++++++++++++---------------- 2022/24xxx/CVE-2022-24349.json | 7 +- 2022/24xxx/CVE-2022-24397.json | 75 +++- 2022/24xxx/CVE-2022-24407.json | 5 + 2022/24xxx/CVE-2022-24432.json | 95 ++++- 2022/24xxx/CVE-2022-24455.json | 310 ++++++++-------- 2022/24xxx/CVE-2022-24461.json | 215 +++++------ 2022/24xxx/CVE-2022-24509.json | 215 +++++------ 2022/24xxx/CVE-2022-24510.json | 215 +++++------ 2022/25xxx/CVE-2022-25090.json | 66 +++- 2022/25xxx/CVE-2022-25551.json | 56 ++- 2022/25xxx/CVE-2022-25552.json | 56 ++- 2022/25xxx/CVE-2022-25553.json | 56 ++- 2022/25xxx/CVE-2022-25554.json | 56 ++- 2022/25xxx/CVE-2022-25555.json | 56 ++- 2022/25xxx/CVE-2022-25556.json | 56 ++- 2022/25xxx/CVE-2022-25557.json | 56 ++- 2022/25xxx/CVE-2022-25558.json | 56 ++- 2022/25xxx/CVE-2022-25560.json | 56 ++- 2022/25xxx/CVE-2022-25561.json | 56 ++- 2022/25xxx/CVE-2022-25566.json | 56 ++- 2022/26xxx/CVE-2022-26487.json | 72 +--- 2022/26xxx/CVE-2022-26780.json | 18 + 2022/26xxx/CVE-2022-26781.json | 18 + 2022/26xxx/CVE-2022-26782.json | 18 + 2022/26xxx/CVE-2022-26784.json | 18 + 2022/26xxx/CVE-2022-26787.json | 18 + 2022/26xxx/CVE-2022-26793.json | 18 + 2022/26xxx/CVE-2022-26794.json | 18 + 2022/26xxx/CVE-2022-26796.json | 18 + 2022/26xxx/CVE-2022-26797.json | 18 + 2022/26xxx/CVE-2022-26800.json | 18 + 2022/26xxx/CVE-2022-26802.json | 18 + 2022/26xxx/CVE-2022-26804.json | 18 + 2022/26xxx/CVE-2022-26805.json | 18 + 2022/26xxx/CVE-2022-26806.json | 18 + 2022/26xxx/CVE-2022-26808.json | 18 + 2022/26xxx/CVE-2022-26810.json | 18 + 2022/26xxx/CVE-2022-26814.json | 18 + 2022/26xxx/CVE-2022-26826.json | 18 + 2022/26xxx/CVE-2022-26829.json | 18 + 83 files changed, 4737 insertions(+), 1910 deletions(-) create mode 100644 2022/26xxx/CVE-2022-26780.json create mode 100644 2022/26xxx/CVE-2022-26781.json create mode 100644 2022/26xxx/CVE-2022-26782.json create mode 100644 2022/26xxx/CVE-2022-26784.json create mode 100644 2022/26xxx/CVE-2022-26787.json create mode 100644 2022/26xxx/CVE-2022-26793.json create mode 100644 2022/26xxx/CVE-2022-26794.json create mode 100644 2022/26xxx/CVE-2022-26796.json create mode 100644 2022/26xxx/CVE-2022-26797.json create mode 100644 2022/26xxx/CVE-2022-26800.json create mode 100644 2022/26xxx/CVE-2022-26802.json create mode 100644 2022/26xxx/CVE-2022-26804.json create mode 100644 2022/26xxx/CVE-2022-26805.json create mode 100644 2022/26xxx/CVE-2022-26806.json create mode 100644 2022/26xxx/CVE-2022-26808.json create mode 100644 2022/26xxx/CVE-2022-26810.json create mode 100644 2022/26xxx/CVE-2022-26814.json create mode 100644 2022/26xxx/CVE-2022-26826.json create mode 100644 2022/26xxx/CVE-2022-26829.json diff --git a/2021/20xxx/CVE-2021-20269.json b/2021/20xxx/CVE-2021-20269.json index 6358a7ca5bc..713073b3090 100644 --- a/2021/20xxx/CVE-2021-20269.json +++ b/2021/20xxx/CVE-2021-20269.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20269", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "kexec-tools", + "version": { + "version_data": [ + { + "version_value": "Fedora kexec-tools versions prior to 2.0.21-8 and RHEL kexec-tools versions prior to 2.0.20-47" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-276" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1934261", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934261" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local unprivileged user to read this file and leak kernel internal information from a previous panic. The highest threat from this vulnerability is to confidentiality. This flaw affects kexec-tools shipped by Fedora versions prior to 2.0.21-8 and RHEL versions prior to 2.0.20-47." } ] } diff --git a/2021/22xxx/CVE-2021-22570.json b/2021/22xxx/CVE-2021-22570.json index 7e83e672874..702926eea9f 100644 --- a/2021/22xxx/CVE-2021-22570.json +++ b/2021/22xxx/CVE-2021-22570.json @@ -87,6 +87,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-2d3e6eb9e4", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DVUZPALAQ34TQP6KFNLM4IZS6B32XSA/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-fedff53e4e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVTWVQRB5OCCTMKEQFY5MYED3DXDVSLP/" } ] }, diff --git a/2021/32xxx/CVE-2021-32025.json b/2021/32xxx/CVE-2021-32025.json index 33d8f356534..ea66202a9a9 100644 --- a/2021/32xxx/CVE-2021-32025.json +++ b/2021/32xxx/CVE-2021-32025.json @@ -4,14 +4,73 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-32025", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@blackberry.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "QNX\u202fSoftware Development Platform (SDP), QNX OS for Medical (QOSM), and QNX OS for Safety (QOS)", + "version": { + "version_data": [ + { + "version_value": "QNX SDP 6.4.0 to 7.0" + }, + { + "version_value": "QNX Momentics all 6.3.x versions" + }, + { + "version_value": "QNX OS for Safety versions 1.0.0 to 1.0.2 safety products compliant with IEC 61508 and/or ISO 26262" + }, + { + "version_value": "QNX OS for Safety versions 2.0.0 to 2.0.1 safety products compliant with IEC 61508 and/or ISO 26262" + }, + { + "version_value": "QNX OS for Medical versions 1.0.0 to 1.1.1 safety products compliant with IEC 62304" + }, + { + "version_value": "QNX OS for Medical versions 2.0.0 safety product compliant with IEC 62304" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000090868", + "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000090868" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safety versions 1.0.0 to 1.0.2, QNX OS for Safety versions 2.0.0 to 2.0.1, QNX for Medical versions 1.0.0 to 1.1.1, and QNX OS for Medical version 2.0.0 could allow an attacker to potentially access data, modify behavior, or permanently crash the system." } ] } diff --git a/2021/33xxx/CVE-2021-33851.json b/2021/33xxx/CVE-2021-33851.json index 94ab0e42e56..2ec9232d770 100644 --- a/2021/33xxx/CVE-2021-33851.json +++ b/2021/33xxx/CVE-2021-33851.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-33851", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "disclose@cybersecurityworks.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "WordPress Customize Login Image Plugin", + "version": { + "version_data": [ + { + "version_value": "Version 3.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2021-33851-stored-cross-site-scripting-in-wordpress-customize-login-image.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2021-33851-stored-cross-site-scripting-in-wordpress-customize-login-image.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user\u2019s browser while the browser is connected to a trusted website. The attack targets your application's users and not the application itself while using your application as the attack's vehicle. The XSS payload executes whenever the user opens the login page of the WordPress application." } ] } diff --git a/2021/33xxx/CVE-2021-33852.json b/2021/33xxx/CVE-2021-33852.json index f0a87357f10..4fb2a71336a 100644 --- a/2021/33xxx/CVE-2021-33852.json +++ b/2021/33xxx/CVE-2021-33852.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-33852", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "disclose@cybersecurityworks.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "WordPress Post Duplicator Plugin", + "version": { + "version_data": [ + { + "version_value": "Version 2.23" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2021-33852-stored-cross-site-scripting-in-wordpress-post-duplicator-plugin-2-23.html", + "url": "https://cybersecurityworks.com/zerodays/cve-2021-33852-stored-cross-site-scripting-in-wordpress-post-duplicator-plugin-2-23.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) attack can cause arbitrary code (javascript) to run in a user\u2019s browser while the browser is connected to a trusted website. The application targets your application\u2019s users and not the application itself, but it uses your application as the vehicle for the attack. The XSS payload executes whenever the user opens the Settings Page of the Post Duplicator Plugin or the application root page after duplicating any of the existing posts." } ] } diff --git a/2021/35xxx/CVE-2021-35251.json b/2021/35xxx/CVE-2021-35251.json index 8633d464d14..30379e212ea 100644 --- a/2021/35xxx/CVE-2021-35251.json +++ b/2021/35xxx/CVE-2021-35251.json @@ -1,18 +1,108 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@solarwinds.com", + "DATE_PUBLIC": "2022-03-07T20:53:00.000Z", "ID": "CVE-2021-35251", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Sensitive Data Disclosure Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Web Help Desk ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "12.7.7 HF 1 and Previous Versions ", + "version_value": "12.7.8 " + } + ] + } + } + ] + }, + "vendor_name": "SolarWinds " + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "SolarWinds would like to thank for Anthony Meluso reporting this vulnerability. " + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details about the Web Help Desk installation." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-209 Information Exposure Through an Error Message" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35251", + "name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35251" + }, + { + "refsource": "MISC", + "url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-7-8_release_notes.htm", + "name": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-7-8_release_notes.htm" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "SolarWinds advises to upgrade to the latest version of Web Help Desk\n(WHD 12.7.8). " + } + ], + "source": { + "defect": [ + "CVE-2021-35251" + ], + "discovery": "USER" } } \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36777.json b/2021/36xxx/CVE-2021-36777.json index 81f9f3dc039..2ddba44eb81 100644 --- a/2021/36xxx/CVE-2021-36777.json +++ b/2021/36xxx/CVE-2021-36777.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "security@suse.de", + "ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2022-02-23T00:00:00.000Z", "ID": "CVE-2021-36777", "STATE": "PUBLIC", @@ -44,7 +44,7 @@ "description_data": [ { "lang": "eng", - "value": "A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed attackers to present users with a expected login form that then sends the clear text credentials to an attacker specified server.