From 6b7acd477aad863a687e2ae933eff93f80714a7c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 2 Jun 2022 19:01:44 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/42xxx/CVE-2021-42875.json | 66 ++++++++++++++++++++++++++++++---- 2022/31xxx/CVE-2022-31023.json | 12 +++---- 2022/32xxx/CVE-2022-32234.json | 18 ++++++++++ 2022/32xxx/CVE-2022-32235.json | 18 ++++++++++ 2022/32xxx/CVE-2022-32236.json | 18 ++++++++++ 2022/32xxx/CVE-2022-32237.json | 18 ++++++++++ 2022/32xxx/CVE-2022-32238.json | 18 ++++++++++ 2022/32xxx/CVE-2022-32239.json | 18 ++++++++++ 2022/32xxx/CVE-2022-32240.json | 18 ++++++++++ 2022/32xxx/CVE-2022-32241.json | 18 ++++++++++ 2022/32xxx/CVE-2022-32242.json | 18 ++++++++++ 2022/32xxx/CVE-2022-32243.json | 18 ++++++++++ 2022/32xxx/CVE-2022-32244.json | 18 ++++++++++ 2022/32xxx/CVE-2022-32245.json | 18 ++++++++++ 2022/32xxx/CVE-2022-32246.json | 18 ++++++++++ 2022/32xxx/CVE-2022-32247.json | 18 ++++++++++ 2022/32xxx/CVE-2022-32248.json | 18 ++++++++++ 2022/32xxx/CVE-2022-32249.json | 18 ++++++++++ 18 files changed, 354 insertions(+), 12 deletions(-) create mode 100644 2022/32xxx/CVE-2022-32234.json create mode 100644 2022/32xxx/CVE-2022-32235.json create mode 100644 2022/32xxx/CVE-2022-32236.json create mode 100644 2022/32xxx/CVE-2022-32237.json create mode 100644 2022/32xxx/CVE-2022-32238.json create mode 100644 2022/32xxx/CVE-2022-32239.json create mode 100644 2022/32xxx/CVE-2022-32240.json create mode 100644 2022/32xxx/CVE-2022-32241.json create mode 100644 2022/32xxx/CVE-2022-32242.json create mode 100644 2022/32xxx/CVE-2022-32243.json create mode 100644 2022/32xxx/CVE-2022-32244.json create mode 100644 2022/32xxx/CVE-2022-32245.json create mode 100644 2022/32xxx/CVE-2022-32246.json create mode 100644 2022/32xxx/CVE-2022-32247.json create mode 100644 2022/32xxx/CVE-2022-32248.json create mode 100644 2022/32xxx/CVE-2022-32249.json diff --git a/2021/42xxx/CVE-2021-42875.json b/2021/42xxx/CVE-2021-42875.json index cfbe575dc9c..f10ddcf5f97 100644 --- a/2021/42xxx/CVE-2021-42875.json +++ b/2021/42xxx/CVE-2021-42875.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-42875", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-42875", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in the function setDiagnosisCfg of the file lib/cste_modules/system.so to control the ipDoamin." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://ex1200t.com", + "refsource": "MISC", + "name": "http://ex1200t.com" + }, + { + "url": "http://totolink.net", + "refsource": "MISC", + "name": "http://totolink.net" + }, + { + "url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_ipdoamin_rce.md", + "refsource": "MISC", + "name": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_ipdoamin_rce.md" } ] } diff --git a/2022/31xxx/CVE-2022-31023.json b/2022/31xxx/CVE-2022-31023.json index 89229349d68..4cf2c11fee2 100644 --- a/2022/31xxx/CVE-2022-31023.json +++ b/2022/31xxx/CVE-2022-31023.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "Play Framework is a web framework for Java and Scala. Verions prior to 2.8.16 are vulnerable to generation of error messages containing sensitive information. Play Framework, when run in dev mode, shows verbose errors for easy debugging, including an exception stack trace. Play does this by configuring its `DefaultHttpErrorHandler` to do so based on the application mode. In its Scala API Play also provides a static object `DefaultHttpErrorHandler` that is configured to always show verbose errors. This is used as a default value in some Play APIs, so it is possible to inadvertently use this version in production. It is also possible to improperly configure the `DefaultHttpErrorHandler` object instance as the injected error handler. Both of these situations could result in verbose errors displaying to users in a production application, which could expose sensitive information from the application. In particular, the constructor for `CORSFilter` and `apply` method for `CORSActionBuilder` use the static object `DefaultHttpErrorHandler` as a default value. This is patched in Play Framework 2.8.16. The `DefaultHttpErrorHandler` object has been changed to use the prod-mode behavior, and `DevHttpErrorHandler` has been introduced for the dev-mode behavior. A workaround is available. When constructing a `CORSFilter` or `CORSActionBuilder`, ensure that a properly-configured error handler is passed. Generally this should be done by using the `HttpErrorHandler` instance provided through dependency injection or through Play's `BuiltInComponents`. Ensure that the application is not using the `DefaultHttpErrorHandler` static object in any code that may be run in production." + "value": "Play Framework is a web framework for Java and Scala. Verions prior to 2.8.16 are vulnerable to generation of error messages containing sensitive information. Play Framework, when run in dev mode, shows verbose errors for easy debugging, including an exception stack trace. Play does this by configuring its `DefaultHttpErrorHandler` to do so based on the application mode. In its Scala API Play also provides a static object `DefaultHttpErrorHandler` that is configured to always show verbose errors. This is used as a default value in some Play APIs, so it is possible to inadvertently use this version in production. It is also possible to improperly configure the `DefaultHttpErrorHandler` object instance as the injected error handler. Both of these situations could result in verbose errors displaying to users in a production application, which could expose sensitive information from the application. In particular, the constructor for `CORSFilter` and `apply` method for `CORSActionBuilder` use the static object `DefaultHttpErrorHandler` as a default