diff --git a/2021/3xxx/CVE-2021-3922.json b/2021/3xxx/CVE-2021-3922.json index a361c70f9ef..ddc30abb93b 100644 --- a/2021/3xxx/CVE-2021-3922.json +++ b/2021/3xxx/CVE-2021-3922.json @@ -79,8 +79,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://support.lenovo.com/us/en/product_security/LEN-75210" + "refsource": "MISC", + "url": "https://support.lenovo.com/us/en/product_security/LEN-75210", + "name": "https://support.lenovo.com/us/en/product_security/LEN-75210" } ] }, diff --git a/2021/3xxx/CVE-2021-3956.json b/2021/3xxx/CVE-2021-3956.json index 481f69f2f69..e7eb37088e2 100644 --- a/2021/3xxx/CVE-2021-3956.json +++ b/2021/3xxx/CVE-2021-3956.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "A read-only authentication bypass vulnerability was reported in the Third Quarter 2021 release of Lenovo XClarity Controller (XCC) firmware affecting XCC devices configured in LDAP Authentication Only Mode and using an LDAP server that supports “unauthenticated bind”, such as Microsoft Active Directory. An unauthenticated user can gain read-only access to XCC in such a configuration, thereby allowing the XCC device configuration to be viewed but not changed.\nXCC devices configured to use local authentication, LDAP Authentication + Authorization Mode, or LDAP servers that support only “authenticated bind” and/or “anonymous bind” are not affected." + "value": "A read-only authentication bypass vulnerability was reported in the Third Quarter 2021 release of Lenovo XClarity Controller (XCC) firmware affecting XCC devices configured in LDAP Authentication Only Mode and using an LDAP server that supports \u201cunauthenticated bind\u201d, such as Microsoft Active Directory. An unauthenticated user can gain read-only access to XCC in such a configuration, thereby allowing the XCC device configuration to be viewed but not changed. XCC devices configured to use local authentication, LDAP Authentication + Authorization Mode, or LDAP servers that support only \u201cauthenticated bind\u201d and/or \u201canonymous bind\u201d are not affected." } ] }, @@ -73,8 +73,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://support.lenovo.com/us/en/product_security/LEN-72074" + "refsource": "MISC", + "url": "https://support.lenovo.com/us/en/product_security/LEN-72074", + "name": "https://support.lenovo.com/us/en/product_security/LEN-72074" } ] }, diff --git a/2021/3xxx/CVE-2021-3969.json b/2021/3xxx/CVE-2021-3969.json index 93e9afd37dc..c9b6a82ecd1 100644 --- a/2021/3xxx/CVE-2021-3969.json +++ b/2021/3xxx/CVE-2021-3969.json @@ -79,8 +79,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://support.lenovo.com/us/en/product_security/LEN-75210" + "refsource": "MISC", + "url": "https://support.lenovo.com/us/en/product_security/LEN-75210", + "name": "https://support.lenovo.com/us/en/product_security/LEN-75210" } ] }, diff --git a/2021/42xxx/CVE-2021-42700.json b/2021/42xxx/CVE-2021-42700.json index 02e1464ac44..f826ebcd7a0 100644 --- a/2021/42xxx/CVE-2021-42700.json +++ b/2021/42xxx/CVE-2021-42700.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2022-05-12T21:42:00.000Z", "ID": "CVE-2021-42700", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Inkscape Out-of-bounds Read" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Inkscape", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0.91" + } + ] + } + } + ] + }, + "vendor_name": "Inkscape" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Tran Van Khang \u2013 khangkito (VinCSS), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inkscape 0.19 is vulnerable to an out-of-bounds read, which may allow an attacker to have access to unauthorized information." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125 Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03", + "refsource": "CONFIRM", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Inkscape has fixed these vulnerabilities and recommends users update to Version Inkscape 1.0 or later." + } + ], + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42702.json b/2021/42xxx/CVE-2021-42702.json index 544ad79dc73..d77aa2a2b2b 100644 --- a/2021/42xxx/CVE-2021-42702.json +++ b/2021/42xxx/CVE-2021-42702.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2022-05-12T21:42:00.000Z", "ID": "CVE-2021-42702", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Inkscape Access of Uninitialized Pointer" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Inkscape", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0.91" + } + ] + } + } + ] + }, + "vendor_name": "Inkscape" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Tran Van Khang \u2013 khangkito (VinCSS), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inkscape version 0.19 can access an uninitialized pointer, which may allow an attacker to have access to unauthorized information." