admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-05-13 16:01:36 +00:00
parent 8ea809fbb5
commit 63ff8e051c
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
8 changed files with 576 additions and 112 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
2021/27xxx/CVE-2021-27505.json
View File

@ -1,18 +1,104 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-08-05T21:32:00.000Z",
"ID": "CVE-2021-27505",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "mySCADA myPRO Exposure of Information Through Directory Listing"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "myPRO",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "8.20.0"
}
]
}
}
]
},
"vendor_name": "mySCADA"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Michael Heinzl reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive directory listing information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-548: Exposure of Information Through Directory Listing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03"
},
{
"name": "https://www.myscada.org/version-8-20-0-released-security-update",
"refsource": "CONFIRM",
"url": "https://www.myscada.org/version-8-20-0-released-security-update"
}
]
},
"solution": [
{
"lang": "eng",
"value": "mySCADA recommends users apply update v8.20.0 or later. "
}
],
"source": {
"discovery": "EXTERNAL"
}
}

98
2021/33xxx/CVE-2021-33005.json
View File

@ -1,18 +1,104 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-08-05T21:32:00.000Z",
"ID": "CVE-2021-33005",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "mySCADA myPRO Path Traversal"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "myPRO",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "8.20.0"
}
]
}
}
]
},
"vendor_name": "mySCADA"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Michael Heinzl reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to arbitrary directories."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03"
},
{
"name": "https://www.myscada.org/version-8-20-0-released-security-update",
"refsource": "CONFIRM",
"url": "https://www.myscada.org/version-8-20-0-released-security-update"
}
]
},
"solution": [
{
"lang": "eng",
"value": "mySCADA recommends users apply update v8.20.0 or later. "
}
],
"source": {
"discovery": "EXTERNAL"
}
}

98
2021/33xxx/CVE-2021-33009.json
View File

@ -1,18 +1,104 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-08-05T21:32:00.000Z",
"ID": "CVE-2021-33009",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "mySCADA myPRO Unrestricted Upload of File with Dangerous Type"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "myPRO",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "8.20.0"
}
]
}
}
]
},
"vendor_name": "mySCADA"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Michael Heinzl reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to the file system."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434: Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03"
},
{
"name": "https://www.myscada.org/version-8-20-0-released-security-update",
"refsource": "CONFIRM",
"url": "https://www.myscada.org/version-8-20-0-released-security-update"
}
]
},
"solution": [
{
"lang": "eng",
"value": "mySCADA recommends users apply update v8.20.0 or later. "
}
],
"source": {
"discovery": "EXTERNAL"
}
}

98
2021/33xxx/CVE-2021-33013.json
View File

@ -1,18 +1,104 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-08-05T21:32:00.000Z",
"ID": "CVE-2021-33013",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "mySCADA myPRO Improper Access Control"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "myPRO",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "8.20.0"
}
]
}
}
]
},
"vendor_name": "mySCADA"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Michael Heinzl reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive system information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03"
},
{
"name": "https://www.myscada.org/version-8-20-0-released-security-update",
"refsource": "CONFIRM",
"url": "https://www.myscada.org/version-8-20-0-released-security-update"
}
]
},
"solution": [
{
"lang": "eng",
"value": "mySCADA recommends users apply update v8.20.0 or later. "
}
],
"source": {
"discovery": "EXTERNAL"
}
}

50
2021/40xxx/CVE-2021-40010.json
View File

@ -1,51 +1,48 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-40010",
"ASSIGNER": "psirt@huawei.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "HarmonyOS",
"product_name": "HarmonyOS;EMUI;Magic UI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
"version_value": "HarmonyOS 2.0"
},
{
"version_value": "EMUI 12.0.0,EMUI 11.0.1,EMUI 11.0.0,EMUI 10.1.1,EMUI 10.1.0,EMUI 10.0.0"
},
{
"version_value": "Magic UI 4.0.0,Magic UI 3.1.1,Magic UI 3.1.0,Magic UI 3.0.0"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The bone voice ID trusted application (TA) has a heap overflow vulnerability. Successful exploitation of this vulnerability may result in malicious code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap Overflow "
"value": "Heap overflow vulnerability"
}
]
}
@ -54,9 +51,22 @@
"references": {
"reference_data": [
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331",
"refsource": "MISC",
"name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331"
"name": "https://consumer.huawei.com/en/support/bulletin/2022/5/",
"url": "https://consumer.huawei.com/en/support/bulletin/2022/5/"
},
{
"refsource": "MISC",
"name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202201-0000001194056366",
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202201-0000001194056366"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The bone voice ID TA has a heap overflow vulnerability.Successful exploitation of this vulnerability may result in malicious code execution."
}
]
}

