diff --git a/2021/41xxx/CVE-2021-41714.json b/2021/41xxx/CVE-2021-41714.json index b37ee259ea1..6c10d7574d1 100644 --- a/2021/41xxx/CVE-2021-41714.json +++ b/2021/41xxx/CVE-2021-41714.json @@ -1,18 +1,86 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-41714", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-41714", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Tipask < 3.5.9, path parameters entered by the user are not validated when downloading attachments, a registered user can download arbitrary files on the Tipask server such as .env, /etc/passwd, laravel.log, causing infomation leakage." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.yuque.com/henry-weply/penetration/fza5hm", + "refsource": "MISC", + "name": "https://www.yuque.com/henry-weply/penetration/fza5hm" + }, + { + "url": "https://github.com/sdfsky/tipask/blob/c4e6aa9f6017c9664780570016954c0922d203b7/app/Http/Controllers/AttachController.php#L42", + "refsource": "MISC", + "name": "https://github.com/sdfsky/tipask/blob/c4e6aa9f6017c9664780570016954c0922d203b7/app/Http/Controllers/AttachController.php#L42" + }, + { + "url": "https://github.com/sdfsky/tipask/commit/9b5f13d1708e9a5dc0959cb8a97be1c32b94ca69", + "refsource": "MISC", + "name": "https://github.com/sdfsky/tipask/commit/9b5f13d1708e9a5dc0959cb8a97be1c32b94ca69" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:L/S:C/UI:N", + "version": "3.1" + } } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1833.json b/2022/1xxx/CVE-2022-1833.json new file mode 100644 index 00000000000..0eeafe0e69c --- /dev/null +++ b/2022/1xxx/CVE-2022-1833.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-1833", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1834.json b/2022/1xxx/CVE-2022-1834.json new file mode 100644 index 00000000000..223094ac3ab --- /dev/null +++ b/2022/1xxx/CVE-2022-1834.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-1834", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/23xxx/CVE-2022-23626.json b/2022/23xxx/CVE-2022-23626.json index 4ea7c48ff9a..8d5ffe61b76 100644 --- a/2022/23xxx/CVE-2022-23626.json +++ b/2022/23xxx/CVE-2022-23626.json @@ -78,6 +78,11 @@ "name": "https://github.com/m1k1o/blog/commit/6f5e59f1401c4a3cf2e518aa85b231ea14e8a2ef", "refsource": "MISC", "url": "https://github.com/m1k1o/blog/commit/6f5e59f1401c4a3cf2e518aa85b231ea14e8a2ef" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/167235/m1k1os-Blog-1.3-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/167235/m1k1os-Blog-1.3-Remote-Code-Execution.html" } ] }, diff --git a/2022/24xxx/CVE-2022-24780.json b/2022/24xxx/CVE-2022-24780.json index 0fb86e34315..020407647fa 100644 --- a/2022/24xxx/CVE-2022-24780.json +++ b/2022/24xxx/CVE-2022-24780.json @@ -93,6 +93,11 @@ "name": "https://markus-krell.de/itop-template-injection-inside-customer-portal/", "refsource": "MISC", "url": "https://markus-krell.de/itop-template-injection-inside-customer-portal/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/167236/iTop-Remote-Command-Execution.html", + "url": "http://packetstormsecurity.com/files/167236/iTop-Remote-Command-Execution.html" } ] }, diff --git a/2022/27xxx/CVE-2022-27224.json b/2022/27xxx/CVE-2022-27224.json index 3e8074a7a1b..d5649b22ce1 100644 --- a/2022/27xxx/CVE-2022-27224.json +++ b/2022/27xxx/CVE-2022-27224.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://gist.github.com/somerandomdudeonetheinternet/2caeb201e249160fa82204ef640c8cdf", "url": "https://gist.github.com/somerandomdudeonetheinternet/2caeb201e249160fa82204ef640c8cdf" + }, + { + "refsource": "MISC", + "name": "https://www.pentestpartners.com/security-blog/galleon-nts-6002-gps-command-injection-vulnerability-cve-2022-27224/", + "url": "https://www.pentestpartners.com/security-blog/galleon-nts-6002-gps-command-injection-vulnerability-cve-2022-27224/" } ] } diff --git a/2022/28xxx/CVE-2022-28932.json b/2022/28xxx/CVE-2022-28932.json index b891420b191..b4a02cfd475 100644 --- a/2022/28xxx/CVE-2022-28932.json +++ b/2022/28xxx/CVE-2022-28932.