value. This is patched in Play Framework 2.8.16. The `DefaultHttpErrorHandler` object has been changed to use the prod-mode behavior, and `DevHttpErrorHandler` has been introduced for the dev-mode behavior. A workaround is available. When constructing a `CORSFilter` or `CORSActionBuilder`, ensure that a properly-configured error handler is passed. Generally this should be done by using the `HttpErrorHandler` instance provided through dependency injection or through Play's `BuiltInComponents`. Ensure that the application is not using the `DefaultHttpErrorHandler` static object in any code that may be run in production." } ] }, @@ -69,6 +69,11 @@ }, "references": { "reference_data": [ + { + "name": "https://github.com/playframework/playframework/releases/tag/2.8.16", + "refsource": "MISC", + "url": "https://github.com/playframework/playframework/releases/tag/2.8.16" + }, { "name": "https://github.com/playframework/playframework/security/advisories/GHSA-p9p4-97g9-wcrh", "refsource": "CONFIRM", @@ -78,11 +83,6 @@ "name": "https://github.com/playframework/playframework/pull/11305", "refsource": "MISC", "url": "https://github.com/playframework/playframework/pull/11305" - }, - { - "name": "https://github.com/playframework/playframework/releases/tag/2.8.16", - "refsource": "MISC", - "url": "https://github.com/playframework/playframework/releases/tag/2.8.16" } ] }, diff --git a/2022/32xxx/CVE-2022-32234.json b/2022/32xxx/CVE-2022-32234.json new file mode 100644 index 00000000000..b891a293146 --- /dev/null +++ b/2022/32xxx/CVE-2022-32234.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-32234", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/32xxx/CVE-2022-32235.json b/2022/32xxx/CVE-2022-32235.json new file mode 100644 index 00000000000..a43a9f083b9 --- /dev/null +++ b/2022/32xxx/CVE-2022-32235.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-32235", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/32xxx/CVE-2022-32236.json b/2022/32xxx/CVE-2022-32236.json new file mode 100644 index 00000000000..db3d06cc1ef --- /dev/null +++ b/2022/32xxx/CVE-2022-32236.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-32236", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/32xxx/CVE-2022-32237.json b/2022/32xxx/CVE-2022-32237.json new file mode 100644 index 00000000000..59c91d55ea2 --- /dev/null +++ b/2022/32xxx/CVE-2022-32237.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-32237", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/32xxx/CVE-2022-32238.json b/2022/32xxx/CVE-2022-32238.json new file mode 100644 index 00000000000..4b4eb31b1b4 --- /dev/null +++ b/2022/32xxx/CVE-2022-32238.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-32238", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/32xxx/CVE-2022-32239.json b/2022/32xxx/CVE-2022-32239.json new file mode 100644 index 00000000000..bff6e4841b3 --- /dev/null +++ b/2022/32xxx/CVE-2022-32239.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-32239", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/32xxx/CVE-2022-32240.json b/2022/32xxx/CVE-2022-32240.json new file mode 100644 index 00000000000..2c8e970b79a --- /dev/null +++ b/2022/32xxx/CVE-2022-32240.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-32240", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/32xxx/CVE-2022-32241.json b/2022/32xxx/CVE-2022-32241.json new file mode 100644 index 00000000000..2782fb843ec --- /dev/null +++ b/2022/32xxx/CVE-2022-32241.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-32241", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/32xxx/CVE-2022-32242.json b/2022/32xxx/CVE-2022-32242.json new file mode 100644 index 00000000000..797d2acaced --- /dev/null +++ b/2022/32xxx/CVE-2022-32242.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-32242", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/32xxx/CVE-2022-32243.json b/2022/32xxx/CVE-2022-32243.json new file mode 100644 index 00000000000..e70aad3c980 --- /dev/null +++ b/2022/32xxx/CVE-2022-32243.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-32243", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/32xxx/CVE-2022-32244.json b/2022/32xxx/CVE-2022-32244.json new file mode 100644 index 00000000000..6a25cdf26a7 --- /dev/null +++ b/2022/32xxx/CVE-2022-32244.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-32244", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/32xxx/CVE-2022-32245.json b/2022/32xxx/CVE-2022-32245.json new file mode 100644 index 00000000000..81d1180777b --- /dev/null +++ b/2022/32xxx/CVE-2022-32245.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-32245", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/32xxx/CVE-2022-32246.json b/2022/32xxx/CVE-2022-32246.json new file mode 100644 index 00000000000..e871e23b71f --- /dev/null +++ b/2022/32xxx/CVE-2022-32246.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-32246", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/32xxx/CVE-2022-32247.json b/2022/32xxx/CVE-2022-32247.json new file mode 100644 index 00000000000..5f4591b57bf --- /dev/null +++ b/2022/32xxx/CVE-2022-32247.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-32247", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/32xxx/CVE-2022-32248.json b/2022/32xxx/CVE-2022-32248.json new file mode 100644 index 00000000000..96978495eaa --- /dev/null +++ b/2022/32xxx/CVE-2022-32248.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-32248", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/32xxx/CVE-2022-32249.json b/2022/32xxx/CVE-2022-32249.json new file mode 100644 index 00000000000..f6800e86ec8 --- /dev/null +++ b/2022/32xxx/CVE-2022-32249.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-32249", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file