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-824 Access of Uninitialized Pointer" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03", + "refsource": "CONFIRM", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Inkscape has fixed these vulnerabilities and recommends users update to Version Inkscape 1.0 or later." + } + ], + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42704.json b/2021/42xxx/CVE-2021-42704.json index 6d59d7d8b36..68a888d70d1 100644 --- a/2021/42xxx/CVE-2021-42704.json +++ b/2021/42xxx/CVE-2021-42704.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2022-05-12T21:42:00.000Z", "ID": "CVE-2021-42704", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Inkscape Out-of-bounds Write" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Inkscape", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0.91" + } + ] + } + } + ] + }, + "vendor_name": "Inkscape" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Tran Van Khang \u2013 khangkito (VinCSS), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inkscape version 0.19 is vulnerable to an out-of-bounds write, which may allow an attacker to arbitrary execute code." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787 Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03", + "refsource": "CONFIRM", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Inkscape has fixed these vulnerabilities and recommends users update to Version Inkscape 1.0 or later." + } + ], + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42848.json b/2021/42xxx/CVE-2021-42848.json index 6cd393b47a3..cf25350d6b3 100644 --- a/2021/42xxx/CVE-2021-42848.json +++ b/2021/42xxx/CVE-2021-42848.json @@ -123,8 +123,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://iknow.lenovo.com.cn/detail/dc_200017.html" + "refsource": "MISC", + "url": "https://iknow.lenovo.com.cn/detail/dc_200017.html", + "name": "https://iknow.lenovo.com.cn/detail/dc_200017.html" } ] }, diff --git a/2021/42xxx/CVE-2021-42849.json b/2021/42xxx/CVE-2021-42849.json index 24562cf1c25..b335d41aec2 100644 --- a/2021/42xxx/CVE-2021-42849.json +++ b/2021/42xxx/CVE-2021-42849.json @@ -123,8 +123,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://iknow.lenovo.com.cn/detail/dc_200017.html" + "refsource": "MISC", + "url": "https://iknow.lenovo.com.cn/detail/dc_200017.html", + "name": "https://iknow.lenovo.com.cn/detail/dc_200017.html" } ] }, diff --git a/2021/42xxx/CVE-2021-42850.json b/2021/42xxx/CVE-2021-42850.json index 35b44e406b8..70bdba52a3e 100644 --- a/2021/42xxx/CVE-2021-42850.json +++ b/2021/42xxx/CVE-2021-42850.json @@ -123,8 +123,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://iknow.lenovo.com.cn/detail/dc_200017.html" + "refsource": "MISC", + "url": "https://iknow.lenovo.com.cn/detail/dc_200017.html", + "name": "https://iknow.lenovo.com.cn/detail/dc_200017.html" } ] }, diff --git a/2021/42xxx/CVE-2021-42851.json b/2021/42xxx/CVE-2021-42851.json index 43caa23eecd..742938b8e6f 100644 --- a/2021/42xxx/CVE-2021-42851.json +++ b/2021/42xxx/CVE-2021-42851.json @@ -123,8 +123,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://iknow.lenovo.com.cn/detail/dc_200017.html" + "refsource": "MISC", + "url": "https://iknow.lenovo.com.cn/detail/dc_200017.html", + "name": "https://iknow.lenovo.com.cn/detail/dc_200017.html" } ] }, diff --git a/2021/42xxx/CVE-2021-42852.json b/2021/42xxx/CVE-2021-42852.json index a5290efefa1..aa526778b33 100644 --- a/2021/42xxx/CVE-2021-42852.json +++ b/2021/42xxx/CVE-2021-42852.json @@ -123,8 +123,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://iknow.lenovo.com.cn/detail/dc_200017.html" + "refsource": "MISC", + "url": "https://iknow.lenovo.com.cn/detail/dc_200017.html", + "name": "https://iknow.lenovo.com.cn/detail/dc_200017.html" } ] }, diff --git a/2022/0xxx/CVE-2022-0883.json b/2022/0xxx/CVE-2022-0883.json index e502ea4b161..fa82e80b2cb 100644 --- a/2022/0xxx/CVE-2022-0883.json +++ b/2022/0xxx/CVE-2022-0883.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@snowsoftware.com", "ID": "CVE-2022-0883", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Windows Unquoted/Trusted Service Paths" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snow License Manager", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_name": "9", + "version_value": "*" + } + ] + } + } + ] + }, + "vendor_name": "SNOW" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Software One" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SLM has an issue with Windows Unquoted/Trusted Service Paths Security Issue. All installations version 9.x.x prior to 9.20.1 should be patched." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-428 Unquoted Search Path or Element" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://community.snowsoftware.com/s/feed/0D5690000BsNCO6CQO", + "name": "https://community.snowsoftware.com/s/feed/0D5690000BsNCO6CQO" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Upgrade to SLM SLM 9.20.1 or later" + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1110.json b/2022/1xxx/CVE-2022-1110.json index 50efc879c74..87ee96c4933 100644 --- a/2022/1xxx/CVE-2022-1110.json +++ b/2022/1xxx/CVE-2022-1110.json @@ -79,8 +79,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://support.lenovo.com/us/en/product_security/LEN-79452" + "refsource": "MISC", + "url": "https://support.lenovo.com/us/en/product_security/LEN-79452", + "name": "https://support.lenovo.com/us/en/product_security/LEN-79452" } ] }, diff --git a/2022/1xxx/CVE-2022-1734.json b/2022/1xxx/CVE-2022-1734.json index 903fcab702b..98d3a0eed1e 100644 --- a/2022/1xxx/CVE-2022-1734.json +++ b/2022/1xxx/CVE-2022-1734.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-1734", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "kernel", + "version": { + "version_data": [ + { + "version_value": "Linux kernel versions prior to 5.18-rc6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/d270453a0d9ec10bb8a802a142fb1b3601a83098", + "url": "https://github.com/torvalds/linux/commit/d270453a0d9ec10bb8a802a142fb1b3601a83098" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine." } ] } diff --git a/2022/22xxx/CVE-2022-22787.json b/2022/22xxx/CVE-2022-22787.json index 31592529331..4ddefd3c9eb 100644 --- a/2022/22xxx/CVE-2022-22787.json +++ b/2022/22xxx/CVE-2022-22787.json @@ -4,15 +4,148 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22787", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@zoom.us", + "DATE_PUBLIC": "2022-05-17T12:00:00.000Z", + "TITLE": "Insufficient hostname validation during Clusterswitch message in Zoom Client for Meetings", + "AKA": "Zoom Video Communications Inc", + "STATE": "PUBLIC" + }, + "source": { + "defect": [], + "advisory": "", + "discovery": "USER" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Zoom Video Communications Inc", + "product": { + "product_data": [ + { + "product_name": "Zoom Client for Meetings for Android", + "version": { + "version_data": [ + { + "version_name": "", + "version_affected": "<", + "version_value": "5.10.0", + "platform": "" + } + ] + } + }, + { + "product_name": "Zoom Client for Meetings for iOS", + "version": { + "version_data": [ + { + "version_name": "", + "version_affected": "<", + "version_value": "5.10.0", + "platform": "" + } + ] + } + }, + { + "product_name": "Zoom Client for Meetings for Linux", + "version": { + "version_data": [ + { + "version_name": "", + "version_affected": "<", + "version_value": "5.10.0", + "platform": "" + } + ] + } + }, + { + "product_name": "Zoom Client for Meetings for MacOS", + "version": { + "version_data": [ + { + "version_name": "", + "version_affected": "<", + "version_value": "5.10.0", + "platform": "" + } + ] + } + }, + { + "product_name": "Zoom Client for Meetings for Windows", + "version": { + "version_data": [ + { + "version_name": "", + "version_affected": "<", + "version_value": "5.10.0", + "platform": "" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.10.0 fails to properly validate the hostname during a server switch request. This issue could be used in a more sophisticated attack to trick an unsuspecting users client to connect to a malicious server when attempting to use Zoom services." } ] - } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://explore.zoom.us/en/trust/security/security-bulletin", + "name": "https://explore.zoom.us/en/trust/security/security-bulletin" + } + ] + }, + "configuration": [], + "impact": { + "cvss": { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + } + }, + "exploit": [], + "work_around": [], + "solution": [], + "credit": [ + { + "lang": "eng", + "value": "Ivan Fratric of Google Project Zero" + } + ] } \ No newline at end of file diff --git a/2022/25xxx/CVE-2022-25161.json b/2022/25xxx/CVE-2022-25161.json index 88f3bee66f9..8315e002213 100644 --- a/2022/25xxx/CVE-2022-25161.json +++ b/2022/25xxx/CVE-2022-25161.json @@ -4,14 +4,78 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-25161", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS); Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS); Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS)", + "version": { + "version_data": [ + { + "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) Prior to 1.270" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) Prior to 1.270" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS Prior to 1.270" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS Prior to 1.270" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS Prior to 1.270" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS) Prior to 1.030" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-004_en.pdf", + "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-004_en.pdf" + }, + { + "refsource": "MISC", + "name": "https://jvn.jp/vu/JVNVU95926817/index.html", + "url": "https://jvn.jp/vu/JVNVU95926817/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS versions prior to 1.270 and Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS) versions prior to 1.030 allows a remote unauthenticated