diff --git a/2021/43xxx/CVE-2021-43702.json b/2021/43xxx/CVE-2021-43702.json index 1ae92a39d7e..b0e7603784a 100644 --- a/2021/43xxx/CVE-2021-43702.json +++ b/2021/43xxx/CVE-2021-43702.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-43702", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-43702", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.asus.com/uk/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AC88U/", + "refsource": "MISC", + "name": "https://www.asus.com/uk/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AC88U/" + }, + { + "refsource": "MISC", + "name": "https://www.kroll.com/en/insights/publications/cyber/cve-2021-43702-from-discovery-to-patch", + "url": "https://www.kroll.com/en/insights/publications/cyber/cve-2021-43702-from-discovery-to-patch" } ] } diff --git a/2022/2xxx/CVE-2022-2274.json b/2022/2xxx/CVE-2022-2274.json index 7f5cf7d7c6e..1b95a73c8b5 100644 --- a/2022/2xxx/CVE-2022-2274.json +++ b/2022/2xxx/CVE-2022-2274.json @@ -76,6 +76,11 @@ "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4d8a88c134df634ba610ff8db1eb8478ac5fd345", "refsource": "CONFIRM", "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4d8a88c134df634ba610ff8db1eb8478ac5fd345" + }, + { + "refsource": "CONFIRM", + "name": "https://www.openssl.org/news/secadv/20220705.txt", + "url": "https://www.openssl.org/news/secadv/20220705.txt" } ] } diff --git a/2022/30xxx/CVE-2022-30289.json b/2022/30xxx/CVE-2022-30289.json index 7ae327fd835..ac66b7de058 100644 --- a/2022/30xxx/CVE-2022-30289.json +++ b/2022/30xxx/CVE-2022-30289.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-30289", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-30289", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored Cross-site Scripting (XSS) vulnerability was identified in the Data Import functionality of OpenCTI through 5.2.4. An attacker can abuse the vulnerability to upload a malicious file that will then be executed by a victim when they open the file location." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/OpenCTI-Platform/opencti/releases", + "refsource": "MISC", + "name": "https://github.com/OpenCTI-Platform/opencti/releases" + }, + { + "refsource": "MISC", + "name": "https://www.enisa.europa.eu/topics/threat-risk-management/vulnerability-disclosure", + "url": "https://www.enisa.europa.eu/topics/threat-risk-management/vulnerability-disclosure" } ] } diff --git a/2022/30xxx/CVE-2022-30330.json b/2022/30xxx/CVE-2022-30330.json index 3f71c9234e5..038eaeeccad 100644 --- a/2022/30xxx/CVE-2022-30330.json +++ b/2022/30xxx/CVE-2022-30330.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "In the KeepKey firmware before 7.3.2, the bootloader can be exploited in unusual situations in which the attacker has physical access, convinces the victim to install malicious firmware, or has unspecified other capabilities. lib/board/supervise.c mishandles svhandler_flash_* address range checks. If exploited, any installed malware could persist even after wiping the device and resetting the firmware." + "value": "In the KeepKey firmware before 7.3.2,Flaws in the supervisor interface can be exploited to bypass important security restrictions on firmware operations. Using these flaws, malicious firmware code can elevate privileges, permanently make the device inoperable or overwrite the trusted bootloader code to compromise the hardware wallet across reboots or storage wipes." } ] },