From 6923e488c8374e6126f7075507039b2578ffc859 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 12 Aug 2022 14:43:26 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/2xxx/CVE-2022-2390.json | 12 ++++--- 2022/2xxx/CVE-2022-2503.json | 7 ++-- 2022/2xxx/CVE-2022-2779.json | 14 +++++--- 2022/2xxx/CVE-2022-2787.json | 18 ++++++++++ 2022/2xxx/CVE-2022-2788.json | 18 ++++++++++ 2022/2xxx/CVE-2022-2789.json | 18 ++++++++++ 2022/2xxx/CVE-2022-2790.json | 18 ++++++++++ 2022/2xxx/CVE-2022-2791.json | 18 ++++++++++ 2022/2xxx/CVE-2022-2792.json | 18 ++++++++++ 2022/2xxx/CVE-2022-2793.json | 18 ++++++++++ 2022/2xxx/CVE-2022-2794.json | 18 ++++++++++ 2022/2xxx/CVE-2022-2797.json | 18 ++++++++++ 2022/2xxx/CVE-2022-2798.json | 18 ++++++++++ 2022/2xxx/CVE-2022-2799.json | 18 ++++++++++ 2022/2xxx/CVE-2022-2800.json | 18 ++++++++++ 2022/2xxx/CVE-2022-2801.json | 18 ++++++++++ 2022/2xxx/CVE-2022-2802.json | 18 ++++++++++ 2022/2xxx/CVE-2022-2803.json | 18 ++++++++++ 2022/2xxx/CVE-2022-2804.json | 18 ++++++++++ 2022/37xxx/CVE-2022-37041.json | 61 ++++++++++++++++++++++++++++++---- 2022/37xxx/CVE-2022-37042.json | 61 ++++++++++++++++++++++++++++++---- 2022/37xxx/CVE-2022-37043.json | 61 ++++++++++++++++++++++++++++++---- 2022/37xxx/CVE-2022-37044.json | 61 ++++++++++++++++++++++++++++++---- 2022/38xxx/CVE-2022-38177.json | 18 ++++++++++ 2022/38xxx/CVE-2022-38179.json | 12 ++++--- 2022/38xxx/CVE-2022-38180.json | 12 ++++--- 26 files changed, 560 insertions(+), 47 deletions(-) create mode 100644 2022/2xxx/CVE-2022-2787.json create mode 100644 2022/2xxx/CVE-2022-2788.json create mode 100644 2022/2xxx/CVE-2022-2789.json create mode 100644 2022/2xxx/CVE-2022-2790.json create mode 100644 2022/2xxx/CVE-2022-2791.json create mode 100644 2022/2xxx/CVE-2022-2792.json create mode 100644 2022/2xxx/CVE-2022-2793.json create mode 100644 2022/2xxx/CVE-2022-2794.json create mode 100644 2022/2xxx/CVE-2022-2797.json create mode 100644 2022/2xxx/CVE-2022-2798.json create mode 100644 2022/2xxx/CVE-2022-2799.json create mode 100644 2022/2xxx/CVE-2022-2800.json create mode 100644 2022/2xxx/CVE-2022-2801.json create mode 100644 2022/2xxx/CVE-2022-2802.json create mode 100644 2022/2xxx/CVE-2022-2803.json create mode 100644 2022/2xxx/CVE-2022-2804.json create mode 100644 2022/38xxx/CVE-2022-38177.json diff --git a/2022/2xxx/CVE-2022-2390.json b/2022/2xxx/CVE-2022-2390.json index 9c7fe671939..4bed7dd03cc 100644 --- a/2022/2xxx/CVE-2022-2390.json +++ b/2022/2xxx/CVE-2022-2390.json @@ -74,16 +74,18 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://mvnrepository.com/artifact/com.google.android.gms/play-services-basement/18.0.2" + "refsource": "MISC", + "url": "https://developers.google.com/android/guides/releases#may_03_2022", + "name": "https://developers.google.com/android/guides/releases#may_03_2022" }, { - "refsource": "CONFIRM", - "url": "https://developers.google.com/android/guides/releases#may_03_2022" + "refsource": "MISC", + "url": "https://mvnrepository.com/artifact/com.google.android.gms/play-services-basement/18.0.2", + "name": "https://mvnrepository.com/artifact/com.google.android.gms/play-services-basement/18.0.2" } ] }, "source": { "discovery": "EXTERNAL" } -} +} \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2503.json b/2022/2xxx/CVE-2022-2503.json index aa4a98a7a70..2798bead12d 100644 --- a/2022/2xxx/CVE-2022-2503.json +++ b/2022/2xxx/CVE-2022-2503.json @@ -74,12 +74,13 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://github.com/google/security-research/security/advisories/GHSA-6vq3-w69p-w63m" + "refsource": "MISC", + "url": "https://github.com/google/security-research/security/advisories/GHSA-6vq3-w69p-w63m", + "name": "https://github.com/google/security-research/security/advisories/GHSA-6vq3-w69p-w63m" } ] }, "source": { "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2779.json b/2022/2xxx/CVE-2022-2779.json index c59e58ea67d..06c6d811faa 100644 --- a/2022/2xxx/CVE-2022-2779.json +++ b/2022/2xxx/CVE-2022-2779.json @@ -22,7 +22,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -49,7 +49,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability classified as critical was found in SourceCodester Gas Agency Management System. Affected by this vulnerability is an unknown functionality of the file \/gasmark\/assets\/myimages\/oneWord.php. The manipulation of the argument shell leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206173 was assigned to this vulnerability." + "value": "A vulnerability classified as critical was found in SourceCodester Gas Agency Management System. Affected by this vulnerability is an unknown functionality of the file /gasmark/assets/myimages/oneWord.php. The manipulation of the argument shell leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206173 was assigned to this vulnerability." } ] }, @@ -57,16 +57,20 @@ "cvss": { "version": "3.1", "baseScore": "6.3", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/Drun1baby\/CVE_Pentest\/blob\/main\/Gas%20Agency%20Management%20System%20CMS\/images\/oneWorld.png" + "url": "https://github.com/Drun1baby/CVE_Pentest/blob/main/Gas%20Agency%20Management%20System%20CMS/images/oneWorld.png", + "refsource": "MISC", + "name": "https://github.com/Drun1baby/CVE_Pentest/blob/main/Gas%20Agency%20Management%20System%20CMS/images/oneWorld.png" }, { - "url": "https:\/\/vuldb.com\/?id.206173" + "url": "https://vuldb.com/?id.206173", + "refsource": "MISC", + "name": "https://vuldb.com/?id.206173" } ] } diff --git a/2022/2xxx/CVE-2022-2787.json b/2022/2xxx/CVE-2022-2787.json new file mode 100644 index 00000000000..e727971b937 --- /dev/null +++ b/2022/2xxx/CVE-2022-2787.