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-28932", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-28932", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "D-Link DSL-G2452DG HW:T1\\\\tFW:ME_2.00 was discovered to contain insecure permissions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://d-link.com", + "refsource": "MISC", + "name": "http://d-link.com" + }, + { + "url": "https://www.dlink.com/en/security-bulletin/", + "refsource": "MISC", + "name": "https://www.dlink.com/en/security-bulletin/" + }, + { + "url": "http://dsl-g2452dg.com", + "refsource": "MISC", + "name": "http://dsl-g2452dg.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/1759134370/iot/blob/main/dsl", + "url": "https://github.com/1759134370/iot/blob/main/dsl" } ] } diff --git a/2022/29xxx/CVE-2022-29004.json b/2022/29xxx/CVE-2022-29004.json index 3b5bcffe7d4..0af4a2edead 100644 --- a/2022/29xxx/CVE-2022-29004.json +++ b/2022/29xxx/CVE-2022-29004.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-29004", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-29004", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Diary Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name parameter in search-result.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://phpgurukul.com", + "refsource": "MISC", + "name": "http://phpgurukul.com" + }, + { + "url": "https://phpgurukul.com/e-diary-management-system-using-php-and-mysql/", + "refsource": "MISC", + "name": "https://phpgurukul.com/e-diary-management-system-using-php-and-mysql/" + }, + { + "refsource": "MISC", + "name": "https://github.com/sudoninja-noob/CVE-2022-29004/blob/main/CVE-2022-29004.txt", + "url": "https://github.com/sudoninja-noob/CVE-2022-29004/blob/main/CVE-2022-29004.txt" } ] } diff --git a/2022/29xxx/CVE-2022-29005.json b/2022/29xxx/CVE-2022-29005.json index 8b41aade28a..8b5c430e327 100644 --- a/2022/29xxx/CVE-2022-29005.json +++ b/2022/29xxx/CVE-2022-29005.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-29005", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-29005", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the component /obcs/user/profile.php of Online Birth Certificate System v1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname or lname parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://phpgurukul.com/online-birth-certificate-system-using-php-and-mysql/", + "refsource": "MISC", + "name": "https://phpgurukul.com/online-birth-certificate-system-using-php-and-mysql/" + }, + { + "url": "http://online.com", + "refsource": "MISC", + "name": "http://online.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/sudoninja-noob/CVE-2022-29005/blob/main/CVE-2022-29005.txt", + "url": "https://github.com/sudoninja-noob/CVE-2022-29005/blob/main/CVE-2022-29005.txt" } ] } diff --git a/2022/29xxx/CVE-2022-29009.json b/2022/29xxx/CVE-2022-29009.json index 30c7f5bf384..381185f4e6a 100644 --- a/2022/29xxx/CVE-2022-29009.json +++ b/2022/29xxx/CVE-2022-29009.json @@ -56,6 +56,11 @@ "url": "https://www.exploit-db.com/exploits/50355", "refsource": "MISC", "name": "https://www.exploit-db.com/exploits/50355" + }, + { + "refsource": "MISC", + "name": "https://github.com/sudoninja-noob/CVE-2022-29009/blob/main/CVE-2022-29009.txt", + "url": "https://github.com/sudoninja-noob/CVE-2022-29009/blob/main/CVE-2022-29009.txt" } ] } diff --git a/2022/30xxx/CVE-2022-30014.json b/2022/30xxx/CVE-2022-30014.json index 76a8c62afb1..e7dd5e45fdd 100644 --- a/2022/30xxx/CVE-2022-30014.json +++ b/2022/30xxx/CVE-2022-30014.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-30014", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-30014", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Lumidek Associates Simple Food Website 1.0 is vulnerable to Cross Site Request Forgery (CSRF) which allows anyone to takeover admin/moderater account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://simple.com", + "refsource": "MISC", + "name": "http://simple.com" + }, + { + "url": "http://lumidek.com", + "refsource": "MISC", + "name": "http://lumidek.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/offsecin/bugsdisclose/blob/main/csrf", + "url": "https://github.com/offsecin/bugsdisclose/blob/main/csrf" } ] }