From 5825581b17e90f9c8d4166e80b74cbad22360a30 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 7 Oct 2022 18:00:29 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/15xxx/CVE-2020-15855.json | 50 +++++++- 2021/40xxx/CVE-2021-40158.json | 2 +- 2021/40xxx/CVE-2021-40159.json | 2 +- 2021/40xxx/CVE-2021-40162.json | 50 +++++++- 2021/40xxx/CVE-2021-40163.json | 50 +++++++- 2021/40xxx/CVE-2021-40164.json | 50 +++++++- 2021/40xxx/CVE-2021-40165.json | 50 +++++++- 2021/40xxx/CVE-2021-40166.json | 50 +++++++- 2022/21xxx/CVE-2022-21936.json | 91 ++++++++++++++- 2022/22xxx/CVE-2022-22480.json | 180 ++++++++++++++--------------- 2022/22xxx/CVE-2022-22493.json | 172 +++++++++++++-------------- 2022/26xxx/CVE-2022-26376.json | 2 +- 2022/2xxx/CVE-2022-2553.json | 15 ++- 2022/2xxx/CVE-2022-2840.json | 139 +++++++++++----------- 2022/30xxx/CVE-2022-30613.json | 182 ++++++++++++++--------------- 2022/34xxx/CVE-2022-34308.json | 204 ++++++++++++++++----------------- 2022/37xxx/CVE-2022-37885.json | 65 ++++++++++- 2022/37xxx/CVE-2022-37886.json | 65 ++++++++++- 2022/37xxx/CVE-2022-37887.json | 65 ++++++++++- 2022/37xxx/CVE-2022-37889.json | 65 ++++++++++- 2022/37xxx/CVE-2022-37890.json | 65 ++++++++++- 2022/37xxx/CVE-2022-37891.json | 65 ++++++++++- 2022/37xxx/CVE-2022-37892.json | 65 ++++++++++- 2022/38xxx/CVE-2022-38784.json | 5 + 2022/39xxx/CVE-2022-39261.json | 10 ++ 2022/39xxx/CVE-2022-39264.json | 5 + 2022/3xxx/CVE-2022-3204.json | 5 + 2022/40xxx/CVE-2022-40674.json | 5 + 2022/41xxx/CVE-2022-41291.json | 172 +++++++++++++-------------- 2022/41xxx/CVE-2022-41414.json | 56 ++++++++- 2022/41xxx/CVE-2022-41512.json | 56 ++++++++- 2022/41xxx/CVE-2022-41513.json | 56 ++++++++- 2022/41xxx/CVE-2022-41514.json | 56 ++++++++- 2022/41xxx/CVE-2022-41515.json | 56 ++++++++- 2022/42xxx/CVE-2022-42092.json | 56 ++++++++- 35 files changed, 1671 insertions(+), 611 deletions(-) diff --git a/2020/15xxx/CVE-2020-15855.json b/2020/15xxx/CVE-2020-15855.json index 52f683d1312..0cf7d82c454 100644 --- a/2020/15xxx/CVE-2020-15855.json +++ b/2020/15xxx/CVE-2020-15855.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-15855", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "patrick@puiterwijk.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "bodhi", + "version": { + "version_data": [ + { + "version_value": "bodhi 5.6.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://pyup.io/packages/pypi/bodhi/changelog#5.6.1", + "url": "https://pyup.io/packages/pypi/bodhi/changelog#5.6.1" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Two cross-site scripting vulnerabilities were fixed in Bodhi 5.6.1." } ] } diff --git a/2021/40xxx/CVE-2021-40158.json b/2021/40xxx/CVE-2021-40158.json index 8b3f1e5d8ef..4809d9f6a17 100644 --- a/2021/40xxx/CVE-2021-40158.json +++ b/2021/40xxx/CVE-2021-40158.json @@ -160,7 +160,7 @@ "description_data": [ { "lang": "eng", - "value": "A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2019 may be forced to read beyond allocated boundaries when parsing the JT file. This vulnerability can be exploited to execute arbitrary code" + "value": "A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2019 and AutoCAD 2022 may be forced to read beyond allocated boundaries when parsing the JT file. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process." } ] } diff --git a/2021/40xxx/CVE-2021-40159.json b/2021/40xxx/CVE-2021-40159.json index 537453ae9b8..d8c8311cf56 100644 --- a/2021/40xxx/CVE-2021-40159.json +++ b/2021/40xxx/CVE-2021-40159.json @@ -65,7 +65,7 @@ "description_data": [ { "lang": "eng", - "value": "An Information Disclosure vulnerability for JT files in Autodesk Inventor 2022, 2021, 2020, 2019 may lead to code execution through maliciously crafted JT files." + "value": "An Information Disclosure vulnerability for JT files in Autodesk Inventor 2022, 2021, 2020, 2019 in conjunction with other vulnerabilities may lead to code execution through maliciously crafted JT files in the context of the current process." } ] } diff --git a/2021/40xxx/CVE-2021-40162.json b/2021/40xxx/CVE-2021-40162.json index f6dc44b226d..b48dff074a1 100644 --- a/2021/40xxx/CVE-2021-40162.json +++ b/2021/40xxx/CVE-2021-40162.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-40162", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D", + "version": { + "version_data": [ + { + "version_value": "2022, 2021, 2020, 2019" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-Band Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code." } ] } diff --git a/2021/40xxx/CVE-2021-40163.json b/2021/40xxx/CVE-2021-40163.json index 3ae057772e7..e23b42eb709 100644 --- a/2021/40xxx/CVE-2021-40163.json +++ b/2021/40xxx/CVE-2021-40163.