diff --git a/2016/10xxx/CVE-2016-10541.json b/2016/10xxx/CVE-2016-10541.json index d1b25131b26..6c6749f63b3 100644 --- a/2016/10xxx/CVE-2016-10541.json +++ b/2016/10xxx/CVE-2016-10541.json @@ -57,6 +57,11 @@ "name": "https://nodesecurity.io/advisories/117", "refsource": "MISC", "url": "https://nodesecurity.io/advisories/117" + }, + { + "refsource": "MISC", + "name": "https://github.com/advisories/GHSA-qg8p-v9q4-gh34", + "url": "https://github.com/advisories/GHSA-qg8p-v9q4-gh34" } ] } diff --git a/2022/30xxx/CVE-2022-30529.json b/2022/30xxx/CVE-2022-30529.json index aa5e849b41c..8622de73403 100644 --- a/2022/30xxx/CVE-2022-30529.json +++ b/2022/30xxx/CVE-2022-30529.json @@ -5,13 +5,62 @@ "CVE_data_meta": { "ID": "CVE-2022-30529", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/asith-eranga/isic", + "url": "https://github.com/asith-eranga/isic" + }, + { + "refsource": "MISC", + "name": "https://github.com/killmonday/isic.lk-RCE", + "url": "https://github.com/killmonday/isic.lk-RCE" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "File upload vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to upload arbitrary files via /system/application/libs/js/tinymce/plugins/filemanager/dialog.php and /system/application/libs/js/tinymce/plugins/filemanager/upload.php." } ] } diff --git a/2022/33xxx/CVE-2022-33321.json b/2022/33xxx/CVE-2022-33321.json index a39d68a8eaf..6f2b2acb08e 100644 --- a/2022/33xxx/CVE-2022-33321.json +++ b/2022/33xxx/CVE-2022-33321.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "ID": "CVE-2022-33321", + "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Mitsubishi Electric consumer electronics products (PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Conditioning, Induction hob, Mitsubishi Electric HEMS Energy Measurement Unit, Refrigerator, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch, Ventilating Fan, Range hood fan, Energy Measurement Unit and Air Purifier)", - "version": { - "version_data": [ - { - "version_value": "Wide rande of models/versions of the products listed on the left are affected by this vulnerability.\nAs for the affected products models/versions, see the Mitsubishi Electric's advisory which is listed in [Reference] section." - } - ] - } - } - ] - }, - "vendor_name": "Mitsubishi Electric Corporation" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -38,35 +15,65 @@ } ] }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-319 Cleartext Transmission of Sensitive Information" + "value": "CWE-319 Cleartext Transmission of Sensitive Information", + "cweId": "CWE-319" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mitsubishi Electric Corporation", + "product": { + "product_data": [ + { + "product_name": "Mitsubishi Electric consumer electronics products (PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Conditioning, Induction hob, Mitsubishi Electric HEMS Energy Measurement Unit, Refrigerator, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch, Ventilating Fan, Range hood fan, Energy Measurement Unit and Air Purifier)", + "version": { + "version_data": [ + { + "version_value": "Wide rande of models/versions of the products listed on the left are affected by this vulnerability.As for the affected products models/versions, see the Mitsubishi Electric's advisory which is listed in [Reference] section.", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "refsource": "MISC", "url": "https://jvn.jp/vu/JVNVU96767562/index.html", + "refsource": "MISC", "name": "https://jvn.jp/vu/JVNVU96767562/index.html" }, { - "refsource": "MISC", "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-010_en.pdf", + "refsource": "MISC", "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-010_en.pdf" + }, + { + "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2022-010.pdf", + "refsource": "MISC", + "name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2022-010.pdf" } ] }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, "source": { "discovery": "UNKNOWN" } diff --git a/2022/33xxx/CVE-2022-33322.json b/2022/33xxx/CVE-2022-33322.json index 0100f466d11..29819c6358c 100644 --- a/2022/33xxx/CVE-2022-33322.json +++ b/2022/33xxx/CVE-2022-33322.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "ID": "CVE-2022-33322", + "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Mitsubishi Electric consumer electronics products (Air Conditioning, Wi-Fi Interface, Refrigerator, HEMS adapter, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch and Air Purifier)", - "version": { - "version_data": [ - { - "version_value": "Wide rande of models/versions of the products listed on the left are affected by this vulnerability.