\nThis issue affects:\nopenSUSE Build service\nlogin-proxy-scripts versions prior to dc000cdfe9b9b715fb92195b1a57559362f689ef." + "value": "A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed attackers to present users with a expected login form that then sends the clear text credentials to an attacker specified server. This issue affects: openSUSE Build service login-proxy-scripts versions prior to dc000cdfe9b9b715fb92195b1a57559362f689ef." } ] }, diff --git a/2021/42xxx/CVE-2021-42786.json b/2021/42xxx/CVE-2021-42786.json index ab014b65a4d..8b6c7dcc1cf 100644 --- a/2021/42xxx/CVE-2021-42786.json +++ b/2021/42xxx/CVE-2021-42786.json @@ -1,18 +1,104 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve_disclosure@tech.gov.sg", + "DATE_PUBLIC": "2022-02-23T10:30:00.000Z", "ID": "CVE-2021-42786", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Remote Code Execution at AgentControllerServlet" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SteelCentral AppInternals Dynamic Sampling Agent", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "12.13.0", + "version_value": "12.13.0" + }, + { + "version_affected": "<", + "version_name": "11.8.8", + "version_value": "11.8.8" + }, + { + "version_affected": "=", + "version_name": "10.x", + "version_value": "10.x" + } + ] + } + } + ] + }, + "vendor_name": "Aternity" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Darrel Huang, Bjorn Lim, Leng Kang Hao from Government Technology Agency of Singapore" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) has Remote Code Execution vulnerabilities in multiple instances of the API requests. The affected endpoints do not have any input validation of the user's input that allowed a malicious payload to be injected." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://aternity.force.com/customersuccess/s/article/Remote-Code-Execution-at-AgentControllerServlet-CVE-2021-42786", + "refsource": "CONFIRM", + "url": "https://aternity.force.com/customersuccess/s/article/Remote-Code-Execution-at-AgentControllerServlet-CVE-2021-42786" + } + ] + }, + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42787.json b/2021/42xxx/CVE-2021-42787.json index c98b80dd7e2..46a055126a2 100644 --- a/2021/42xxx/CVE-2021-42787.json +++ b/2021/42xxx/CVE-2021-42787.json @@ -1,18 +1,104 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve_disclosure@tech.gov.sg", + "DATE_PUBLIC": "2022-02-23T10:30:00.000Z", "ID": "CVE-2021-42787", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Directory Traversal Write/Delete/Partial Read at AgentConfigurationServlet" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SteelCentral AppInternals Dynamic Sampling Agent", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "12.13.0", + "version_value": "12.13.0" + }, + { + "version_affected": "<", + "version_name": "11.8.8", + "version_value": "11.8.8" + }, + { + "version_affected": "=", + "version_name": "10.x", + "version_value": "10.x" + } + ] + } + } + ] + }, + "vendor_name": "Aternity" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Darrel Huang, Bjorn Lim, Leng Kang Hao from Government Technology Agency of Singapore" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentConfigurationServlet has directory traversal vulnerabilities at the \"/api/appInternals/1.0/agent/configuration\" API. The affected endpoint does not have any input validation of the user's input that allows a malicious payload to be injected." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.4, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://aternity.force.com/customersuccess/s/article/Directory-Traversal-Write-Delete-Partial-Read-at-AgentConfigurationServlet-CVE-2021-42787", + "refsource": "CONFIRM", + "url": "https://aternity.force.com/customersuccess/s/article/Directory-Traversal-Write-Delete-Partial-Read-at-AgentConfigurationServlet-CVE-2021-42787" + } + ] + }, + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42853.json b/2021/42xxx/CVE-2021-42853.json index 02ed42ae78b..798a13afe59 100644 --- a/2021/42xxx/CVE-2021-42853.json +++ b/2021/42xxx/CVE-2021-42853.json @@ -1,18 +1,104 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve_disclosure@tech.gov.sg", + "DATE_PUBLIC": "2022-02-23T10:30:00.000Z", "ID": "CVE-2021-42853", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Directory Traversal Delete/Read at AgentDiagnosticServlet" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SteelCentral AppInternals Dynamic Sampling Agent", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "12.13.0", + "version_value": "12.13.0" + }, + { + "version_affected": "<", + "version_name": "11.8.8", + "version_value": "11.8.8" + }, + { + "version_affected": "=", + "version_name": "10.x", + "version_value": "10.x" + } + ] + } + } + ] + }, + "vendor_name": "Aternity" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Darrel Huang, Bjorn Lim, Leng Kang Hao from Government Technology Agency of Singapore" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentDiagnosticServlet has directory traversal vulnerability at the \"/api/appInternals/1.0/agent/diagnostic/logs\" API. The affected endpoint does not have any input validation of the user's input that allows a malicious payload to be injected." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://aternity.force.com/customersuccess/s/article/Directory-Traversal-Delete-Read-at-AgentDiagnosticServlet-CVE-2021-42853", + "refsource": "CONFIRM", + "url": "https://aternity.force.com/customersuccess/s/article/Directory-Traversal-Delete-Read-at-AgentDiagnosticServlet-CVE-2021-42853" + } + ] + }, + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42854.json b/2021/42xxx/CVE-2021-42854.json index 252f181d37c..279cb7eb8ee 100644 --- a/2021/42xxx/CVE-2021-42854.json +++ b/2021/42xxx/CVE-2021-42854.json @@ -1,18 +1,104 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve_disclosure@tech.gov.sg", + "DATE_PUBLIC": "2022-02-23T10:30:00.000Z", "ID": "CVE-2021-42854", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Directory Traversal Read/Write/Delete at PluginServlet" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SteelCentral AppInternals Dynamic Sampling Agent", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "12.13.0", + "version_value": "12.13.0" + }, + { + "version_affected": "<", + "version_name": "11.8.8", + "version_value": "11.8.8" + }, + { + "version_affected": "=", + "version_name": "10.x", + "version_value": "10.x" + } + ] + } + } + ] + }, + "vendor_name": "Aternity" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Darrel Huang, Bjorn Lim, Leng Kang Hao from Government Technology Agency of Singapore" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) PluginServlet has directory traversal vulnerabilities at the \"/api/appInternals/1.0/plugin/pmx\" API. The affected endpoint does not have any input validation of the user's input that allows a malicious payload to be injected." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://aternity.force.com/customersuccess/s/article/Directory-Traversal-Read-Write-Delete-at-PluginServlet-CVE-2021-42854", + "refsource": "CONFIRM", + "url": "https://aternity.force.com/customersuccess/s/article/Directory-Traversal-Read-Write-Delete-at-PluginServlet-CVE-2021-42854" + } + ] + }, + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42855.json b/2021/42xxx/CVE-2021-42855.json index 2fd2975f666..a265d09384d 100644 --- a/2021/42xxx/CVE-2021-42855.json +++ b/2021/42xxx/CVE-2021-42855.json @@ -1,18 +1,104 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve_disclosure@tech.gov.sg", + "DATE_PUBLIC": "2022-02-23T10:30:00.000Z", "ID": "CVE-2021-42855", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Local privilege escalation due to misconfigured write permission on .debug_command.config file" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SteelCentral AppInternals Dynamic Sampling Agent", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "12.13.0", + "version_value": "12.13.0" + }, + { + "version_affected": "<", + "version_name": "11.8.8", + "version_value": "11.8.8" + }, + { + "version_affected": "=", + "version_name": "10.x", + "version_value": "10.x" + } + ] + } + } + ] + }, + "vendor_name": "Aternity" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Darrel Huang, Bjorn Lim, Leng Kang Hao from Government Technology Agency of Singapore" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) uses the \".debug_command.config\" file to store a json string that contains a list of IDs and pre-configured commands. The config file is subsequently used by the \"/api/appInternals/1.0/agent/configuration\" API to map the corresponding ID to a command to be executed." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://aternity.force.com/customersuccess/s/article/Local-privilege-escalation-due-to-misconfigured-write-permission-on-debug-command-config-file-CVE-2021-42855", + "refsource": "CONFIRM", + "url": "https://aternity.force.com/customersuccess/s/article/Local-privilege-escalation-due-to-misconfigured-write-permission-on-debug-command-config-file-CVE-2021-42855" + } + ] + }, + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42856.json b/2021/42xxx/CVE-2021-42856.json index 1947eb25889..6890496bf96 100644 --- a/2021/42xxx/CVE-2021-42856.json +++ b/2021/42xxx/CVE-2021-42856.json @@ -1,18 +1,104 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve_disclosure@tech.gov.sg", + "DATE_PUBLIC": "2022-02-23T10:30:00.000Z", "ID": "CVE-2021-42856", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Reflected Cross-site Scripting at DsaDataTest" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SteelCentral AppInternals Dynamic Sampling Agent", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "12.13.0", + "version_value": "12.13.0" + }, + { + "version_affected": "<", + "version_name": "11.8.8", + "version_value": "11.8.8" + }, + { + "version_affected": "=", + "version_name": "10.x", + "version_value": "10.x" + } + ] + } + } + ] + }, + "vendor_name": "Aternity" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Darrel Huang, Bjorn Lim, Leng Kang Hao from Government Technology Agency of Singapore" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "It was discovered that the /DsaDataTest endpoint is susceptible to Cross-site scripting (XSS) attack. It was noted that the Metric parameter does not have any input checks on the user input that allows an attacker to craft its own malicious payload to trigger a XSS vulnerability." