From 6b97071577447cce1d14497d6f11dbfd87b75330 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 18 Aug 2022 05:00:39 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/30xxx/CVE-2021-30070.json | 61 ++++++++++++++++++++++++++++++---- 2021/30xxx/CVE-2021-30071.json | 56 +++++++++++++++++++++++++++---- 2022/35xxx/CVE-2022-35153.json | 61 ++++++++++++++++++++++++++++++---- 2022/35xxx/CVE-2022-35154.json | 56 +++++++++++++++++++++++++++---- 2022/35xxx/CVE-2022-35164.json | 56 +++++++++++++++++++++++++++---- 2022/35xxx/CVE-2022-35165.json | 56 +++++++++++++++++++++++++++---- 2022/35xxx/CVE-2022-35166.json | 56 +++++++++++++++++++++++++++---- 7 files changed, 360 insertions(+), 42 deletions(-) diff --git a/2021/30xxx/CVE-2021-30070.json b/2021/30xxx/CVE-2021-30070.json index aaf4ad062f2..febba2b6885 100644 --- a/2021/30xxx/CVE-2021-30070.json +++ b/2021/30xxx/CVE-2021-30070.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-30070", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-30070", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in HestiaCP before v1.3.5. Attackers are able to arbitrarily install packages due to values taken from the pgk [] parameter in the update request being transmitted to the operating system's package manager." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/hestiacp/hestiacp/commit/9a1fccd37f2842fdf96ffb48895c4bfa9788c469", + "refsource": "MISC", + "name": "https://github.com/hestiacp/hestiacp/commit/9a1fccd37f2842fdf96ffb48895c4bfa9788c469" + }, + { + "url": "https://github.com/hestiacp/hestiacp/commit/27556a9a43aeaf308b33be224c2e70f2011574e6", + "refsource": "MISC", + "name": "https://github.com/hestiacp/hestiacp/commit/27556a9a43aeaf308b33be224c2e70f2011574e6" } ] } diff --git a/2021/30xxx/CVE-2021-30071.json b/2021/30xxx/CVE-2021-30071.json index dfbd2d67641..cc6e7f6eb3a 100644 --- a/2021/30xxx/CVE-2021-30071.json +++ b/2021/30xxx/CVE-2021-30071.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-30071", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-30071", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability in /admin/list_key.html of HestiaCP before v1.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/hestiacp/hestiacp/commit/706314c12872c7607e96a73dfc77dbbddad2875e", + "refsource": "MISC", + "name": "https://github.com/hestiacp/hestiacp/commit/706314c12872c7607e96a73dfc77dbbddad2875e" } ] } diff --git a/2022/35xxx/CVE-2022-35153.json b/2022/35xxx/CVE-2022-35153.json index 4c88b399fbd..fae0220ebf7 100644 --- a/2022/35xxx/CVE-2022-35153.json +++ b/2022/35xxx/CVE-2022-35153.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-35153", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-35153", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "FusionPBX 5.0.1 was discovered to contain a command injection vulnerability via /fax/fax_send.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/fusionpbx/fusionpbx/commit/de22a9121a091e7fedddff22329dd6149dc5ab28", + "refsource": "MISC", + "name": "https://github.com/fusionpbx/fusionpbx/commit/de22a9121a091e7fedddff22329dd6149dc5ab28" + }, + { + "url": "https://github.com/fusionpbx/fusionpbx/commit/07679fe80dadb08ca23d0fc16c0f832348bfec78", + "refsource": "MISC", + "name": "https://github.com/fusionpbx/fusionpbx/commit/07679fe80dadb08ca23d0fc16c0f832348bfec78" } ] } diff --git a/2022/35xxx/CVE-2022-35154.json b/2022/35xxx/CVE-2022-35154.json index 1235657e1cd..7ee8cd2bc3b 100644 --- a/2022/35xxx/CVE-2022-35154.json +++ b/2022/35xxx/CVE-2022-35154.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-35154", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-35154", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Shopro Mall System v1.3.8 was discovered to contain a SQL injection vulnerability via the value parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/secf0ra11/secf0ra11.github.io/blob/main/Shopro_SQL_injection.md", + "refsource": "MISC", + "name": "https://github.com/secf0ra11/secf0ra11.github.io/blob/main/Shopro_SQL_injection.md" } ] } diff --git a/2022/35xxx/CVE-2022-35164.json b/2022/35xxx/CVE-2022-35164.json index ee8d49300e0..bb90038f889 100644 --- a/2022/35xxx/CVE-2022-35164.json +++ b/2022/35xxx/CVE-2022-35164.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-35164", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-35164", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a heap use-after-free via bit_copy_chain." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/LibreDWG/libredwg/issues/497", + "refsource": "MISC", + "name": "https://github.com/LibreDWG/libredwg/issues/497" } ] } diff --git a/2022/35xxx/CVE-2022-35165.json b/2022/35xxx/CVE-2022-35165.json index 76b5ea91f7e..8d2694fd4fd 100644 --- a/2022/35xxx/CVE-2022-35165.json +++ b/2022/35xxx/CVE-2022-35165.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-35165", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-35165", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in AP4_SgpdAtom::AP4_SgpdAtom() of Bento4-1.6.0-639 allows attackers to cause a Denial of Service (DoS) via a crafted mp4 input." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/axiomatic-systems/Bento4/issues/712", + "refsource": "MISC", + "name": "https://github.com/axiomatic-systems/Bento4/issues/712" } ] } diff --git a/2022/35xxx/CVE-2022-35166.json b/2022/35xxx/CVE-2022-35166.json index 1eaaa6cddd8..93aa8107e03 100644 --- a/2022/35xxx/CVE-2022-35166.json +++ b/2022/35xxx/CVE-2022-35166.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-35166", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-35166", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "libjpeg commit 842c7ba was discovered to contain an infinite loop via the component JPEG::ReadInternal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/thorfdbg/libjpeg/issues/76", + "refsource": "MISC", + "name": "https://github.com/thorfdbg/libjpeg/issues/76" } ] }