\nAs for the affected products models/versions, see the Mitsubishi Electric's advisory which is listed in [Reference] section." - } - ] - } - } - ] - }, - "vendor_name": "Mitsubishi Electric Corporation" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -38,35 +15,65 @@ } ] }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-79 Cross-site Scripting (XSS)" + "value": "CWE-79 Cross-site Scripting (XSS)", + "cweId": "CWE-79" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mitsubishi Electric Corporation", + "product": { + "product_data": [ + { + "product_name": "Mitsubishi Electric consumer electronics products (Air Conditioning, Wi-Fi Interface, Refrigerator, HEMS adapter, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch and Air Purifier)", + "version": { + "version_data": [ + { + "version_value": "Wide rande of models/versions of the products listed on the left are affected by this vulnerability.As for the affected products models/versions, see the Mitsubishi Electric's advisory which is listed in [Reference] section.", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "refsource": "MISC", "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-011_en.pdf", + "refsource": "MISC", "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-011_en.pdf" }, { - "refsource": "MISC", "url": "https://jvn.jp/vu/JVNVU96767562/index.html", + "refsource": "MISC", "name": "https://jvn.jp/vu/JVNVU96767562/index.html" + }, + { + "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2022-011.pdf", + "refsource": "MISC", + "name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2022-011.pdf" } ] }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, "source": { "discovery": "UNKNOWN" } diff --git a/2022/36xxx/CVE-2022-36179.json b/2022/36xxx/CVE-2022-36179.json index 219936a4e49..37dcedfeea3 100644 --- a/2022/36xxx/CVE-2022-36179.json +++ b/2022/36xxx/CVE-2022-36179.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-36179", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-36179", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Fusiondirectory 1.3 suffers from Improper Session Handling." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://fusiondirectory.com", + "refsource": "MISC", + "name": "http://fusiondirectory.com" + }, + { + "refsource": "MISC", + "name": "https://yoroi.company/research/cve-advisory-full-disclosure-multiple-vulnerabilities/", + "url": "https://yoroi.company/research/cve-advisory-full-disclosure-multiple-vulnerabilities/" } ] } diff --git a/2022/36xxx/CVE-2022-36180.json b/2022/36xxx/CVE-2022-36180.json index 7019b7b3d88..eaf2543b1e9 100644 --- a/2022/36xxx/CVE-2022-36180.json +++ b/2022/36xxx/CVE-2022-36180.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-36180", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-36180", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /fusiondirectory/index.php?message=[injection], /fusiondirectory/index.php?message=invalidparameter&plug={Injection], /fusiondirectory/index.php?signout=1&message=[injection]&plug=106." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://fusiondirectory.com", + "refsource": "MISC", + "name": "http://fusiondirectory.com" + }, + { + "refsource": "MISC", + "name": "https://yoroi.company/research/cve-advisory-full-disclosure-multiple-vulnerabilities/", + "url": "https://yoroi.company/research/cve-advisory-full-disclosure-multiple-vulnerabilities/" } ] } diff --git a/2022/40xxx/CVE-2022-40765.json b/2022/40xxx/CVE-2022-40765.json index 09e7bcb5dfd..cac4c57fcf8 100644 --- a/2022/40xxx/CVE-2022-40765.json +++ b/2022/40xxx/CVE-2022-40765.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-40765", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-40765", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with internal network access to conduct a command-injection attack, due to insufficient restriction of URL parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mitel.com/support/security-advisories", + "refsource": "MISC", + "name": "https://www.mitel.com/support/security-advisories" + }, + { + "refsource": "MISC", + "name": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0007", + "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0007" } ] } diff --git a/2022/40xxx/CVE-2022-40842.json b/2022/40xxx/CVE-2022-40842.json index d92f405cb55..f0f4bebb3e2 100644 --- a/2022/40xxx/CVE-2022-40842.json +++ b/2022/40xxx/CVE-2022-40842.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-40842", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-40842", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Server-side request forgery (SSRF) via rotateimg.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://ndkadvancedcustomizationfields.com", + "refsource": "MISC", + "name": "http://ndkadvancedcustomizationfields.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/daaaalllii/cve-s/blob/main/CVE-2022-40842/poc.txt", + "url": "https://github.com/daaaalllii/cve-s/blob/main/CVE-2022-40842/poc.txt" } ] } diff --git a/2022/41xxx/CVE-2022-41223.json b/2022/41xxx/CVE-2022-41223.json index 67cb3eda271..153d8fa2529 100644 --- a/2022/41xxx/CVE-2022-41223.json +++ b/2022/41xxx/CVE-2022-41223.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41223", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41223", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient restrictions on the database data type." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mitel.com/support/security-advisories", + "refsource": "MISC", + "name": "https://www.mitel.com/support/security-advisories" + }, + { + "refsource": "MISC", + "name": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0008", + "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0008" } ] } diff --git a/2022/41xxx/CVE-2022-41326.json b/2022/41xxx/CVE-2022-41326.json index 0aefdd0deb6..30a48c7488a 100644 --- a/2022/41xxx/CVE-2022-41326.json +++ b/2022/41xxx/CVE-2022-41326.