diff --git a/2021/40xxx/CVE-2021-40660.json b/2021/40xxx/CVE-2021-40660.json index dabe0ad6b01..cbabea65bae 100644 --- a/2021/40xxx/CVE-2021-40660.json +++ b/2021/40xxx/CVE-2021-40660.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-40660", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-40660", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Delight Nashorn Sandbox 0.2.0. There is an ReDoS vulnerability that can be exploited to launching a denial of service (DoS) attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/javadelight/delight-nashorn-sandbox/issues/117", + "refsource": "MISC", + "name": "https://github.com/javadelight/delight-nashorn-sandbox/issues/117" } ] } diff --git a/2022/27xxx/CVE-2022-27889.json b/2022/27xxx/CVE-2022-27889.json index d856a37646b..9764991fa18 100644 --- a/2022/27xxx/CVE-2022-27889.json +++ b/2022/27xxx/CVE-2022-27889.json @@ -43,7 +43,7 @@ "description_data": [ { "lang": "eng", - "value": "The Multipass service was found to have code paths that could be abused to cause a denial of service for authentication or authorization operations. A malicious attacker could perform an application-level denial of service attack, potentially causing authentication and/or authorization operations to fail for the duration of the attack. This could lead to performance degradation or login failures for customer Palantir Foundry environments. This vulnerability is resolved in Multipass 3.647.0.\n\nThis issue affects:\nPalantir Foundry Multipass\nversions prior to 3.647.0." + "value": "The Multipass service was found to have code paths that could be abused to cause a denial of service for authentication or authorization operations. A malicious attacker could perform an application-level denial of service attack, potentially causing authentication and/or authorization operations to fail for the duration of the attack. This could lead to performance degradation or login failures for customer Palantir Foundry environments. This vulnerability is resolved in Multipass 3.647.0. This issue affects: Palantir Foundry Multipass versions prior to 3.647.0." } ] }, @@ -81,8 +81,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-02.md" + "refsource": "MISC", + "url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-02.md", + "name": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-02.md" } ] }, @@ -90,4 +91,4 @@ "advisory": "PLTRSEC-2022-02", "discovery": "USER" } -} +} \ No newline at end of file diff --git a/2022/31xxx/CVE-2022-31308.json b/2022/31xxx/CVE-2022-31308.json index b206fd074fe..ecfc08061d2 100644 --- a/2022/31xxx/CVE-2022-31308.json +++ b/2022/31xxx/CVE-2022-31308.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-31308", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-31308", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in live_mfg.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.191012 allows attackers to obtain sensitive router information via execution of the exec cmd function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/pghuanghui/CVE_Request/blob/main/WAVLINK%20AC1200.md", + "refsource": "MISC", + "name": "https://github.com/pghuanghui/CVE_Request/blob/main/WAVLINK%20AC1200.md" } ] } diff --git a/2022/31xxx/CVE-2022-31309.json b/2022/31xxx/CVE-2022-31309.json index 0b430c77e1d..7f5e578bf10 100644 --- a/2022/31xxx/CVE-2022-31309.json +++ b/2022/31xxx/CVE-2022-31309.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-31309", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-31309", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in live_check.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to obtain sensitive router information via execution of the exec cmd function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/pghuanghui/CVE_Request/blob/main/WAVLINK%20AC1200_check_live.md", + "refsource": "MISC", + "name": "https://github.com/pghuanghui/CVE_Request/blob/main/WAVLINK%20AC1200_check_live.md" } ] } diff --git a/2022/31xxx/CVE-2022-31311.json b/2022/31xxx/CVE-2022-31311.json index 881b59ce359..e221392f400 100644 --- a/2022/31xxx/CVE-2022-31311.json +++ b/2022/31xxx/CVE-2022-31311.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-31311", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-31311", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in adm.cgi of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to execute arbitrary commands via a crafted POST request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/pghuanghui/CVE_Request/blob/main/AERIAL%20X%201200_Command%20Execution%20Vulnerability.md", + "refsource": "MISC", + "name": "https://github.com/pghuanghui/CVE_Request/blob/main/AERIAL%20X%201200_Command%20Execution%20Vulnerability.md" } ] } diff --git a/2022/31xxx/CVE-2022-31845.json b/2022/31xxx/CVE-2022-31845.json index 5439454160b..4da3fd16b3e 100644 --- a/2022/31xxx/CVE-2022-31845.json +++ b/2022/31xxx/CVE-2022-31845.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-31845", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-31845", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in live_check.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/pghuanghui/CVE_Request/blob/main/WAVLINK%20WN535%20G3__check_live.md", + "refsource": "MISC", + "name": "https://github.com/pghuanghui/CVE_Request/blob/main/WAVLINK%20WN535%20G3__check_live.md" + }, + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30489", + "refsource": "MISC", + "name": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30489" } ] } diff --git a/2022/31xxx/CVE-2022-31846.json b/2022/31xxx/CVE-2022-31846.json index 44cc97f7891..128b3d9d88a 100644 --- a/2022/31xxx/CVE-2022-31846.json +++ b/2022/31xxx/CVE-2022-31846.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-31846", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-31846", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in live_mfg.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30489", + "refsource": "MISC", + "name": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30489" + }, + { + "url": "https://github.com/pghuanghui/CVE_Request/blob/main/WAVLINK%20WN535%20G3__live_mfg.md", + "refsource": "MISC", + "name": "https://github.com/pghuanghui/CVE_Request/blob/main/WAVLINK%20WN535%20G3__live_mfg.md" } ] } diff --git a/2022/31xxx/CVE-2022-31847.json b/2022/31xxx/CVE-2022-31847.json index 21940a9fa72..001818c2325 100644 --- a/2022/31xxx/CVE-2022-31847.json +++ b/2022/31xxx/CVE-2022-31847.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-31847", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-31847", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN579 X3 M79X3.V5030.180719 allows attackers to obtain sensitive router information via a crafted POST request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/pghuanghui/CVE_Request/blob/main/WAVLINK%20WN579%20X3__Sensitive%20information%20leakage.md", + "refsource": "MISC", + "name": "https://github.com/pghuanghui/CVE_Request/blob/main/WAVLINK%20WN579%20X3__Sensitive%20information%20leakage.md" } ] } diff --git a/2022/32xxx/CVE-2022-32336.json b/2022/32xxx/CVE-2022-32336.json index b0e68d86f4f..6bc7edcf304 100644 --- a/2022/32xxx/CVE-2022-32336.json +++ b/2022/32xxx/CVE-2022-32336.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-32336", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-32336", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/menus/view_menu.php?id=." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/fast-food-ordering-system/SQLi-6.md", + "url": "https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/fast-food-ordering-system/SQLi-6.md" } ] }