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://aternity.force.com/customersuccess/s/article/Reflected-Cross-site-Scripting-at-DsaDataTest-CVE-2021-42856", + "refsource": "CONFIRM", + "url": "https://aternity.force.com/customersuccess/s/article/Reflected-Cross-site-Scripting-at-DsaDataTest-CVE-2021-42856" + } + ] + }, + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42857.json b/2021/42xxx/CVE-2021-42857.json index 97285690af1..dd7036bd587 100644 --- a/2021/42xxx/CVE-2021-42857.json +++ b/2021/42xxx/CVE-2021-42857.json @@ -1,18 +1,104 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve_disclosure@tech.gov.sg", + "DATE_PUBLIC": "2022-02-23T10:30:00.000Z", "ID": "CVE-2021-42857", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Directory Traversal Partial Write at AgentDaServlet" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SteelCentral AppInternals Dynamic Sampling Agent", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "12.13.0", + "version_value": "12.13.0" + }, + { + "version_affected": "<", + "version_name": "11.8.8", + "version_value": "11.8.8" + }, + { + "version_affected": "=", + "version_name": "10.x", + "version_value": "10.x" + } + ] + } + } + ] + }, + "vendor_name": "Aternity" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Darrel Huang, Bjorn Lim, Leng Kang Hao from Government Technology Agency of Singapore" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentDaServlet has directory traversal vulnerabilities at the \"/api/appInternals/1.0/agent/da/pcf\" API. The affected endpoint does not have any validation of the user's input that allows a malicious payload to be injected." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://aternity.force.com/customersuccess/s/article/Directory-Traversal-Partial-Write-at-AgentDaServlet-CVE-2021-42857", + "refsource": "CONFIRM", + "url": "https://aternity.force.com/customersuccess/s/article/Directory-Traversal-Partial-Write-at-AgentDaServlet-CVE-2021-42857" + } + ] + }, + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2021/44xxx/CVE-2021-44622.json b/2021/44xxx/CVE-2021-44622.json index d3318441bf2..5c545a8cc2f 100644 --- a/2021/44xxx/CVE-2021-44622.json +++ b/2021/44xxx/CVE-2021-44622.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-44622", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-44622", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/check_reg_verify_code function which could let a remove malicious user execute arbitrary code via a crafted post request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Yu3H0/IoT_CVE/tree/main/886N/chkRegVeriRegister", + "refsource": "MISC", + "name": "https://github.com/Yu3H0/IoT_CVE/tree/main/886N/chkRegVeriRegister" } ] } diff --git a/2021/44xxx/CVE-2021-44750.json b/2021/44xxx/CVE-2021-44750.json index 5e62c5ada31..183b8094a26 100644 --- a/2021/44xxx/CVE-2021-44750.json +++ b/2021/44xxx/CVE-2021-44750.json @@ -1,18 +1,92 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-notifications-us@f-secure.com", "ID": "CVE-2021-44750", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Arbitrary Code Execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "F-Secure Elements Agent, F-Secure MDR, F-Secure Client Security, F-Secure Server Security, F-Secure Email and Server Security, F-Secure Freedome VPN, F-Secure SAFE, F-Secure KEY, and F-Secure Internet Security / Anti-Virus", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All Version " + } + ] + } + } + ] + }, + "vendor_name": "F-Secure" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An arbitrary code execution vulnerability was found in the F-Secure Support Tool. A standard user can craft a special configuration file, which when run by administrator can execute any commands." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories", + "name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "MITIGATION FACTOR\nUser interaction is required prior to exploitation. Administrative privileges is required to run arbitrary commands in the system." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4023.json b/2021/4xxx/CVE-2021-4023.json index 172fe1f0bcb..3a122d67a6b 100644 --- a/2021/4xxx/CVE-2021-4023.json +++ b/2021/4xxx/CVE-2021-4023.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-4023", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "kernel", + "version": { + "version_data": [ + { + "version_value": "kernel versions prior to 5.15-rc1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2026484", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026484" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in the io-workqueue implementation in the Linux kernel versions prior to 5.15-rc1. The kernel can panic when an improper cancellation operation triggers the submission of new io-uring operations during a shortage of free space. This flaw allows a local user with permissions to execute io-uring requests to possibly crash the system." } ] } diff --git a/2022/0xxx/CVE-2022-0204.json b/2022/0xxx/CVE-2022-0204.json index 78a54f177b5..fcbad31a5c5 100644 --- a/2022/0xxx/CVE-2022-0204.json +++ b/2022/0xxx/CVE-2022-0204.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-0204", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "bluez", + "version": { + "version_data": [ + { + "version_value": "bluez versions prior to 5.63" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2039807", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039807" + }, + { + "refsource": "MISC", + "name": "https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q", + "url": "https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service." } ] } diff --git a/2022/0xxx/CVE-2022-0433.json b/2022/0xxx/CVE-2022-0433.json index 2daa2cf0845..c6729e9c579 100644 --- a/2022/0xxx/CVE-2022-0433.json +++ b/2022/0xxx/CVE-2022-0433.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-0433", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "kernel", + "version": { + "version_data": [ + { + "version_value": "Linux kernel versions prior to 5.17-rc1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-908" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2048259", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048259" + }, + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=3ccdcee28415c4226de05438b4d89eb5514edf73", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=3ccdcee28415c4226de05438b4d89eb5514edf73" + }, + { + "refsource": "MISC", + "name": "https://lore.kernel.org/bpf/1640776802-22421-1-git-send-email-tcs.kernel@gmail.com/t/", + "url": "https://lore.kernel.org/bpf/1640776802-22421-1-git-send-email-tcs.kernel@gmail.com/t/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A NULL pointer dereference flaw was found in the Linux kernel's BPF subsystem in the way a user triggers the map_get_next_key function of the BPF bloom filter. This flaw allows a local user to crash the system. This flaw affects Linux kernel versions prior to 5.17-rc1." } ] } diff --git a/2022/0xxx/CVE-2022-0618.json b/2022/0xxx/CVE-2022-0618.json index aeb7d21690f..858e57474d8 100644 --- a/2022/0xxx/CVE-2022-0618.json +++ b/2022/0xxx/CVE-2022-0618.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-0618", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@forums.swift.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Swift Project", + "product": { + "product_data": [ + { + "product_name": "SwiftNIO HTTP2", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "1.0.0" + }, + { + "version_affected": "<=", + "version_value": "1.19.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-130: Improper Handling of Length Parameter Inconsistency" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/apple/swift-nio-http2/security/advisories/GHSA-q36x-r5x4-h4q6", + "refsource": "MISC", + "name": "https://github.com/apple/swift-nio-http2/security/advisories/GHSA-q36x-r5x4-h4q6" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This vulnerability is caused by a logical error when parsing a HTTP/2 HEADERS or HTTP/2 PUSH_PROMISE frame where the frame contains padding information without any other data. This logical error caused confusion about the size of the frame, leading to a parsing error. This parsing error immediately crashes the entire process. Sending a HEADERS frame or PUSH_PROMISE frame with HTTP/2 padding information does not require any special permission, so any HTTP/2 connection peer may send such a frame. For clients, this means any server to which they connect may launch this attack. For servers, anyone they allow to connect to them may launch such an attack. The attack is low-effort: it takes very little resources to send an appropriately crafted frame. The impact on availability is high: receiving the frame immediately crashes the server, dropping all in-flight connections and causing the service to need to restart. It is straightforward for an attacker to repeatedly send appropriately crafted frames, so attackers require very few resources to achieve a substantial denial of service. The attack does not have any confidentiality or integrity risks in and of itself: swift-nio-http2 is parsing the frame in memory-safe code, so the crash is safe. However, sudden process crashes can lead to violations of invariants in services, so it is possible that this attack can be used to trigger an error condition that has confidentiality or integrity risks. The risk can be mitigated if untrusted peers can be prevented from communicating with the service. This mitigation is not available to many services. The issue is fixed by rewriting the parsing code to correctly handle the condition. The issue was found by automated fuzzing by oss-fuzz." } ] } diff --git a/2022/0xxx/CVE-2022-0715.json b/2022/0xxx/CVE-2022-0715.json index c10eec56a69..4b62e690eb0 100644 --- a/2022/0xxx/CVE-2022-0715.json +++ b/2022/0xxx/CVE-2022-0715.