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41326", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41326", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due to improper authorization controls. A successful exploit could allow remote code execution within the context of the application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mitel.com/support/security-advisories", + "refsource": "MISC", + "name": "https://www.mitel.com/support/security-advisories" + }, + { + "refsource": "MISC", + "name": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0009", + "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0009" } ] } diff --git a/2022/41xxx/CVE-2022-41936.json b/2022/41xxx/CVE-2022-41936.json index 6d963e9d639..a7e9a64aa08 100644 --- a/2022/41xxx/CVE-2022-41936.json +++ b/2022/41xxx/CVE-2022-41936.json @@ -41,7 +41,7 @@ "description_data": [ { "lang": "eng", - "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The `modifications` rest endpoint does not filter out entries according to the user's rights. Therefore, information hidden from unauthorized users are exposed though the `modifications` rest endpoint (comments and page names etc). Users should upgrade to XWiki 14.6+, 14.4.3+, or 13.10.8+. Older versions have not been patched. There are no known workarounds." + "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The `modifications` rest endpoint does not filter out entries according to the user's rights. Therefore, information hidden from unauthorized users are exposed though the `modifications` rest endpoint (comments and page names etc). Users should upgrade to XWiki 14.6+, 14.4.3+, or 13.10.8+. Older versions have not been patched. There are no known workarounds." } ] }, diff --git a/2022/41xxx/CVE-2022-41940.json b/2022/41xxx/CVE-2022-41940.json index f24eb2e86a9..c92b3778139 100644 --- a/2022/41xxx/CVE-2022-41940.json +++ b/2022/41xxx/CVE-2022-41940.json @@ -38,7 +38,7 @@ "description_data": [ { "lang": "eng", - "value": "Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the engine.io package, including those who uses depending packages like socket.io. There is no known workaround except upgrading to a safe version. There are patches for this issue released in versions 3.6.1 and 6.2.1.\n\n" + "value": "Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the engine.io package, including those who uses depending packages like socket.io. There is no known workaround except upgrading to a safe version. There are patches for this issue released in versions 3.6.1 and 6.2.1." } ] }, diff --git a/2022/43xxx/CVE-2022-43214.json b/2022/43xxx/CVE-2022-43214.json index f3a249a82e6..83ef2b07217 100644 --- a/2022/43xxx/CVE-2022-43214.json +++ b/2022/43xxx/CVE-2022-43214.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-43214", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-43214", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at printOrder.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sourcecodester.com/php/14831/billing-system-project-php-source-code-free-download.html", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/php/14831/billing-system-project-php-source-code-free-download.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/Qrayyy/CVE/blob/main/Billing%20System%20Project%20v1.0/CVE-2022-43214(sql%20in%20printOrder.php).md", + "url": "https://github.com/Qrayyy/CVE/blob/main/Billing%20System%20Project%20v1.0/CVE-2022-43214(sql%20in%20printOrder.php).md" } ] } diff --git a/2022/43xxx/CVE-2022-43215.json b/2022/43xxx/CVE-2022-43215.json index aba64c5cc42..a3debeff92f 100644 --- a/2022/43xxx/CVE-2022-43215.json +++ b/2022/43xxx/CVE-2022-43215.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-43215", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-43215", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the endDate parameter at getOrderReport.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sourcecodester.com/php/14831/billing-system-project-php-source-code-free-download.html", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/php/14831/billing-system-project-php-source-code-free-download.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/Qrayyy/CVE/blob/main/Billing%20System%20Project%20v1.0/CVE-2022-43215(sql%20in%20getOrderReport.php).md", + "url": "https://github.com/Qrayyy/CVE/blob/main/Billing%20System%20Project%20v1.0/CVE-2022-43215(sql%20in%20getOrderReport.php).md" } ] } diff --git a/2022/43xxx/CVE-2022-43685.json b/2022/43xxx/CVE-2022-43685.json index ba3fc8f347d..28f358caed2 100644 --- a/2022/43xxx/CVE-2022-43685.json +++ b/2022/43xxx/CVE-2022-43685.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-43685", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-43685", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. This allows a user to take over an existing account including superuser accounts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://ckan.org/", + "refsource": "MISC", + "name": "https://ckan.org/" + }, + { + "refsource": "MISC", + "name": "https://ckan.org/blog/get-latest-patch-releases-your-ckan-site-october-2022", + "url": "https://ckan.org/blog/get-latest-patch-releases-your-ckan-site-october-2022" } ] }