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2787", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2788.json b/2022/2xxx/CVE-2022-2788.json new file mode 100644 index 00000000000..563c2c85805 --- /dev/null +++ b/2022/2xxx/CVE-2022-2788.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2788", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2789.json b/2022/2xxx/CVE-2022-2789.json new file mode 100644 index 00000000000..9e953e0e621 --- /dev/null +++ b/2022/2xxx/CVE-2022-2789.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2789", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2790.json b/2022/2xxx/CVE-2022-2790.json new file mode 100644 index 00000000000..fb4460876ab --- /dev/null +++ b/2022/2xxx/CVE-2022-2790.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2790", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2791.json b/2022/2xxx/CVE-2022-2791.json new file mode 100644 index 00000000000..97c165fef00 --- /dev/null +++ b/2022/2xxx/CVE-2022-2791.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2791", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2792.json b/2022/2xxx/CVE-2022-2792.json new file mode 100644 index 00000000000..ce075536f2b --- /dev/null +++ b/2022/2xxx/CVE-2022-2792.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2792", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2793.json b/2022/2xxx/CVE-2022-2793.json new file mode 100644 index 00000000000..08490f97244 --- /dev/null +++ b/2022/2xxx/CVE-2022-2793.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2793", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2794.json b/2022/2xxx/CVE-2022-2794.json new file mode 100644 index 00000000000..f4a49ed4af6 --- /dev/null +++ b/2022/2xxx/CVE-2022-2794.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2794", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2797.json b/2022/2xxx/CVE-2022-2797.json new file mode 100644 index 00000000000..4edbe9d14ff --- /dev/null +++ b/2022/2xxx/CVE-2022-2797.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2797", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2798.json b/2022/2xxx/CVE-2022-2798.json new file mode 100644 index 00000000000..a2206f56291 --- /dev/null +++ b/2022/2xxx/CVE-2022-2798.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2798", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2799.json b/2022/2xxx/CVE-2022-2799.json new file mode 100644 index 00000000000..80d7720631e --- /dev/null +++ b/2022/2xxx/CVE-2022-2799.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2799", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2800.json b/2022/2xxx/CVE-2022-2800.json new file mode 100644 index 00000000000..b0564a6a67c --- /dev/null +++ b/2022/2xxx/CVE-2022-2800.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2800", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2801.json b/2022/2xxx/CVE-2022-2801.json new file mode 100644 index 00000000000..1a03b88e2e8 --- /dev/null +++ b/2022/2xxx/CVE-2022-2801.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2801", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2802.json b/2022/2xxx/CVE-2022-2802.json new file mode 100644 index 00000000000..24806139dfe --- /dev/null +++ b/2022/2xxx/CVE-2022-2802.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2802", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2803.json b/2022/2xxx/CVE-2022-2803.json new file mode 100644 index 00000000000..c9e9a207c90 --- /dev/null +++ b/2022/2xxx/CVE-2022-2803.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2803", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2804.json b/2022/2xxx/CVE-2022-2804.json new file mode 100644 index 00000000000..9e72c023463 --- /dev/null +++ b/2022/2xxx/CVE-2022-2804.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2804", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/37xxx/CVE-2022-37041.json b/2022/37xxx/CVE-2022-37041.json index d776cd3cb8e..151eba1db58 100644 --- a/2022/37xxx/CVE-2022-37041.json +++ b/2022/37xxx/CVE-2022-37041.