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "cybersecurity@se.com", + "ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2022-0715", "STATE": "PUBLIC" }, @@ -90,8 +90,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-02" + "refsource": "MISC", + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-02", + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-02" } ] }, diff --git a/2022/0xxx/CVE-2022-0824.json b/2022/0xxx/CVE-2022-0824.json index 39fcaf7426f..8f87d7650e8 100644 --- a/2022/0xxx/CVE-2022-0824.json +++ b/2022/0xxx/CVE-2022-0824.json @@ -1,89 +1,94 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2022-0824", - "STATE": "PUBLIC", - "TITLE": "Improper Access Control to Remote Code Execution in webmin/webmin" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "webmin/webmin", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "1.990" - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2022-0824", + "STATE": "PUBLIC", + "TITLE": "Improper Access Control to Remote Code Execution in webmin/webmin" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "webmin/webmin", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "1.990" + } + ] + } + } + ] + }, + "vendor_name": "webmin" } - } ] - }, - "vendor_name": "webmin" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 8.3, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-284 Improper Access Control" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/d0049a96-de90-4b1a-9111-94de1044f295", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/d0049a96-de90-4b1a-9111-94de1044f295" - }, - { - "name": "https://github.com/webmin/webmin/commit/39ea464f0c40b325decd6a5bfb7833fa4a142e38", - "refsource": "MISC", - "url": "https://github.com/webmin/webmin/commit/39ea464f0c40b325decd6a5bfb7833fa4a142e38" - } - ] - }, - "source": { - "advisory": "d0049a96-de90-4b1a-9111-94de1044f295", - "discovery": "EXTERNAL" - } + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/d0049a96-de90-4b1a-9111-94de1044f295", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/d0049a96-de90-4b1a-9111-94de1044f295" + }, + { + "name": "https://github.com/webmin/webmin/commit/39ea464f0c40b325decd6a5bfb7833fa4a142e38", + "refsource": "MISC", + "url": "https://github.com/webmin/webmin/commit/39ea464f0c40b325decd6a5bfb7833fa4a142e38" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/166240/Webmin-1.984-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/166240/Webmin-1.984-Remote-Code-Execution.html" + } + ] + }, + "source": { + "advisory": "d0049a96-de90-4b1a-9111-94de1044f295", + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20047.json b/2022/20xxx/CVE-2022-20047.json index c5cb3195b60..233b333fc7c 100644 --- a/2022/20xxx/CVE-2022-20047.json +++ b/2022/20xxx/CVE-2022-20047.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20047", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT5816, MT5835, MT6885, MT6893, MT9900, MT9901, MT9950, MT9969, MT9970, MT9980", + "version": { + "version_data": [ + { + "version_value": "Android 10.0, 11.0, 12.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/March-2022", + "url": "https://corp.mediatek.com/product-security-bulletin/March-2022" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917489; Issue ID: ALPS05917489." } ] } diff --git a/2022/20xxx/CVE-2022-20048.json b/2022/20xxx/CVE-2022-20048.json index 864e856bb16..79d296ff0ee 100644 --- a/2022/20xxx/CVE-2022-20048.json +++ b/2022/20xxx/CVE-2022-20048.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20048", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT5816, MT5835, MT6885, MT6893, MT9900, MT9901, MT9950, MT9969, MT9970, MT9980", + "version": { + "version_data": [ + { + "version_value": "Android 10.0, 11.0, 12.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/March-2022", + "url": "https://corp.mediatek.com/product-security-bulletin/March-2022" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917502; Issue ID: ALPS05917502." } ] } diff --git a/2022/20xxx/CVE-2022-20049.json b/2022/20xxx/CVE-2022-20049.json index 52e5776b747..34dd3d5c1e7 100644 --- a/2022/20xxx/CVE-2022-20049.json +++ b/2022/20xxx/CVE-2022-20049.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20049", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6779, MT6785, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8168, MT8175, MT8183, MT8185, MT8362A, MT8365, MT8385, MT8788", + "version": { + "version_data": [ + { + "version_value": "Android 10.0, 11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/March-2022", + "url": "https://corp.mediatek.com/product-security-bulletin/March-2022" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In vpu, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05954679; Issue ID: ALPS05954679." } ] } diff --git a/2022/20xxx/CVE-2022-20050.json b/2022/20xxx/CVE-2022-20050.json index 085a41c8e99..066f923efed 100644 --- a/2022/20xxx/CVE-2022-20050.json +++ b/2022/20xxx/CVE-2022-20050.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20050", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6880, MT6883, MT6885, MT6889, MT6891, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8667, MT8675, MT8696, MT8735A, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797", + "version": { + "version_data": [ + { + "version_value": "Android 11.0, 12.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/March-2022", + "url": "https://corp.mediatek.com/product-security-bulletin/March-2022" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In connsyslogger, there is a possible symbolic link following due to improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06335038; Issue ID: ALPS06335038." } ] } diff --git a/2022/20xxx/CVE-2022-20051.json b/2022/20xxx/CVE-2022-20051.json index d6e7b709a70..097f712beb6 100644 --- a/2022/20xxx/CVE-2022-20051.json +++ b/2022/20xxx/CVE-2022-20051.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20051", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6731, MT6732, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8167, MT8168, MT8173, MT8183, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8667, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797", + "version": { + "version_data": [ + { + "version_value": "Android 11.0, 12.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/March-2022", + "url": "https://corp.mediatek.com/product-security-bulletin/March-2022" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ims service, there is a possible unexpected application behavior due to incorrect privilege assignment. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219127; Issue ID: ALPS06219127." } ] } diff --git a/2022/20xxx/CVE-2022-20053.json b/2022/20xxx/CVE-2022-20053.json index 6ab31d43cc8..5e4bf20ede7 100644 --- a/2022/20xxx/CVE-2022-20053.json +++ b/2022/20xxx/CVE-2022-20053.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20053", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6731, MT6732, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6755S, MT6757, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8167, MT8168, MT8173, MT8183, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8667, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797", + "version": { + "version_data": [ + { + "version_value": "Android 9.0, 10.0, 11.0, 12.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/March-2022", + "url": "https://corp.mediatek.com/product-security-bulletin/March-2022" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ims service, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219097; Issue ID: ALPS06219097." } ] } diff --git a/2022/20xxx/CVE-2022-20054.json b/2022/20xxx/CVE-2022-20054.json index b7570c5f5f5..051c710b3e4 100644 --- a/2022/20xxx/CVE-2022-20054.json +++ b/2022/20xxx/CVE-2022-20054.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20054", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6580, MT6739, MT6750, MT6761, MT6762, MT6763, MT6765, MT6768, MT6771, MT6779, MT8167, MT8168, MT8173, MT8183, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8667, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797", + "version": { + "version_data": [ + { + "version_value": "Android 9.0, 10.0, 11.0, 12.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/March-2022", + "url": "https://corp.mediatek.com/product-security-bulletin/March-2022" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ims service, there is a possible AT command injection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219083; Issue ID: ALPS06219083." } ] } diff --git a/2022/20xxx/CVE-2022-20055.json b/2022/20xxx/CVE-2022-20055.json index d046a3d4f89..e478afe7fa8 100644 --- a/2022/20xxx/CVE-2022-20055.json +++ b/2022/20xxx/CVE-2022-20055.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20055", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6761, MT6762, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6893, MT8183, MT8185, MT8321, MT8385, MT8666, MT8667, MT8675, MT8735A, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797", + "version": { + "version_data": [ + { + "version_value": "Android 10.0, 11.0, 12.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/March-2022", + "url": "https://corp.mediatek.com/product-security-bulletin/March-2022" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160830." } ] } diff --git a/2022/20xxx/CVE-2022-20056.json b/2022/20xxx/CVE-2022-20056.json index 3760a210af2..4dd613ef7ab 100644 --- a/2022/20xxx/CVE-2022-20056.json +++ b/2022/20xxx/CVE-2022-20056.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20056", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6761, MT6762, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6893, MT8183, MT8185, MT8321, MT8385, MT8666, MT8667, MT8675, MT8735A, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797", + "version": { + "version_data": [ + { + "version_value": "Android 10.0, 11.0, 12.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/March-2022", + "url": "https://corp.mediatek.com/product-security-bulletin/March-2022" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160820." } ] } diff --git a/2022/20xxx/CVE-2022-20057.json b/2022/20xxx/CVE-2022-20057.json index 953dc4010be..9dc1263c5f2 100644 --- a/2022/20xxx/CVE-2022-20057.json +++ b/2022/20xxx/CVE-2022-20057.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20057", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6739, MT6758, MT6761, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6883, MT6893, MT8163, MT8167, MT8168, MT8173, MT8362A, MT8365", + "version": { + "version_data": [ + { + "version_value": "Android 11.0, 12.