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-40163", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D", + "version": { + "version_data": [ + { + "version_value": "2022, 2021, 2020, 2019" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing component." } ] } diff --git a/2021/40xxx/CVE-2021-40164.json b/2021/40xxx/CVE-2021-40164.json index f8b5d1fd0a8..5809517c1a5 100644 --- a/2021/40xxx/CVE-2021-40164.json +++ b/2021/40xxx/CVE-2021-40164.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-40164", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D", + "version": { + "version_data": [ + { + "version_value": "2022, 2021, 2020, 2019" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap-based Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code." } ] } diff --git a/2021/40xxx/CVE-2021-40165.json b/2021/40xxx/CVE-2021-40165.json index 2b3bc609015..3299f81628d 100644 --- a/2021/40xxx/CVE-2021-40165.json +++ b/2021/40xxx/CVE-2021-40165.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-40165", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D", + "version": { + "version_data": [ + { + "version_value": "2022, 2021, 2020, 2019" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code." } ] } diff --git a/2021/40xxx/CVE-2021-40166.json b/2021/40xxx/CVE-2021-40166.json index cbc3cd71cd6..0d4c7e98c86 100644 --- a/2021/40xxx/CVE-2021-40166.json +++ b/2021/40xxx/CVE-2021-40166.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-40166", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D", + "version": { + "version_data": [ + { + "version_value": "2022, 2021, 2020, 2019" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-After-Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code." } ] } diff --git a/2022/21xxx/CVE-2022-21936.json b/2022/21xxx/CVE-2022-21936.json index b39bb38b06d..ac962b415a1 100644 --- a/2022/21xxx/CVE-2022-21936.json +++ b/2022/21xxx/CVE-2022-21936.json @@ -1,18 +1,97 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "productsecurity@jci.com", + "DATE_PUBLIC": "2022-10-04T18:52:00.000Z", "ID": "CVE-2022-21936", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Metasys MVE" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories", + "refsource": "CONFIRM", + "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories" + }, + { + "name": "ICS-CERT Advisory", + "refsource": "CERT", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-277-01" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update Metasys ADX Server version 12.0 running MVE with patch 12.0.1." + } + ], + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22480.json b/2022/22xxx/CVE-2022-22480.json index 03a46f4ff34..38b7a279a10 100644 --- a/2022/22xxx/CVE-2022-22480.json +++ b/2022/22xxx/CVE-2022-22480.json @@ -1,93 +1,93 @@ { - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6826695", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6826695 (QRadar SIEM)", - "name" : "https://www.ibm.com/support/pages/node/6826695" - }, - { - "name" : "ibm-qradar-cve202222480-info-disc (225889)", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/225889" - } - ] - }, - "data_format" : "MITRE", - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2022-22480", - "DATE_PUBLIC" : "2022-10-04T00:00:00", - "STATE" : "PUBLIC" - }, - "data_version" : "4.0", - "impact" : { - "cvssv3" : { - "BM" : { - "I" : "N", - "AC" : "H", - "S" : "U", - "UI" : "N", - "A" : "N", - "PR" : "N", - "AV" : "A", - "C" : "H", - "SCORE" : "5.300" - }, - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, - "description" : { - "description_data" : [ - { - "value" : "IBM QRadar SIEM 7.4 and 7.5 data node rebalancing does not function correctly when using encrypted hosts which could result in information disclosure. IBM X-Force ID: 225889.", - "lang" : "eng" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "references": { + "reference_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "QRadar SIEM", - "version" : { - "version_data" : [ - { - "version_value" : "7.4.0" - }, - { - "version_value" : "7.5.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "url": "https://www.ibm.com/support/pages/node/6826695", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6826695 (QRadar SIEM)", + "name": "https://www.ibm.com/support/pages/node/6826695" + }, + { + "name": "ibm-qradar-cve202222480-info-disc (225889)", + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225889" } - ] - } - }, - "data_type" : "CVE" -} + ] + }, + "data_format": "MITRE", + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2022-22480", + "DATE_PUBLIC": "2022-10-04T00:00:00", + "STATE": "PUBLIC" + }, + "data_version": "4.0", + "impact": { + "cvssv3": { + "BM": { + "I": "N", + "AC": "H", + "S": "U", + "UI": "N", + "A": "N", + "PR": "N", + "AV": "A", + "C": "H", + "SCORE": "5.300" + }, + "TM": { + "RL": "O", + "RC": "C", + "E": "U" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "value": "IBM QRadar SIEM 7.4 and 7.5 data node rebalancing does not function correctly when using encrypted hosts which could result in information disclosure. IBM X-Force ID: 225889.", + "lang": "eng" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "QRadar SIEM", + "version": { + "version_data": [ + { + "version_value": "7.4.0" + }, + { + "version_value": "7.5.