attacker to cause a DoS condition for the product's program execution or communication by sending specially crafted packets. System reset of the product is required for recovery." } ] } diff --git a/2022/25xxx/CVE-2022-25162.json b/2022/25xxx/CVE-2022-25162.json index 3f5ac258746..3046944ad99 100644 --- a/2022/25xxx/CVE-2022-25162.json +++ b/2022/25xxx/CVE-2022-25162.json @@ -4,14 +4,78 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-25162", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS); Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS); Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS)", + "version": { + "version_data": [ + { + "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) Prior to 1.270" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) Prior to 1.270" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS Prior to 1.270" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS Prior to 1.270" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS Prior to 1.270" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS) Prior to 1.030" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-004_en.pdf", + "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-004_en.pdf" + }, + { + "refsource": "MISC", + "name": "https://jvn.jp/vu/JVNVU95926817/index.html", + "url": "https://jvn.jp/vu/JVNVU95926817/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS versions prior to 1.270 and Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS) versions prior to 1.030 allows a remote unauthenticated attacker to cause a temporary DoS condition for the product's communication by sending specially crafted packets." } ] } diff --git a/2022/28xxx/CVE-2022-28924.json b/2022/28xxx/CVE-2022-28924.json index 4d3c7f70711..0c79a95a033 100644 --- a/2022/28xxx/CVE-2022-28924.json +++ b/2022/28xxx/CVE-2022-28924.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-28924", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-28924", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An information disclosure vulnerability in UniverSIS-Students before v1.5.0 allows attackers to obtain sensitive information via a crafted GET request to the endpoint /api/students/me/courses/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://suumcuique.org/blog/posts/information-disclosure-vulnerability-universis", + "refsource": "MISC", + "name": "https://suumcuique.org/blog/posts/information-disclosure-vulnerability-universis" } ] } diff --git a/2022/29xxx/CVE-2022-29445.json b/2022/29xxx/CVE-2022-29445.json index 47f2b694172..e8b40d3dcee 100644 --- a/2022/29xxx/CVE-2022-29445.json +++ b/2022/29xxx/CVE-2022-29445.json @@ -1,18 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-05-17T11:20:00.000Z", "ID": "CVE-2022-29445", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress Popup Box plugin <= 2.1.2 - Authenticated Local File Inclusion (LFI) vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Popup Box (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 2.1.2", + "version_value": "2.1.2" + } + ] + } + } + ] + }, + "vendor_name": "Wow-Company" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by 0xB9 (Patchstack Alliance)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Popup Box plugin <= 2.1.2 at WordPress." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Local File Inclusion (LFI)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/popup-box/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/popup-box/#developers" + }, + { + "name": "https://patchstack.com/database/vulnerability/popup-box/wordpress-popup-box-plugin-2-1-2-authenticated-local-file-inclusion-lfi-vulnerability", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/popup-box/wordpress-popup-box-plugin-2-1-2-authenticated-local-file-inclusion-lfi-vulnerability" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to 2.2 or higher version." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/30xxx/CVE-2022-30596.json b/2022/30xxx/CVE-2022-30596.json index 5250d4bd055..adf6d732908 100644 --- a/2022/30xxx/CVE-2022-30596.json +++ b/2022/30xxx/CVE-2022-30596.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-30596", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "patrick@puiterwijk.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "moodle", + "version": { + "version_data": [ + { + "version_value": "Affects : 4.0, 3.11 to 3.11.6, 3.10 to 3.10.10, 3.9 to 3.9.13 and earlier unsupported versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://moodle.org/mod/forum/discuss.php?d=434578", + "url": "https://moodle.org/mod/forum/discuss.php?d=434578" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2083583", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083583" + }, + { + "refsource": "MISC", + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-74204", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-74204" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk." } ] }