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/March-2022", + "url": "https://corp.mediatek.com/product-security-bulletin/March-2022" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In btif, there is a possible memory corruption due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06271186; Issue ID: ALPS06271186." } ] } diff --git a/2022/20xxx/CVE-2022-20058.json b/2022/20xxx/CVE-2022-20058.json index 14056659c72..b26841388b7 100644 --- a/2022/20xxx/CVE-2022-20058.json +++ b/2022/20xxx/CVE-2022-20058.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20058", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6761, MT6762, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6893, MT8183, MT8185, MT8321, MT8385, MT8666, MT8667, MT8675, MT8735A, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797", + "version": { + "version_data": [ + { + "version_value": "Android 10.0, 11.0, 12.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/March-2022", + "url": "https://corp.mediatek.com/product-security-bulletin/March-2022" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160485." } ] } diff --git a/2022/20xxx/CVE-2022-20059.json b/2022/20xxx/CVE-2022-20059.json index eb6257a0552..a4a18f370a4 100644 --- a/2022/20xxx/CVE-2022-20059.json +++ b/2022/20xxx/CVE-2022-20059.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20059", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6761, MT6762, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6885, MT6889, MT6893, MT8183, MT8185, MT8321, MT8385, MT8666, MT8667, MT8675, MT8735A, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797", + "version": { + "version_data": [ + { + "version_value": "Android 10.0, 11.0, 12.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/March-2022", + "url": "https://corp.mediatek.com/product-security-bulletin/March-2022" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160781." } ] } diff --git a/2022/20xxx/CVE-2022-20060.json b/2022/20xxx/CVE-2022-20060.json index e2a95acab60..fbaa5f28652 100644 --- a/2022/20xxx/CVE-2022-20060.json +++ b/2022/20xxx/CVE-2022-20060.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20060", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6761, MT6762, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6875, MT6877, MT6885, MT6889, MT6893, MT8183, MT8185, MT8321, MT8385, MT8666, MT8667, MT8675, MT8735A, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797", + "version": { + "version_data": [ + { + "version_value": "Android 10.0, 11.0, 12.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/March-2022", + "url": "https://corp.mediatek.com/product-security-bulletin/March-2022" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In preloader (usb), there is a possible permission bypass due to a missing proper image authentication. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06137462." } ] } diff --git a/2022/21xxx/CVE-2022-21967.json b/2022/21xxx/CVE-2022-21967.json index fe1cf362d30..ec7ebe5573c 100644 --- a/2022/21xxx/CVE-2022-21967.json +++ b/2022/21xxx/CVE-2022-21967.json @@ -1,226 +1,228 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2022-21967", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1809 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2022-21967", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H1 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H1 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H1 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 20H2 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 20H2 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 20H2 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 11 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 11 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 21H1 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 21H1 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 21H1 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 20H2 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 20H2 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 20H2 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 11 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 11 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 21H2 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 21H2 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 21H2 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Xbox Live Auth Manager for Windows Elevation of Privilege Vulnerability." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Xbox Live Auth Manager for Windows Elevation of Privilege Vulnerability." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21967" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", - "baseScore": "7.0", - "temporalScore": "6.1", - "version": "3.1" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21967", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21967" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", + "baseScore": "7.0", + "temporalScore": "6.1", + "version": "3.1" + } } - } -} +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21973.json b/2022/21xxx/CVE-2022-21973.json index 63f5decdb1a..ac077289664 100644 --- a/2022/21xxx/CVE-2022-21973.json +++ b/2022/21xxx/CVE-2022-21973.json @@ -1,99 +1,101 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2022-21973", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "7 for 32-bit Systems Service Pack 1" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2022-21973", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + } + ] }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Windows Media Center Update Denial of Service Vulnerability." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Denial of Service" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Windows Media Center Update Denial of Service Vulnerability." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21973" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", - "baseScore": "5.5", - "temporalScore": "4.8", - "version": "3.1" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21973", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21973" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", + "baseScore": "5.5", + "temporalScore": "4.8", + "version": "3.1" + } } - } -} +} \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22805.json b/2022/22xxx/CVE-2022-22805.json index 8e496f2860f..c71c0a1b43c 100644 --- a/2022/22xxx/CVE-2022-22805.json +++ b/2022/22xxx/CVE-2022-22805.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "cybersecurity@se.com", + "ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2022-22805", "STATE": "PUBLIC" }, @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists that could cause remote code execution when an improperly handled TLS packet is reassembled.\n\nAffected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)" + "value": "A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists that could cause remote code execution when an improperly handled TLS packet is reassembled. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)" } ] }, @@ -68,8 +68,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-02" + "refsource": "MISC", + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-02", + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-02" } ] }, diff --git a/2022/22xxx/CVE-2022-22806.json b/2022/22xxx/CVE-2022-22806.json index b9ef137ba2d..ae4c27d5c96 100644 --- a/2022/22xxx/CVE-2022-22806.json +++ b/2022/22xxx/CVE-2022-22806.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "cybersecurity@se.com", + "ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2022-22806", "STATE": "PUBLIC" }, @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent.\n\nAffected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)" + "value": "A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)" } ] }, @@ -68,8 +68,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-02" + "refsource": "MISC", + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-02", + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-02" } ] }, diff --git a/2022/23xxx/CVE-2022-23265.json b/2022/23xxx/CVE-2022-23265.json index 4461db78a79..16fc87f1b7c 100644 --- a/2022/23xxx/CVE-2022-23265.json +++ b/2022/23xxx/CVE-2022-23265.json @@ -1,68 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2022-23265", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Microsoft Defender for IoT", - "version": { - "version_data": [ - { - "version_value": "" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2022-23265", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Defender for IoT", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Microsoft Defender for IoT Remote Code Execution Vulnerability." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Defender for IoT Remote Code Execution Vulnerability." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23265" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C", - "baseScore": "7.2", - "temporalScore": "6.7", - "version": "3.1" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23265", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23265" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-495/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-495/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C", + "baseScore": "7.2", + "temporalScore": "6.7", + "version": "3.1" + } } - } -} +} \ No newline at end of file diff --git a/2022/23xxx/CVE-2022-23266.json b/2022/23xxx/CVE-2022-23266.json index 2d2f2d5cd27..a16b240b5ec 100644 --- a/2022/23xxx/CVE-2022-23266.json +++ b/2022/23xxx/CVE-2022-23266.json @@ -1,68 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2022-23266", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Microsoft Defender for IoT", - "version": { - "version_data": [ - { - "version_value": "" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2022-23266", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Defender for IoT", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Microsoft Defender for IoT Elevation of Privilege Vulnerability." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Defender for IoT Elevation of Privilege Vulnerability." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23266" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", - "baseScore": "7.8", - "temporalScore": "6.8", - "version": "3.1" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23266", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23266" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-496/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-496/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", + "baseScore": "7.8", + "temporalScore": "6.8", + "version": "3.1" + } } - } -} +} \ No newline at end of file diff --git a/2022/23xxx/CVE-2022-23281.json b/2022/23xxx/CVE-2022-23281.json index b709c1ccd1f..3012e10b0f3 100644 --- a/2022/23xxx/CVE-2022-23281.json +++ b/2022/23xxx/CVE-2022-23281.json @@ -1,330 +1,337 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2022-23281", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1809 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2022-23281", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H1 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H1 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H1 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server 2022 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server 2022 Azure Edition Core Hotpatch", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 20H2 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 20H2 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 20H2 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 20H2 (Server Core Installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 11 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 11 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 21H1 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 21H1 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 21H1 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server 2022", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server 2022 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server 2022 Azure Edition Core Hotpatch", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 20H2 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 20H2 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 20H2 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 20H2 (Server Core Installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 11 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 11 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 21H2 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 21H2 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 21H2 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Windows Common Log File System Driver Information Disclosure Vulnerability." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Information Disclosure" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Windows Common Log File System Driver Information Disclosure Vulnerability." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23281" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", - "baseScore": "5.5", - "temporalScore": "4.8", - "version": "3.1" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23281", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23281" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-497/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-497/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", + "baseScore": "5.5", + "temporalScore": "4.8", + "version": "3.1" + } } - } -} +} \ No newline at end of file diff --git a/2022/23xxx/CVE-2022-23299.json b/2022/23xxx/CVE-2022-23299.json index 26ab787e1da..fb8cdd2fd54 100644 --- a/2022/23xxx/CVE-2022-23299.json +++ b/2022/23xxx/CVE-2022-23299.json @@ -1,330 +1,337 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2022-23299", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1809 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2022-23299", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H1 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H1 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H1 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server 2022 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server 2022 Azure Edition Core Hotpatch", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 20H2 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 20H2 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 20H2 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 20H2 (Server Core Installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 11 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 11 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 21H1 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 21H1 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 21H1 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server 2022", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server 2022 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server 2022 Azure Edition Core Hotpatch", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 20H2 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 20H2 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 20H2 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 20H2 (Server Core Installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 11 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 11 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 21H2 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 21H2 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 21H2 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Windows PDEV Elevation of Privilege Vulnerability." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Windows PDEV Elevation of Privilege Vulnerability." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23299" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", - "baseScore": "7.8", - "temporalScore": "6.8", - "version": "3.1" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23299", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23299" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-493/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-493/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", + "baseScore": "7.8", + "temporalScore": "6.8", + "version": "3.1" + } } - } -} +} \ No newline at end of file diff --git a/2022/24xxx/CVE-2022-24349.json b/2022/24xxx/CVE-2022-24349.json index 93b46d63b8b..84e40daf957 100644 --- a/2022/24xxx/CVE-2022-24349.json +++ b/2022/24xxx/CVE-2022-24349.json @@ -72,7 +72,7 @@ "description_data": [ { "lang": "eng", - "value": "An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users.\nMalicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attack can be implemented with the help of social engineering and expiration of a number of factors - an attacker should have authorized access to the Zabbix Frontend and allowed network connection between a malicious server and victim’s computer, understand attacked infrastructure, be recognized by the victim as a trustee and use trusted communication channel." + "value": "An authenticated user can create a link with reflected XSS payload for actions\u2019 pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attack can be implemented with the help of social engineering and expiration of a number of factors - an attacker should have authorized access to the Zabbix Frontend and allowed network connection between a malicious server and victim\u2019s computer, understand attacked infrastructure, be recognized by the victim as a trustee and use trusted communication channel." } ] }, @@ -110,8 +110,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://support.zabbix.com/browse/ZBX-20680" + "refsource": "MISC", + "url": "https://support.zabbix.com/browse/ZBX-20680", + "name": "https://support.zabbix.com/browse/ZBX-20680" } ] }, diff --git a/2022/24xxx/CVE-2022-24397.json b/2022/24xxx/CVE-2022-24397.json index ec64c135758..cc25d589757 100644 --- a/2022/24xxx/CVE-2022-24397.json +++ b/2022/24xxx/CVE-2022-24397.json @@ -4,14 +4,83 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-24397", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP NetWeaver Enterprise Portal", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "7.30" + }, + { + "version_name": "<", + "version_value": "7.31" + }, + { + "version_name": "<", + "version_value": "7.40" + }, + { + "version_name": "<", + "version_value": "7.50" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP NetWeaver Enterprise Portal - versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.This reflected cross-site scripting attack can be used to non-permanently deface or modify displayed content of portal Website. The execution of the script content by a victim registered on the portal could compromise the confidentiality and integrity of victim\u2019s web browser." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://dam.sap.com/mac/embed/public/pdf/a/ucQrx6G.htm?rc=10", + "refsource": "MISC", + "name": "https://dam.sap.com/mac/embed/public/pdf/a/ucQrx6G.htm?rc=10" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3146260", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3146260" } ] } diff --git a/2022/24xxx/CVE-2022-24407.json b/2022/24xxx/CVE-2022-24407.json index a19cba58eab..c4973cecc7d 100644 --- a/2022/24xxx/CVE-2022-24407.json +++ b/2022/24xxx/CVE-2022-24407.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-f9642fab70", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZC6BMPI3V3MC2IGNLN377ETUWO7QBIH/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-8cc64f73d0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H26R4SMGM3WHXX4XYNNJB4YGFIL5UNF4/" } ] } diff --git a/2022/24xxx/CVE-2022-24432.json b/2022/24xxx/CVE-2022-24432.json index d675faf6ea8..461ee31abd2 100644 --- a/2022/24xxx/CVE-2022-24432.json +++ b/2022/24xxx/CVE-2022-24432.json @@ -1,18 +1,101 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2022-03-03T18:40:00.000Z", "ID": "CVE-2022-24432", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "ICSA-22-062-01 IPCOMM ipDIO" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "IPCOMM ipDIO ", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_name": "3.9", + "version_value": "3.9" + } + ] + } + } + ] + }, + "vendor_name": "IPCOMM" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Aar\u00f3n Flecha Men\u00e9ndez of S21Sec reported these vulnerabilities to CISA." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Persistent cross-site scripting (XSS) in the web interface of ipDIO allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into specific fields. The XSS payload will be executed when a legitimate user attempts to upload, copy, download, or delete an existing configuration (Administrative Services)." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-062-01", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-062-01" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "IPCOMM recommends upgrading to its ip4Cloud device, which is the successor to ipDIO. Contact IPCOMM customer support for assistance with the upgrade. For more information, visit the IPCOMM ip4Cloud product page." + } + ], + "source": { + "advisory": "ICSA-22-062-01", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/24xxx/CVE-2022-24455.json b/2022/24xxx/CVE-2022-24455.json index 990ad8bce8e..373e714fd84 100644 --- a/2022/24xxx/CVE-2022-24455.json +++ b/2022/24xxx/CVE-2022-24455.json @@ -1,156 +1,168 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2022-24455", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1809 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2022-24455", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Windows CD-ROM Driver Elevation of Privilege Vulnerability." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Windows CD-ROM Driver Elevation of Privilege Vulnerability." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24455" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", - "baseScore": "7.8", - "temporalScore": "6.8", - "version": "3.1" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24455", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24455" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-499/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-499/" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-498/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-498/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", + "baseScore": "7.8", + "temporalScore": "6.8", + "version": "3.1" + } } - } -} +} \ No newline at end of file diff --git a/2022/24xxx/CVE-2022-24461.json b/2022/24xxx/CVE-2022-24461.json index 3c67334d659..a1a77a2691e 100644 --- a/2022/24xxx/CVE-2022-24461.json +++ b/2022/24xxx/CVE-2022-24461.json @@ -1,111 +1,118 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2022-24461", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Microsoft Office", - "version": { - "version_data": [ - { - "version_value": "2019 for 32-bit editions" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2022-24461", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "2019 for 32-bit editions" + }, + { + "version_value": "2019 for 64-bit editions" + } + ] + } + }, + { + "product_name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC 2021 for 64-bit editions", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC 2021 for 32-bit editions", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "2019 for 64-bit editions" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Office LTSC 2021 for 64-bit editions", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Office LTSC 2021 for 32-bit editions", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24509, CVE-2022-24510." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24509, CVE-2022-24510." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24461" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", - "baseScore": "7.8", - "temporalScore": "6.8", - "version": "3.1" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24461", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24461" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-500/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-500/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", + "baseScore": "7.8", + "temporalScore": "6.8", + "version": "3.1" + } } - } -} +} \ No newline at end of file diff --git a/2022/24xxx/CVE-2022-24509.json b/2022/24xxx/CVE-2022-24509.json index e61dc6b7133..414d640ae5b 100644 --- a/2022/24xxx/CVE-2022-24509.json +++ b/2022/24xxx/CVE-2022-24509.json @@ -1,111 +1,118 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2022-24509", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Microsoft Office", - "version": { - "version_data": [ - { - "version_value": "2019 for 32-bit editions" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2022-24509", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "2019 for 32-bit editions" + }, + { + "version_value": "2019 for 64-bit editions" + } + ] + } + }, + { + "product_name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC 2021 for 64-bit editions", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC 2021 for 32-bit editions", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "2019 for 64-bit editions" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Office LTSC 2021 for 64-bit editions", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Office LTSC 2021 for 32-bit editions", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24461, CVE-2022-24510." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24461, CVE-2022-24510." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24509" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", - "baseScore": "7.8", - "temporalScore": "6.8", - "version": "3.1" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24509", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24509" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-501/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-501/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", + "baseScore": "7.8", + "temporalScore": "6.8", + "version": "3.1" + } } - } -} +} \ No newline at end of file diff --git a/2022/24xxx/CVE-2022-24510.json b/2022/24xxx/CVE-2022-24510.json index d6ea2af5dad..1067500ff1a 100644 --- a/2022/24xxx/CVE-2022-24510.json +++ b/2022/24xxx/CVE-2022-24510.json @@ -1,111 +1,118 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2022-24510", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Microsoft Office", - "version": { - "version_data": [ - { - "version_value": "2019 for 32-bit editions" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2022-24510", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "2019 for 32-bit editions" + }, + { + "version_value": "2019 for 64-bit editions" + } + ] + } + }, + { + "product_name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC 2021 for 64-bit editions", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Office LTSC 2021 for 32-bit editions", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "2019 for 64-bit editions" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Office LTSC 2021 for 64-bit editions", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Office LTSC 2021 for 32-bit editions", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24461, CVE-2022-24509." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24461, CVE-2022-24509." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24510" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", - "baseScore": "7.8", - "temporalScore": "6.8", - "version": "3.1" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24510", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24510" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-494/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-494/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", + "baseScore": "7.8", + "temporalScore": "6.8", + "version": "3.1" + } } - } -} +} \ No newline at end of file diff --git a/2022/25xxx/CVE-2022-25090.json b/2022/25xxx/CVE-2022-25090.json index b2fac0b5073..f0c0d893e68 100644 --- a/2022/25xxx/CVE-2022-25090.json +++ b/2022/25xxx/CVE-2022-25090.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-25090", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-25090", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Printix Secure Cloud Print Management 1.3.1035.0 creates a temporary file in directory with insecure permissions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://printix.com", + "refsource": "MISC", + "name": "http://printix.com" + }, + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/50812", + "url": "https://www.exploit-db.com/exploits/50812" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/166242/Printix-Client-1.3.1106.0-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/166242/Printix-Client-1.3.1106.0-Privilege-Escalation.html" } ] } diff --git a/2022/25xxx/CVE-2022-25551.json b/2022/25xxx/CVE-2022-25551.json index 90810a1ad04..2e1ae2f30ea 100644 --- a/2022/25xxx/CVE-2022-25551.json +++ b/2022/25xxx/CVE-2022-25551.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-25551", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-25551", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsDomain parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX1806/8", + "refsource": "MISC", + "name": "https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX1806/8" } ] } diff --git a/2022/25xxx/CVE-2022-25552.json b/2022/25xxx/CVE-2022-25552.json index 686e1a35133..e9209eff8c8 100644 --- a/2022/25xxx/CVE-2022-25552.json +++ b/2022/25xxx/CVE-2022-25552.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-25552", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-25552", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ssid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX1806/3", + "refsource": "MISC", + "name": "https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX1806/3" } ] } diff --git a/2022/25xxx/CVE-2022-25553.json b/2022/25xxx/CVE-2022-25553.json index 56425c569b3..d33ac469f2a 100644 --- a/2022/25xxx/CVE-2022-25553.json +++ b/2022/25xxx/CVE-2022-25553.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-25553", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-25553", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsPwd parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX1806/7", + "refsource": "MISC", + "name": "https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX1806/7" } ] } diff --git a/2022/25xxx/CVE-2022-25554.json b/2022/25xxx/CVE-2022-25554.json index 481fef6c2cc..77edbd4501f 100644 --- a/2022/25xxx/CVE-2022-25554.json +++ b/2022/25xxx/CVE-2022-25554.