61
2022/22xxx/CVE-2022-22252.json
View File

@ -4,14 +4,69 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-22252",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@huawei.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "HarmonyOS;EMUI;Magic UI",
"version": {
"version_data": [
{
"version_value": "HarmonyOS 2.0"
},
{
"version_value": "EMUI 12.0.0,EMUI 11.0.1,EMUI 11.0.0,EMUI 10.1.1,EMUI 10.1.0,EMUI 10.0.0"
},
{
"version_value": "Magic UI 4.0.0,Magic UI 3.1.1,Magic UI 3.1.0,Magic UI 3.0.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UAF vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://consumer.huawei.com/en/support/bulletin/2022/4/",
"url": "https://consumer.huawei.com/en/support/bulletin/2022/4/"
},
{
"refsource": "MISC",
"name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202204-0000001224076294",
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202204-0000001224076294"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The DFX module has a UAF vulnerability.Successful exploitation of this vulnerability may affect system stability."
}
]
}

86
2022/22xxx/CVE-2022-22258.json
View File

@ -1,86 +1,41 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2022-22258",
"ASSIGNER": "psirt@huawei.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "HarmonyOS",
"product_name": "HarmonyOS;EMUI;Magic UI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
}
]
}
},
{
"product_name": "EMUI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.0.0"
"version_value": "HarmonyOS 2.0"
},
{
"version_affected": "=",
"version_value": "11.0.0"
"version_value": "EMUI 12.0.0,EMUI 11.0.1,EMUI 11.0.0,EMUI 10.1.1,EMUI 10.1.0"
},
{
"version_affected": "=",
"version_value": "10.1.1"
},
{
"version_affected": "=",
"version_value": "10.1.0"
}
]
}
},
{
"product_name": "Magic UI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.0.0"
},
{
"version_affected": "=",
"version_value": "3.1.1"
},
{
"version_affected": "=",
"version_value": "3.1.0"
"version_value": "Magic UI 4.0.0,Magic UI 3.1.1,Magic UI 3.1.0"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Wi-Fi module has an event notification vulnerability.Successful exploitation of this vulnerability may allow third-party applications to intercept event notifications and add information and result in elevation-of-privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
@ -96,14 +51,27 @@
"references": {
"reference_data": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2022/4/",
"refsource": "MISC",
"name": "https://consumer.huawei.com/en/support/bulletin/2022/4/"
"name": "https://consumer.huawei.com/en/support/bulletin/2022/4/",
"url": "https://consumer.huawei.com/en/support/bulletin/2022/4/"
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202204-0000001224076294",
"refsource": "MISC",
"name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202204-0000001224076294"
"name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202204-0000001224076294",
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202204-0000001224076294"
},
{
"refsource": "MISC",
"name": "https://consumer.huawei.com/en/support/bulletin/2022/5/",
"url": "https://consumer.huawei.com/en/support/bulletin/2022/5/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Wi-Fi module has an event notification vulnerability.Successful exploitation of this vulnerability may allow third-party applications to intercept event notifications and add information and result in elevation-of-privilege."
}
]
}

99
2022/29xxx/CVE-2022-29433.json
View File

@ -1,18 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-05-13T14:27:00.000Z",
"ID": "CVE-2022-29433",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "https://patchstack.com/database/vulnerability/nd-donations/wordpress-donations-plugin-1-8-authenticated-stored-cross-site-scripting-xss-vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Donations (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 1.8",
"version_value": "1.8"
}
]
}
}
]
},
"vendor_name": "Nicdark"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Ngo Van Thien (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Authenticated (contributor or higher role) Cross-Site Scripting (XSS) vulnerability in Donations plugin <= 1.8 on WordPress."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/nd-donations/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/nd-donations/"
},
{
"name": "https://patchstack.com/database/vulnerability/nd-donations/wordpress-donations-plugin-1-8-authenticated-stored-cross-site-scripting-xss-vulnerability",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/nd-donations/wordpress-donations-plugin-1-8-authenticated-stored-cross-site-scripting-xss-vulnerability"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Deactivate and delete. This plugin has been closed on 2022 February 28th and is not available for download."
}
],
"source": {
"discovery": "EXTERNAL"
}
}