diff --git a/2021/33xxx/CVE-2021-33318.json b/2021/33xxx/CVE-2021-33318.json index 58e20713055..00de2a182e0 100644 --- a/2021/33xxx/CVE-2021-33318.json +++ b/2021/33xxx/CVE-2021-33318.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-33318", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-33318", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Input Validation Vulnerability exists in Joel Christner .NET C# packages WatsonWebserver, IpMatcher 1.0.4.1 and below (IpMatcher) and 4.1.3 and below (WatsonWebserver) due to insufficient validation of input IP addresses and netmasks against the internal Matcher list of IP addresses and subnets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/jchristn/IpMatcher", + "refsource": "MISC", + "name": "https://github.com/jchristn/IpMatcher" + }, + { + "url": "https://github.com/jchristn/WatsonWebserver", + "refsource": "MISC", + "name": "https://github.com/jchristn/WatsonWebserver" + }, + { + "refsource": "MISC", + "name": "https://github.com/kaoudis/advisories/blob/main/0-2021.md", + "url": "https://github.com/kaoudis/advisories/blob/main/0-2021.md" + }, + { + "refsource": "MISC", + "name": "https://github.com/jchristn/IpMatcher/commit/81d77c2f33aa912dbd032b34b9e184fc6e041d89", + "url": "https://github.com/jchristn/IpMatcher/commit/81d77c2f33aa912dbd032b34b9e184fc6e041d89" } ] } diff --git a/2022/1xxx/CVE-2022-1718.json b/2022/1xxx/CVE-2022-1718.json index a2e63348aa2..c2196d769b6 100644 --- a/2022/1xxx/CVE-2022-1718.json +++ b/2022/1xxx/CVE-2022-1718.json @@ -1,18 +1,89 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-1718", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "The trudesk application allows large characters to insert in the input field \"Full Name\" on the signup field which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request in polonel/trudesk" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "polonel/trudesk", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "1.2.2" + } + ] + } + } + ] + }, + "vendor_name": "polonel" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The trudesk application allows large characters to insert in the input field \"Full Name\" on the signup field which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request in GitHub repository polonel/trudesk prior to 1.2.2. This can lead to Denial of service." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190 Integer Overflow or Wraparound" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/1ff8afe4-6ff7-45aa-a652-d8aac7e5be7e", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/1ff8afe4-6ff7-45aa-a652-d8aac7e5be7e" + }, + { + "name": "https://github.com/polonel/trudesk/commit/87e231e04495fb705fe1e03cb56fc4136bafe895", + "refsource": "MISC", + "url": "https://github.com/polonel/trudesk/commit/87e231e04495fb705fe1e03cb56fc4136bafe895" + } + ] + }, + "source": { + "advisory": "1ff8afe4-6ff7-45aa-a652-d8aac7e5be7e", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1719.json b/2022/1xxx/CVE-2022-1719.json index 58755fba92d..19295dcb065 100644 --- a/2022/1xxx/CVE-2022-1719.json +++ b/2022/1xxx/CVE-2022-1719.json @@ -1,18 +1,89 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-1719", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Reflected XSS on ticket filter function in polonel/trudesk" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "polonel/trudesk", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "1.2.2" + } + ] + } + } + ] + }, + "vendor_name": "polonel" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Reflected XSS on ticket filter function in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability is capable of executing a malicious javascript code in web page" } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/790ba3fd-41e9-4393-8e2f-71161b56279b", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/790ba3fd-41e9-4393-8e2f-71161b56279b" + }, + { + "name": "https://github.com/polonel/trudesk/commit/36a542abbbb74828338ce402d65653ac58db42e0", + "refsource": "MISC", + "url": "https://github.com/polonel/trudesk/commit/36a542abbbb74828338ce402d65653ac58db42e0" + } + ] + }, + "source": { + "advisory": "790ba3fd-41e9-4393-8e2f-71161b56279b", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1720.json b/2022/1xxx/CVE-2022-1720.json index 9ea77e1f939..c8efb99343e 100644 --- a/2022/1xxx/CVE-2022-1720.json +++ b/2022/1xxx/CVE-2022-1720.json @@ -1,18 +1,89 