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "data_type": "CVE" +} \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22493.json b/2022/22xxx/CVE-2022-22493.json index 5ffbb2cb6cf..e42cbf8713a 100644 --- a/2022/22xxx/CVE-2022-22493.json +++ b/2022/22xxx/CVE-2022-22493.json @@ -1,90 +1,90 @@ { - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6826727 (WebSphere Automation)", - "name" : "https://www.ibm.com/support/pages/node/6826727", - "url" : "https://www.ibm.com/support/pages/node/6826727", - "refsource" : "CONFIRM" - }, - { - "title" : "X-Force Vulnerability Report", - "name" : "ibm-websphere-cve202222493-csrf (226449)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/226449", - "refsource" : "XF" - } - ] - }, - "data_format" : "MITRE", - "CVE_data_meta" : { - "ID" : "CVE-2022-22493", - "DATE_PUBLIC" : "2022-10-04T00:00:00", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_version": "4.0", + "references": { + "reference_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "WebSphere Automation for Cloud Pak for Watson AIOps", - "version" : { - "version_data" : [ - { - "version_value" : "1.4.2" - } - ] - } - } - ] - } + "title": "IBM Security Bulletin 6826727 (WebSphere Automation)", + "name": "https://www.ibm.com/support/pages/node/6826727", + "url": "https://www.ibm.com/support/pages/node/6826727", + "refsource": "CONFIRM" + }, + { + "title": "X-Force Vulnerability Report", + "name": "ibm-websphere-cve202222493-csrf (226449)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226449", + "refsource": "XF" } - ] - } - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Automation for Cloud Pak for Watson AIOps 1.4.2 is vulnerable to cross-site request forgery, caused by improper cookie attribute setting. IBM X-Force ID: 226449." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + ] + }, + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-22493", + "DATE_PUBLIC": "2022-10-04T00:00:00", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "WebSphere Automation for Cloud Pak for Watson AIOps", + "version": { + "version_data": [ + { + "version_value": "1.4.2" + } + ] + } + } + ] + } + } ] - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "AV" : "N", - "A" : "N", - "UI" : "R", - "PR" : "L", - "S" : "U", - "AC" : "L", - "I" : "L", - "SCORE" : "3.500", - "C" : "N" - }, - "TM" : { - "RL" : "O", - "E" : "U", - "RC" : "C" - } - } - }, - "data_type" : "CVE" -} + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Automation for Cloud Pak for Watson AIOps 1.4.2 is vulnerable to cross-site request forgery, caused by improper cookie attribute setting. IBM X-Force ID: 226449." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "AV": "N", + "A": "N", + "UI": "R", + "PR": "L", + "S": "U", + "AC": "L", + "I": "L", + "SCORE": "3.500", + "C": "N" + }, + "TM": { + "RL": "O", + "E": "U", + "RC": "C" + } + } + }, + "data_type": "CVE" +} \ No newline at end of file diff --git a/2022/26xxx/CVE-2022-26376.json b/2022/26xxx/CVE-2022-26376.json index 3b66b45650a..dd30cc51008 100644 --- a/2022/26xxx/CVE-2022-26376.json +++ b/2022/26xxx/CVE-2022-26376.json @@ -12,7 +12,7 @@ "description_data": [ { "lang": "eng", - "value": "A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability." + "value": "A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability." } ] }, diff --git a/2022/2xxx/CVE-2022-2553.json b/2022/2xxx/CVE-2022-2553.json index 23b6ba376db..e9a1f28a9b8 100644 --- a/2022/2xxx/CVE-2022-2553.json +++ b/2022/2xxx/CVE-2022-2553.json @@ -11,21 +11,21 @@ "vendor": { "vendor_data": [ { - "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Booth", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "Booth versions after v1.0-85-gda79b8b are vulnerable. Resolved in booth v1.0-263-g35bf0b7." + "version_value": "n/a" } ] } } ] - } + }, + "vendor_name": "n/a" } ] } @@ -36,7 +36,7 @@ "description": [ { "lang": "eng", - "value": "CWE-287" + "value": "n/a" } ] } @@ -58,6 +58,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-e0a87993b8", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4T4TTXAABVUCMPUL7XQ2PH5EYYOOQZY/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-6744980220", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHDOFX7NQFH3UGZZA3SGW5SVMDDHIUVD/" } ] }, diff --git a/2022/2xxx/CVE-2022-2840.json b/2022/2xxx/CVE-2022-2840.json index 64a1b1288d6..eb1166c4c60 100644 --- a/2022/2xxx/CVE-2022-2840.json +++ b/2022/2xxx/CVE-2022-2840.json @@ -1,75 +1,80 @@ { - "CVE_data_meta": { - "ID": "CVE-2022-2840", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "Zephyr Project Manager < 3.2.5 - Multiple Unauthenticated SQLi" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "Zephyr Project Manager", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "3.2.5", - "version_value": "3.2.5" + "CVE_data_meta": { + "ID": "CVE-2022-2840", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Zephyr Project Manager < 3.2.5 - Multiple Unauthenticated SQLi" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Zephyr Project Manager", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.2.5", + "version_value": "3.2.5" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The Zephyr Project Manager WordPress plugin before 3.2.5 does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated and authenticated users, leading to SQL injections" - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "url": "https://wpscan.com/vulnerability/13d8be88-c3b7-4d6e-9792-c98b801ba53c", - "name": "https://wpscan.com/vulnerability/13d8be88-c3b7-4d6e-9792-c98b801ba53c" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-89 SQL Injection", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Zephyr Project Manager WordPress plugin before 3.2.5 does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated and authenticated users, leading to SQL injections" + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "Rizacan TUFAN" + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/13d8be88-c3b7-4d6e-9792-c98b801ba53c", + "name": "https://wpscan.com/vulnerability/13d8be88-c3b7-4d6e-9792-c98b801ba53c" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/168652/WordPress-Zephyr-Project-Manager-3.2.42-SQL-Injection.html", + "url": "http://packetstormsecurity.com/files/168652/WordPress-Zephyr-Project-Manager-3.2.42-SQL-Injection.html" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-89 SQL Injection", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Rizacan TUFAN" + } + ], + "source": { + "discovery": "EXTERNAL" } - ], - "source": { - "discovery": "EXTERNAL" - } } \ No newline at end of file diff --git a/2022/30xxx/CVE-2022-30613.json b/2022/30xxx/CVE-2022-30613.json index 86689bbca79..a1f3f9f363d 100644 --- a/2022/30xxx/CVE-2022-30613.json +++ b/2022/30xxx/CVE-2022-30613.json @@ -1,93 +1,93 @@ { - "data_type" : "CVE", - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "7.4.0" - }, - { - "version_value" : "7.5.0" - } - ] - }, - "product_name" : "QRadar SIEM" - } - ] - } - } - ] - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM QRadar SIEM 7.4 and 7.5 could disclose sensitive information via a local service to a privileged user. IBM X-Force ID: 227366.", - "lang" : "eng" - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "E" : "U", - "RC" : "C" - }, - "BM" : { - "I" : "N", - "AC" : "L", - "S" : "U", - "PR" : "H", - "A" : "N", - "UI" : "N", - "AV" : "L", - "C" : "H", - "SCORE" : "4.400" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "7.4.0" + }, + { + "version_value": "7.5.0" + } + ] + }, + "product_name": "QRadar SIEM" + } + ] + } + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6826693", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6826693 (QRadar SIEM)", - "name" : "https://www.ibm.com/support/pages/node/6826693" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/227366", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-qradar-cve202230613-info-disc (227366)" - } - ] - }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2022-10-04T00:00:00", - "ID" : "CVE-2022-30613" - }, - "data_format" : "MITRE", - "data_version" : "4.0" -} + } + }, + "description": { + "description_data": [ + { + "value": "IBM QRadar SIEM 7.4 and 7.5 could disclose sensitive information via a local service to a privileged user. IBM X-Force ID: 227366.", + "lang": "eng" + } + ] + }, + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "E": "U", + "RC": "C" + }, + "BM": { + "I": "N", + "AC": "L", + "S": "U", + "PR": "H", + "A": "N", + "UI": "N", + "AV": "L", + "C": "H", + "SCORE": "4.400" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6826693", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6826693 (QRadar SIEM)", + "name": "https://www.ibm.com/support/pages/node/6826693" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/227366", + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "name": "ibm-qradar-cve202230613-info-disc (227366)" + } + ] + }, + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2022-10-04T00:00:00", + "ID": "CVE-2022-30613" + }, + "data_format": "MITRE", + "data_version": "4.0" +} \ No newline at end of file diff --git a/2022/34xxx/CVE-2022-34308.json b/2022/34xxx/CVE-2022-34308.json index b6b45287a05..6e887892a5d 100644 --- a/2022/34xxx/CVE-2022-34308.json +++ b/2022/34xxx/CVE-2022-34308.json @@ -1,106 +1,106 @@ { - "data_version" : "4.0", - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6826645", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6826645 (CICS TX Advanced)", - "name" : "https://www.ibm.com/support/pages/node/6826645" - }, - { - "title" : "IBM Security Bulletin 6826647 (CICS TX Standard)", - "name" : "https://www.ibm.com/support/pages/node/6826647", - "url" : "https://www.ibm.com/support/pages/node/6826647", - "refsource" : "CONFIRM" - }, - { - "name" : "ibm-cics-cve202234308-dos (229437)", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/229437" - } - ] - }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2022-10-04T00:00:00", - "ID" : "CVE-2022-34308" - }, - "description" : { - "description_data" : [ - { - "value" : "IBM CICS TX 11.1 could allow a local user to cause a denial of service due to improper load handling. IBM X-Force ID: 229437.", - "lang" : "eng" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_version": "4.0", + "data_format": "MITRE", + "references": { + "reference_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "CICS TX Standard", - "version" : { - "version_data" : [ - { - "version_value" : "11.1" - } - ] - } - }, - { - "product_name" : "CICS TX Advanced", - "version" : { - "version_data" : [ - { - "version_value" : "11.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "url": "https://www.ibm.com/support/pages/node/6826645", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6826645 (CICS TX Advanced)", + "name": "https://www.ibm.com/support/pages/node/6826645" + }, + { + "title": "IBM Security Bulletin 6826647 (CICS TX Standard)", + "name": "https://www.ibm.com/support/pages/node/6826647", + "url": "https://www.ibm.com/support/pages/node/6826647", + "refsource": "CONFIRM" + }, + { + "name": "ibm-cics-cve202234308-dos (229437)", + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229437" } - ] - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + ] + }, + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2022-10-04T00:00:00", + "ID": "CVE-2022-34308" + }, + "description": { + "description_data": [ + { + "value": "IBM CICS TX 11.1 could allow a local user to cause a denial of service due to improper load handling. IBM X-Force ID: 229437.", + "lang": "eng" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CICS TX Standard", + "version": { + "version_data": [ + { + "version_value": "11.1" + } + ] + } + }, + { + "product_name": "CICS TX Advanced", + "version": { + "version_data": [ + { + "version_value": "11.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "I" : "N", - "AC" : "L", - "S" : "U", - "A" : "H", - "UI" : "N", - "PR" : "N", - "AV" : "L", - "C" : "N", - "SCORE" : "6.200" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "data_type" : "CVE" -} + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "I": "N", + "AC": "L", + "S": "U", + "A": "H", + "UI": "N", + "PR": "N", + "AV": "L", + "C": "N", + "SCORE": "6.200" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "data_type": "CVE" +} \ No newline at end of file diff --git a/2022/37xxx/CVE-2022-37885.json b/2022/37xxx/CVE-2022-37885.json index 42650218e46..3a79e0b1b85 100644 --- a/2022/37xxx/CVE-2022-37885.json +++ b/2022/37xxx/CVE-2022-37885.json @@ -4,14 +4,73 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-37885", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba Access Points; 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;", + "version": { + "version_data": [ + { + "version_value": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below" + }, + { + "version_value": "Aruba InstantOS 6.5.x: 6.5.4.23 and below" + }, + { + "version_value": "Aruba InstantOS 8.6.x: 8.6.0.18 and below" + }, + { + "version_value": "Aruba InstantOS 8.7.x: 8.7.1.9 and below" + }, + { + "version_value": "Aruba InstantOS 8.10.x: 8.10.0.1 and below" + }, + { + "version_value": "ArubaOS 10.3.x: 10.3.1.0 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities." } ] } diff --git a/2022/37xxx/CVE-2022-37886.json b/2022/37xxx/CVE-2022-37886.json index e0770441ea1..4109f7f37eb 100644 --- a/2022/37xxx/CVE-2022-37886.json +++ b/2022/37xxx/CVE-2022-37886.json @@ -4,14 +4,73 