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-25554", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-25554", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the deviceId parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX1806/10", + "refsource": "MISC", + "name": "https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX1806/10" } ] } diff --git a/2022/25xxx/CVE-2022-25555.json b/2022/25xxx/CVE-2022-25555.json index 93e68886a52..8bd5f4abfd7 100644 --- a/2022/25xxx/CVE-2022-25555.json +++ b/2022/25xxx/CVE-2022-25555.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-25555", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-25555", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ntpServer parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX1806/2", + "refsource": "MISC", + "name": "https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX1806/2" } ] } diff --git a/2022/25xxx/CVE-2022-25556.json b/2022/25xxx/CVE-2022-25556.json index e5cff59027a..a23288f0243 100644 --- a/2022/25xxx/CVE-2022-25556.json +++ b/2022/25xxx/CVE-2022-25556.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-25556", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-25556", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_42E328. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX12/6", + "refsource": "MISC", + "name": "https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX12/6" } ] } diff --git a/2022/25xxx/CVE-2022-25557.json b/2022/25xxx/CVE-2022-25557.json index 01842821821..5ad05117c0b 100644 --- a/2022/25xxx/CVE-2022-25557.json +++ b/2022/25xxx/CVE-2022-25557.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-25557", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-25557", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AX1806 v1.0.0.1 was discovered to contain a heap overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the urls parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX1806/11", + "refsource": "MISC", + "name": "https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX1806/11" } ] } diff --git a/2022/25xxx/CVE-2022-25558.json b/2022/25xxx/CVE-2022-25558.json index 717c392b112..c25672fd1c0 100644 --- a/2022/25xxx/CVE-2022-25558.json +++ b/2022/25xxx/CVE-2022-25558.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-25558", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-25558", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetProvince. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ProvinceCode parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX1806/13", + "refsource": "MISC", + "name": "https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX1806/13" } ] } diff --git a/2022/25xxx/CVE-2022-25560.json b/2022/25xxx/CVE-2022-25560.json index 599b6b33f21..8fd5c4e585e 100644 --- a/2022/25xxx/CVE-2022-25560.json +++ b/2022/25xxx/CVE-2022-25560.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-25560", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-25560", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_4327CC. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX12/4", + "refsource": "MISC", + "name": "https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX12/4" } ] } diff --git a/2022/25xxx/CVE-2022-25561.json b/2022/25xxx/CVE-2022-25561.json index f8f9d6d4216..1e1afa23218 100644 --- a/2022/25xxx/CVE-2022-25561.json +++ b/2022/25xxx/CVE-2022-25561.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-25561", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-25561", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_42DE00. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX12/5", + "refsource": "MISC", + "name": "https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX12/5" } ] } diff --git a/2022/25xxx/CVE-2022-25566.json b/2022/25xxx/CVE-2022-25566.json index 14e38177abd..22283136896 100644 --- a/2022/25xxx/CVE-2022-25566.json +++ b/2022/25xxx/CVE-2022-25566.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-25566", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-25566", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX1806/12", + "refsource": "MISC", + "name": "https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX1806/12" } ] } diff --git a/2022/26xxx/CVE-2022-26487.json b/2022/26xxx/CVE-2022-26487.json index d98807818e2..a0c0d48a527 100644 --- a/2022/26xxx/CVE-2022-26487.json +++ b/2022/26xxx/CVE-2022-26487.json @@ -1,76 +1,18 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2022-26487", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-26487", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allow remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic)." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-26143. Reason: This candidate is a reservation duplicate of CVE-2022-26143. Notes: All CVE users should reference CVE-2022-26143 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0001", - "refsource": "MISC", - "name": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0001" - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:L/PR:N/S:U/UI:N", - "version": "3.1" - } } } \ No newline at end of file diff --git a/2022/26xxx/CVE-2022-26780.json b/2022/26xxx/CVE-2022-26780.json new file mode 100644 index 00000000000..aa1cdba858f --- /dev/null +++ b/2022/26xxx/CVE-2022-26780.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-26780", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/26xxx/CVE-2022-26781.json b/2022/26xxx/CVE-2022-26781.json new file mode 100644 index 00000000000..2ae5d81be5e --- /dev/null +++ b/2022/26xxx/CVE-2022-26781.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-26781", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/26xxx/CVE-2022-26782.json b/2022/26xxx/CVE-2022-26782.json new file mode 100644 index 00000000000..b0db326c3c8 --- /dev/null +++ b/2022/26xxx/CVE-2022-26782.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-26782", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/26xxx/CVE-2022-26784.json b/2022/26xxx/CVE-2022-26784.json new file mode 100644 index 00000000000..0c6d6413f0e --- /dev/null +++ b/2022/26xxx/CVE-2022-26784.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-26784", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/26xxx/CVE-2022-26787.json b/2022/26xxx/CVE-2022-26787.json new file mode 100644 index 00000000000..77d07be3c3f --- /dev/null +++ b/2022/26xxx/CVE-2022-26787.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-26787", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/26xxx/CVE-2022-26793.json b/2022/26xxx/CVE-2022-26793.json new file mode 100644 index 00000000000..15dc97f11a6 --- /dev/null +++ b/2022/26xxx/CVE-2022-26793.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-26793", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/26xxx/CVE-2022-26794.json b/2022/26xxx/CVE-2022-26794.json new file mode 100644 index 00000000000..d7eb5f78125 --- /dev/null +++ b/2022/26xxx/CVE-2022-26794.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-26794", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/26xxx/CVE-2022-26796.json b/2022/26xxx/CVE-2022-26796.json new file mode 100644 index 00000000000..70f3dc760e5 --- /dev/null +++ b/2022/26xxx/CVE-2022-26796.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-26796", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/26xxx/CVE-2022-26797.json b/2022/26xxx/CVE-2022-26797.json new file mode 100644 index 00000000000..b239f237085 --- /dev/null +++ b/2022/26xxx/CVE-2022-26797.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-26797", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/26xxx/CVE-2022-26800.json b/2022/26xxx/CVE-2022-26800.json new file mode 100644 index 00000000000..c025a45fb45 --- /dev/null +++ b/2022/26xxx/CVE-2022-26800.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-26800", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/26xxx/CVE-2022-26802.json b/2022/26xxx/CVE-2022-26802.json new file mode 100644 index 00000000000..79a03e1eb7f --- /dev/null +++ b/2022/26xxx/CVE-2022-26802.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-26802", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/26xxx/CVE-2022-26804.json b/2022/26xxx/CVE-2022-26804.json new file mode 100644 index 00000000000..f0d96706cb0 --- /dev/null +++ b/2022/26xxx/CVE-2022-26804.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-26804", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/26xxx/CVE-2022-26805.json b/2022/26xxx/CVE-2022-26805.json new file mode 100644 index 00000000000..ec02b58ab07 --- /dev/null +++ b/2022/26xxx/CVE-2022-26805.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-26805", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/26xxx/CVE-2022-26806.json b/2022/26xxx/CVE-2022-26806.json new file mode 100644 index 00000000000..d07a9710d0f --- /dev/null +++ b/2022/26xxx/CVE-2022-26806.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-26806", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/26xxx/CVE-2022-26808.json b/2022/26xxx/CVE-2022-26808.json new file mode 100644 index 00000000000..d0659025492 --- /dev/null +++ b/2022/26xxx/CVE-2022-26808.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-26808", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/26xxx/CVE-2022-26810.json b/2022/26xxx/CVE-2022-26810.json new file mode 100644 index 00000000000..08b25aebc07 --- /dev/null +++ b/2022/26xxx/CVE-2022-26810.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-26810", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/26xxx/CVE-2022-26814.json b/2022/26xxx/CVE-2022-26814.json new file mode 100644 index 00000000000..aff4e361aae --- /dev/null +++ b/2022/26xxx/CVE-2022-26814.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-26814", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/26xxx/CVE-2022-26826.json b/2022/26xxx/CVE-2022-26826.json new file mode 100644 index 00000000000..82f5061f24a --- /dev/null +++ b/2022/26xxx/CVE-2022-26826.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-26826", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/26xxx/CVE-2022-26829.json b/2022/26xxx/CVE-2022-26829.json new file mode 100644 index 00000000000..a47b44a0fef --- /dev/null +++ b/2022/26xxx/CVE-2022-26829.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-26829", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file