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-1720", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Buffer Over-read in function grab_file_name in vim/vim" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "vim/vim", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.2.4956" + } + ] + } + } + ] + }, + "vendor_name": "vim" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-126 Buffer Over-read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/5ccfb386-7eb9-46e5-98e5-243ea4b358a8", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/5ccfb386-7eb9-46e5-98e5-243ea4b358a8" + }, + { + "name": "https://github.com/vim/vim/commit/395bd1f6d3edc9f7edb5d1f2d7deaf5a9e3ab93c", + "refsource": "MISC", + "url": "https://github.com/vim/vim/commit/395bd1f6d3edc9f7edb5d1f2d7deaf5a9e3ab93c" + } + ] + }, + "source": { + "advisory": "5ccfb386-7eb9-46e5-98e5-243ea4b358a8", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1725.json b/2022/1xxx/CVE-2022-1725.json index 2ec3b95be23..5b37e668738 100644 --- a/2022/1xxx/CVE-2022-1725.json +++ b/2022/1xxx/CVE-2022-1725.json @@ -1,18 +1,89 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-1725", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "NULL Pointer Dereference in vim/vim" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "vim/vim", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.2.4959" + } + ] + } + } + ] + }, + "vendor_name": "vim" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476 NULL Pointer Dereference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/4363cf07-233e-4d0a-a1d5-c731a400525c", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/4363cf07-233e-4d0a-a1d5-c731a400525c" + }, + { + "name": "https://github.com/vim/vim/commit/b62dc5e7825bc195efe3041d5b3a9f1528359e1c", + "refsource": "MISC", + "url": "https://github.com/vim/vim/commit/b62dc5e7825bc195efe3041d5b3a9f1528359e1c" + } + ] + }, + "source": { + "advisory": "4363cf07-233e-4d0a-a1d5-c731a400525c", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1731.json b/2022/1xxx/CVE-2022-1731.json new file mode 100644 index 00000000000..ba149ddc526 --- /dev/null +++ b/2022/1xxx/CVE-2022-1731.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-1731", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1732.json b/2022/1xxx/CVE-2022-1732.json new file mode 100644 index 00000000000..3bd9543dafc --- /dev/null +++ b/2022/1xxx/CVE-2022-1732.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-1732", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/27xxx/CVE-2022-27239.json b/2022/27xxx/CVE-2022-27239.json index d0cc7399309..2d7491c56c4 100644 --- a/2022/27xxx/CVE-2022-27239.json +++ b/2022/27xxx/CVE-2022-27239.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-34de4f833d", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WBOLMANBYJILXQKRRK7OCR774PXJAYY/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20220516 [SECURITY] [DLA 3009-1] cifs-utils security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00020.html" } ] } diff --git a/2022/29xxx/CVE-2022-29869.json b/2022/29xxx/CVE-2022-29869.json index 3096abc2eed..bd2c3e05f15 100644 --- a/2022/29xxx/CVE-2022-29869.json +++ b/2022/29xxx/CVE-2022-29869.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-34de4f833d", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WBOLMANBYJILXQKRRK7OCR774PXJAYY/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20220516 [SECURITY] [DLA 3009-1] cifs-utils security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00020.html" } ] } diff --git a/2022/30xxx/CVE-2022-30525.json b/2022/30xxx/CVE-2022-30525.json index ff7508321ab..87969c19b46 100644 --- a/2022/30xxx/CVE-2022-30525.json +++ b/2022/30xxx/CVE-2022-30525.json @@ -118,6 +118,16 @@ "refsource": "CONFIRM", "name": "https://www.zyxel.com/support/Zyxel-security-advisory-for-OS-command-injection-vulnerability-of-firewalls.shtml", "url": "https://www.zyxel.com/support/Zyxel-security-advisory-for-OS-command-injection-vulnerability-of-firewalls.shtml" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/167176/Zyxel-Remote-Command-Execution.html", + "url": "http://packetstormsecurity.com/files/167176/Zyxel-Remote-Command-Execution.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/167182/Zyxel-Firewall-ZTP-Unauthenticated-Command-Injection.html", + "url": "http://packetstormsecurity.com/files/167182/Zyxel-Firewall-ZTP-Unauthenticated-Command-Injection.html" } ] },