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-37886", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;", + "version": { + "version_data": [ + { + "version_value": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below" + }, + { + "version_value": "Aruba InstantOS 6.5.x: 6.5.4.23 and below" + }, + { + "version_value": "Aruba InstantOS 8.6.x: 8.6.0.18 and below" + }, + { + "version_value": "Aruba InstantOS 8.7.x: 8.7.1.9 and below" + }, + { + "version_value": "Aruba InstantOS 8.10.x: 8.10.0.1 and below" + }, + { + "version_value": "ArubaOS 10.3.x: 10.3.1.0 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities." } ] } diff --git a/2022/37xxx/CVE-2022-37887.json b/2022/37xxx/CVE-2022-37887.json index 49fa14d8352..48c83bb7a70 100644 --- a/2022/37xxx/CVE-2022-37887.json +++ b/2022/37xxx/CVE-2022-37887.json @@ -4,14 +4,73 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-37887", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;", + "version": { + "version_data": [ + { + "version_value": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below" + }, + { + "version_value": "Aruba InstantOS 6.5.x: 6.5.4.23 and below" + }, + { + "version_value": "Aruba InstantOS 8.6.x: 8.6.0.18 and below" + }, + { + "version_value": "Aruba InstantOS 8.7.x: 8.7.1.9 and below" + }, + { + "version_value": "Aruba InstantOS 8.10.x: 8.10.0.1 and below" + }, + { + "version_value": "ArubaOS 10.3.x: 10.3.1.0 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities." } ] } diff --git a/2022/37xxx/CVE-2022-37889.json b/2022/37xxx/CVE-2022-37889.json index d14280badbc..91fab307a8b 100644 --- a/2022/37xxx/CVE-2022-37889.json +++ b/2022/37xxx/CVE-2022-37889.json @@ -4,14 +4,73 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-37889", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;", + "version": { + "version_data": [ + { + "version_value": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below" + }, + { + "version_value": "Aruba InstantOS 6.5.x: 6.5.4.23 and below" + }, + { + "version_value": "Aruba InstantOS 8.6.x: 8.6.0.18 and below" + }, + { + "version_value": "Aruba InstantOS 8.7.x: 8.7.1.9 and below" + }, + { + "version_value": "Aruba InstantOS 8.10.x: 8.10.0.1 and below" + }, + { + "version_value": "ArubaOS 10.3.x: 10.3.1.0 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities." } ] } diff --git a/2022/37xxx/CVE-2022-37890.json b/2022/37xxx/CVE-2022-37890.json index d9be9e5c9eb..3a47469ad65 100644 --- a/2022/37xxx/CVE-2022-37890.json +++ b/2022/37xxx/CVE-2022-37890.json @@ -4,14 +4,73 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-37890", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;", + "version": { + "version_data": [ + { + "version_value": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below" + }, + { + "version_value": "Aruba InstantOS 6.5.x: 6.5.4.23 and below" + }, + { + "version_value": "Aruba InstantOS 8.6.x: 8.6.0.18 and below" + }, + { + "version_value": "Aruba InstantOS 8.7.x: 8.7.1.9 and below" + }, + { + "version_value": "Aruba InstantOS 8.10.x: 8.10.0.1 and below" + }, + { + "version_value": "ArubaOS 10.3.x: 10.3.1.0 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unauthenticated Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities." } ] } diff --git a/2022/37xxx/CVE-2022-37891.json b/2022/37xxx/CVE-2022-37891.json index 4f102226f26..e1fa8d6821d 100644 --- a/2022/37xxx/CVE-2022-37891.json +++ b/2022/37xxx/CVE-2022-37891.json @@ -4,14 +4,73 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-37891", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;", + "version": { + "version_data": [ + { + "version_value": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below" + }, + { + "version_value": "Aruba InstantOS 6.5.x: 6.5.4.23 and below" + }, + { + "version_value": "Aruba InstantOS 8.6.x: 8.6.0.18 and below" + }, + { + "version_value": "Aruba InstantOS 8.7.x: 8.7.1.9 and below" + }, + { + "version_value": "Aruba InstantOS 8.10.x: 8.10.0.1 and below" + }, + { + "version_value": "ArubaOS 10.3.x: 10.3.1.0 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unauthenticated Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities." } ] } diff --git a/2022/37xxx/CVE-2022-37892.json b/2022/37xxx/CVE-2022-37892.json index 24f48e68a33..c253efa5303 100644 --- a/2022/37xxx/CVE-2022-37892.json +++ b/2022/37xxx/CVE-2022-37892.json @@ -4,14 +4,73 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-37892", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;", + "version": { + "version_data": [ + { + "version_value": "Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below" + }, + { + "version_value": "Aruba InstantOS 6.5.x: 6.5.4.23 and below" + }, + { + "version_value": "Aruba