diff --git a/2021/43xxx/CVE-2021-43725.json b/2021/43xxx/CVE-2021-43725.json index be89b48a7d8..04308548447 100644 --- a/2021/43xxx/CVE-2021-43725.json +++ b/2021/43xxx/CVE-2021-43725.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-43725", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-43725", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below, which allows remote attackers to inject arbitrary web script or HTML via the data[performredirect] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/spotweb/spotweb/issues/718", + "refsource": "MISC", + "name": "https://github.com/spotweb/spotweb/issues/718" + }, + { + "url": "https://github.com/spotweb/spotweb/commit/2bfa001689aae96009688a193c64478647ba45a1", + "refsource": "MISC", + "name": "https://github.com/spotweb/spotweb/commit/2bfa001689aae96009688a193c64478647ba45a1" } ] } diff --git a/2022/0xxx/CVE-2022-0342.json b/2022/0xxx/CVE-2022-0342.json index 5823d5c20f7..5c009c3ddd1 100644 --- a/2022/0xxx/CVE-2022-0342.json +++ b/2022/0xxx/CVE-2022-0342.json @@ -1 +1,109 @@ -{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ASSIGNER":"PSIRT@zyxel.com.tw","ID":"CVE-2022-0342"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Zyxel","product":{"product_data":[{"product_name":"USG/ZyWALL series firmware","version":{"version_data":[{"version_value":"4.20 through 4.70"}]}},{"product_name":"USG FLEX series firmware","version":{"version_data":[{"version_value":"4.50 through 5.20"}]}},{"product_name":"ATP series firmware","version":{"version_data":[{"version_value":"4.32 through 5.20"}]}},{"product_name":"VPN series firmware","version":{"version_data":[{"version_value":"4.30 through 5.20"}]}},{"product_name":"NSG series firmware","version":{"version_data":[{"version_value":"1.20 through 1.33 Patch 4"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-287: Improper Authentication"}]}]},"references":{"reference_data":[{"refsource":"CONFIRM","name":"https://www.zyxel.com/support/Zyxel-security-advisory-for-authentication-bypass-vulnerability-of-firewalls.shtml","url":"https://www.zyxel.com/support/Zyxel-security-advisory-for-authentication-bypass-vulnerability-of-firewalls.shtml"}]},"impact":{"cvss":{"baseScore":"9.8","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},"description":{"description_data":[{"lang":"eng","value":"An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device."}]}} +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "security@zyxel.com.tw", + "ID": "CVE-2022-0342", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Zyxel", + "product": { + "product_data": [ + { + "product_name": "USG/ZyWALL series firmware", + "version": { + "version_data": [ + { + "version_value": "4.20 through 4.70" + } + ] + } + }, + { + "product_name": "USG FLEX series firmware", + "version": { + "version_data": [ + { + "version_value": "4.50 through 5.20" + } + ] + } + }, + { + "product_name": "ATP series firmware", + "version": { + "version_data": [ + { + "version_value": "4.32 through 5.20" + } + ] + } + }, + { + "product_name": "VPN series firmware", + "version": { + "version_data": [ + { + "version_value": "4.30 through 5.20" + } + ] + } + }, + { + "product_name": "NSG series firmware", + "version": { + "version_data": [ + { + "version_value": "1.20 through 1.33 Patch 4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287: Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.zyxel.com/support/Zyxel-security-advisory-for-authentication-bypass-vulnerability-of-firewalls.shtml", + "url": "https://www.zyxel.com/support/Zyxel-security-advisory-for-authentication-bypass-vulnerability-of-firewalls.shtml" + } + ] + }, + "impact": { + "cvss": { + "baseScore": "9.8", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device." + } + ] + } +} \ No newline at end of file diff --git a/2022/23xxx/CVE-2022-23884.json b/2022/23xxx/CVE-2022-23884.json index 5c8023716dc..6d9640f0188 100644 --- a/2022/23xxx/CVE-2022-23884.json +++ b/2022/23xxx/CVE-2022-23884.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-23884", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-23884", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mojang Bedrock Dedicated Server 1.18.2 is affected by an integer overflow leading to a bound check bypass caused by PurchaseReceiptPacket::_read (packet deserializer)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://s3.bmp.ovh/imgs/2022/01/962e0c75f5969cfb.png", + "refsource": "MISC", + "name": "https://s3.bmp.ovh/imgs/2022/01/962e0c75f5969cfb.png" } ] }