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-37041", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-37041", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. The value of the X-Forwarded-Host header overwrites the value of the Host header in proxied requests. The value of X-Forwarded-Host header is not checked against the whitelist of hosts that ZCS is allowed to proxy to (the zimbraProxyAllowedDomains setting)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", + "refsource": "MISC", + "name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories" + }, + { + "url": "https://wiki.zimbra.com/wiki/Security_Center", + "refsource": "MISC", + "name": "https://wiki.zimbra.com/wiki/Security_Center" } ] } diff --git a/2022/37xxx/CVE-2022-37042.json b/2022/37xxx/CVE-2022-37042.json index 56e740ebca2..f813617beaf 100644 --- a/2022/37xxx/CVE-2022-37042.json +++ b/2022/37xxx/CVE-2022-37042.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-37042", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-37042", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication (i.e., not having an authtoken), an attacker can upload arbitrary files to the system, leading to directory traversal and remote code execution. NOTE: this issue exists because of an incomplete fix for CVE-2022-27925." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", + "refsource": "MISC", + "name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories" + }, + { + "url": "https://wiki.zimbra.com/wiki/Security_Center", + "refsource": "MISC", + "name": "https://wiki.zimbra.com/wiki/Security_Center" } ] } diff --git a/2022/37xxx/CVE-2022-37043.json b/2022/37xxx/CVE-2022-37043.json index 13e3059504d..97e12dd6be3 100644 --- a/2022/37xxx/CVE-2022-37043.json +++ b/2022/37xxx/CVE-2022-37043.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-37043", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-37043", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the webmail component in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. When using preauth, CSRF tokens are not checked on some POST endpoints. Thus, when an authenticated user views an attacker-controlled page, a request will be sent to the application that appears to be intended. The CSRF token is omitted from the request, but the request still succeeds." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", + "refsource": "MISC", + "name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories" + }, + { + "url": "https://wiki.zimbra.com/wiki/Security_Center", + "refsource": "MISC", + "name": "https://wiki.zimbra.com/wiki/Security_Center" } ] } diff --git a/2022/37xxx/CVE-2022-37044.json b/2022/37xxx/CVE-2022-37044.json index 5ff09bf397b..974d4497f4c 100644 --- a/2022/37xxx/CVE-2022-37044.json +++ b/2022/37xxx/CVE-2022-37044.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-37044", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-37044", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/search?action accepts parameters called extra, title, and onload that are partially sanitised and lead to reflected XSS that allows executing arbitrary JavaScript on the victim's machine." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", + "refsource": "MISC", + "name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories" + }, + { + "url": "https://wiki.zimbra.com/wiki/Security_Center", + "refsource": "MISC", + "name": "https://wiki.zimbra.com/wiki/Security_Center" } ] } diff --git a/2022/38xxx/CVE-2022-38177.json b/2022/38xxx/CVE-2022-38177.json new file mode 100644 index 00000000000..300ba97d3ea --- /dev/null +++ b/2022/38xxx/CVE-2022-38177.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-38177", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38179.json b/2022/38xxx/CVE-2022-38179.json index 8c582b64941..8608b746b50 100644 --- a/2022/38xxx/CVE-2022-38179.json +++ b/2022/38xxx/CVE-2022-38179.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@jetbrains.com", + "ASSIGNER": "security@jetbrains.com", "ID": "CVE-2022-38179", "STATE": "PUBLIC" }, @@ -74,12 +74,14 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.jetbrains.com/privacy-security/issues-fixed/" + "refsource": "MISC", + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", + "name": "https://www.jetbrains.com/privacy-security/issues-fixed/" }, { - "refsource": "CONFIRM", - "url": "https://github.com/ktorio/ktor/pull/3110" + "refsource": "MISC", + "url": "https://github.com/ktorio/ktor/pull/3110", + "name": "https://github.com/ktorio/ktor/pull/3110" } ] }, diff --git a/2022/38xxx/CVE-2022-38180.json b/2022/38xxx/CVE-2022-38180.json index 7ca865e438c..a2b45a461e7 100644 --- a/2022/38xxx/CVE-2022-38180.json +++ b/2022/38xxx/CVE-2022-38180.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@jetbrains.com", + "ASSIGNER": "security@jetbrains.com", "ID": "CVE-2022-38180", "STATE": "PUBLIC" }, @@ -74,12 +74,14 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.jetbrains.com/privacy-security/issues-fixed/" + "refsource": "MISC", + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", + "name": "https://www.jetbrains.com/privacy-security/issues-fixed/" }, { - "refsource": "CONFIRM", - "url": "https://github.com/ktorio/ktor/pull/3092" + "refsource": "MISC", + "url": "https://github.com/ktorio/ktor/pull/3092", + "name": "https://github.com/ktorio/ktor/pull/3092" } ] },