InstantOS 8.6.x: 8.6.0.18 and below" + }, + { + "version_value": "Aruba InstantOS 8.7.x: 8.7.1.9 and below" + }, + { + "version_value": "Aruba InstantOS 8.10.x: 8.10.0.1 and below" + }, + { + "version_value": "ArubaOS 10.3.x: 10.3.1.0 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unauthenticated Stored Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim\u2019s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address this security vulnerability." } ] } diff --git a/2022/38xxx/CVE-2022-38784.json b/2022/38xxx/CVE-2022-38784.json index ae4da9b72b4..f8e8ba3ab58 100644 --- a/2022/38xxx/CVE-2022-38784.json +++ b/2022/38xxx/CVE-2022-38784.json @@ -110,6 +110,11 @@ "refsource": "GENTOO", "name": "GLSA-202209-21", "url": "https://security.gentoo.org/glsa/202209-21" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-f79aa2bae9", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BGY72LBJMFAKQWC2XH4MRPIGPQLXTFL6/" } ] }, diff --git a/2022/39xxx/CVE-2022-39261.json b/2022/39xxx/CVE-2022-39261.json index b0a91c0a656..2e8a4ec4944 100644 --- a/2022/39xxx/CVE-2022-39261.json +++ b/2022/39xxx/CVE-2022-39261.json @@ -104,6 +104,16 @@ "refsource": "FEDORA", "name": "FEDORA-2022-d39b2a755b", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-1695454935", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-9d8ee4a6de", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP/" } ] }, diff --git a/2022/39xxx/CVE-2022-39264.json b/2022/39xxx/CVE-2022-39264.json index 34fe6b41e08..e7258a81e43 100644 --- a/2022/39xxx/CVE-2022-39264.json +++ b/2022/39xxx/CVE-2022-39264.json @@ -96,6 +96,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-959b529587", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YBOL6OOQGPZD2RLYT4EHAWTFXNIHLYEN/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-1fd94a54a1", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TA6A5ADUVAYKD3ZFLF2JPZOTIOFJOEU7/" } ] }, diff --git a/2022/3xxx/CVE-2022-3204.json b/2022/3xxx/CVE-2022-3204.json index fe29bd79d3c..36ab0e5624a 100644 --- a/2022/3xxx/CVE-2022-3204.json +++ b/2022/3xxx/CVE-2022-3204.json @@ -70,6 +70,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-1326d2815c", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3G2HS6CYPSIGAKO6QLEZPG3RD6AMPB7B/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-164cf7837e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/35QGS5FBQTG3DBSK7QV67PA64P24ABHY/" } ] } diff --git a/2022/40xxx/CVE-2022-40674.json b/2022/40xxx/CVE-2022-40674.json index bbe47265737..a1516e2565a 100644 --- a/2022/40xxx/CVE-2022-40674.json +++ b/2022/40xxx/CVE-2022-40674.json @@ -76,6 +76,11 @@ "refsource": "GENTOO", "name": "GLSA-202209-24", "url": "https://security.gentoo.org/glsa/202209-24" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-15ec504440", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2ZKEPGFCZ7R6DRVH3K6RBJPT42ZBEG/" } ] } diff --git a/2022/41xxx/CVE-2022-41291.json b/2022/41xxx/CVE-2022-41291.json index 82e8fdb1ca6..2ae4f982fd3 100644 --- a/2022/41xxx/CVE-2022-41291.json +++ b/2022/41xxx/CVE-2022-41291.json @@ -1,90 +1,90 @@ { - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6823109", - "title" : "IBM Security Bulletin 6823109 (InfoSphere Information Server)", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6823109" - }, - { - "name" : "ibm-infosphere-cve202241291-session-fixati (236699)", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/236699" - } - ] - }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2022-41291", - "DATE_PUBLIC" : "2022-10-06T00:00:00", - "STATE" : "PUBLIC" - }, - "data_format" : "MITRE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_version": "4.0", + "references": { + "reference_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "InfoSphere Information Server", - "version" : { - "version_data" : [ - { - "version_value" : "11.7" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "name": "https://www.ibm.com/support/pages/node/6823109", + "title": "IBM Security Bulletin 6823109 (InfoSphere Information Server)", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6823109" + }, + { + "name": "ibm-infosphere-cve202241291-session-fixati (236699)", + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/236699" } - ] - } - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 236699." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + ] + }, + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2022-41291", + "DATE_PUBLIC": "2022-10-06T00:00:00", + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "InfoSphere Information Server", + "version": { + "version_data": [ + { + "version_value": "11.7" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "S" : "U", - "AC" : "L", - "I" : "L", - "A" : "L", - "UI" : "N", - "PR" : "N", - "AV" : "A", - "C" : "L", - "SCORE" : "6.300" - }, - "TM" : { - "RL" : "O", - "E" : "U", - "RC" : "C" - } - } - }, - "data_type" : "CVE" -} + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 236699." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "S": "U", + "AC": "L", + "I": "L", + "A": "L", + "UI": "N", + "PR": "N", + "AV": "A", + "C": "L", + "SCORE": "6.300" + }, + "TM": { + "RL": "O", + "E": "U", + "RC": "C" + } + } + }, + "data_type": "CVE" +} \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41414.json b/2022/41xxx/CVE-2022-41414.json index a2e6d485129..4fc916b5ee0 100644 --- a/2022/41xxx/CVE-2022-41414.json +++ b/2022/41xxx/CVE-2022-41414.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41414", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41414", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An insecure default in the component auth.login.prompt.enabled of Liferay Portal v7.0.0 through v7.4.2 allows attackers to enumerate usernames, site names, and pages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.liferay.dev/learn/security/known-vulnerabilities", + "refsource": "MISC", + "name": "https://portal.liferay.dev/learn/security/known-vulnerabilities" } ] } diff --git a/2022/41xxx/CVE-2022-41512.json b/2022/41xxx/CVE-2022-41512.json index 3b973a14476..072dc511d9e 100644 --- a/2022/41xxx/CVE-2022-41512.json +++ b/2022/41xxx/CVE-2022-41512.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41512", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41512", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An arbitrary file upload vulnerability in the component /php_action/editFile.php of Online Diagnostic Lab Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/TGAyouman/bug_report/blob/main/vendors/mayuri_k/online-diagnostic-lab-management-system/RCE-1.md", + "url": "https://github.com/TGAyouman/bug_report/blob/main/vendors/mayuri_k/online-diagnostic-lab-management-system/RCE-1.md" } ] } diff --git a/2022/41xxx/CVE-2022-41513.json b/2022/41xxx/CVE-2022-41513.json index 1c3b38e12a6..1c472eb47ea 100644 --- a/2022/41xxx/CVE-2022-41513.json +++ b/2022/41xxx/CVE-2022-41513.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41513", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41513", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /diagnostic/edittest.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/TGAyouman/bug_report/blob/main/vendors/mayuri_k/online-diagnostic-lab-management-system/SQLi-1.md", + "url": "https://github.com/TGAyouman/bug_report/blob/main/vendors/mayuri_k/online-diagnostic-lab-management-system/SQLi-1.md" } ] } diff --git a/2022/41xxx/CVE-2022-41514.json b/2022/41xxx/CVE-2022-41514.json index ad70b0625a8..96e291b9c68 100644 --- a/2022/41xxx/CVE-2022-41514.json +++ b/2022/41xxx/CVE-2022-41514.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41514", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41514", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_loan." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/TGAyouman/bug_report/blob/main/vendors/mayuri_k/open-source-sacco-management-system/SQLi-1.md", + "url": "https://github.com/TGAyouman/bug_report/blob/main/vendors/mayuri_k/open-source-sacco-management-system/SQLi-1.md" } ] } diff --git a/2022/41xxx/CVE-2022-41515.json b/2022/41xxx/CVE-2022-41515.json index 902916ef6e9..58bd205cf04 100644 --- a/2022/41xxx/CVE-2022-41515.json +++ b/2022/41xxx/CVE-2022-41515.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41515", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41515", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_payment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/TGAyouman/bug_report/blob/main/vendors/mayuri_k/open-source-sacco-management-system/SQLi-2.md", + "url": "https://github.com/TGAyouman/bug_report/blob/main/vendors/mayuri_k/open-source-sacco-management-system/SQLi-2.md" } ] } diff --git a/2022/42xxx/CVE-2022-42092.json b/2022/42xxx/CVE-2022-42092.json index 2350ccd629c..debb4b54677 100644 --- a/2022/42xxx/CVE-2022-42092.json +++ b/2022/42xxx/CVE-2022-42092.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-42092", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-42092", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via 'themes' that allows attackers to Remote Code Execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://grimthereaperteam.medium.com/backdrop-cms-1-22-0-unrestricted-file-upload-themes-ad42a599561c", + "refsource": "MISC", + "name": "https://grimthereaperteam.medium.com/backdrop-cms-1-22-0-unrestricted-file-upload-themes-ad42a599561c" } ] }