From 73759c1fc45b24e24fc8947b058039b67ca21d66 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 4 May 2022 18:01:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/1xxx/CVE-2022-1584.json | 83 ++++++++++++++++++++++++++++++--- 2022/20xxx/CVE-2022-20734.json | 4 +- 2022/20xxx/CVE-2022-20753.json | 4 +- 2022/20xxx/CVE-2022-20764.json | 4 +- 2022/20xxx/CVE-2022-20770.json | 4 +- 2022/20xxx/CVE-2022-20771.json | 4 +- 2022/20xxx/CVE-2022-20777.json | 4 +- 2022/20xxx/CVE-2022-20779.json | 4 +- 2022/20xxx/CVE-2022-20780.json | 4 +- 2022/20xxx/CVE-2022-20785.json | 4 +- 2022/20xxx/CVE-2022-20794.json | 4 +- 2022/20xxx/CVE-2022-20796.json | 4 +- 2022/20xxx/CVE-2022-20799.json | 4 +- 2022/20xxx/CVE-2022-20801.json | 4 +- 2022/24xxx/CVE-2022-24193.json | 2 +- 2022/25xxx/CVE-2022-25786.json | 84 +++++++++++++++++++++++++++++++--- 2022/27xxx/CVE-2022-27311.json | 5 ++ 2022/29xxx/CVE-2022-29942.json | 61 +++++++++++++++++++++--- 2022/29xxx/CVE-2022-29943.json | 61 +++++++++++++++++++++--- 2022/30xxx/CVE-2022-30239.json | 18 ++++++++ 2022/30xxx/CVE-2022-30240.json | 18 ++++++++ 2022/30xxx/CVE-2022-30241.json | 67 +++++++++++++++++++++++++++ 22 files changed, 400 insertions(+), 51 deletions(-) create mode 100644 2022/30xxx/CVE-2022-30239.json create mode 100644 2022/30xxx/CVE-2022-30240.json create mode 100644 2022/30xxx/CVE-2022-30241.json diff --git a/2022/1xxx/CVE-2022-1584.json b/2022/1xxx/CVE-2022-1584.json index 0774c374941..dd23ca65ccd 100644 --- a/2022/1xxx/CVE-2022-1584.json +++ b/2022/1xxx/CVE-2022-1584.json @@ -1,18 +1,89 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-1584", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Reflected XSS in microweber/microweber" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "microweber/microweber", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "1.2.16" + } + ] + } + } + ] + }, + "vendor_name": "microweber" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim" } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/69f4ca67-d615-4f25-b2d1-19df7bf1107d", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/69f4ca67-d615-4f25-b2d1-19df7bf1107d" + }, + { + "name": "https://github.com/microweber/microweber/commit/527abd148e6b7aff8df92a9f1aa951e5bebac59c", + "refsource": "MISC", + "url": "https://github.com/microweber/microweber/commit/527abd148e6b7aff8df92a9f1aa951e5bebac59c" + } + ] + }, + "source": { + "advisory": "69f4ca67-d615-4f25-b2d1-19df7bf1107d", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20734.json b/2022/20xxx/CVE-2022-20734.json index 536f347ad33..d1ae19d4e09 100644 --- a/2022/20xxx/CVE-2022-20734.json +++ b/2022/20xxx/CVE-2022-20734.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "\r A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, local attacker to view sensitive information on an affected system.\r This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system.\r " + "value": "A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, local attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system." } ] }, @@ -83,4 +83,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20753.json b/2022/20xxx/CVE-2022-20753.json index 910717cc206..b3c2979311e 100644 --- a/2022/20xxx/CVE-2022-20753.json +++ b/2022/20xxx/CVE-2022-20753.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "\r A vulnerability in web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device.\r This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious input to an affected device. A successful exploit could allow the attacker to execute remote code on the affected device. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.\r " + "value": "A vulnerability in web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious input to an affected device. A successful exploit could allow the attacker to execute remote code on the affected device. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device." } ] }, @@ -85,4 +85,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20764.json b/2022/20xxx/CVE-2022-20764.json index 0fdeabcda17..e2461f6e2b5 100644 --- a/2022/20xxx/CVE-2022-20764.json +++ b/2022/20xxx/CVE-2022-20764.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an attacker-controlled destination.\r For more information about these vulnerabilities, see the Details section of this advisory.\r " + "value": "Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an attacker-controlled destination. For more information about these vulnerabilities, see the Details section of this advisory." } ] }, @@ -85,4 +85,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20770.json b/2022/20xxx/CVE-2022-20770.json index dd7ec5e8cba..f353aa62fb7 100644 --- a/2022/20xxx/CVE-2022-20770.json +++ b/2022/20xxx/CVE-2022-20770.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "\r On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed:\r \r A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.\r \r For a description of this vulnerability, see the ClamAV blog.\r This advisory will be updated as additional information becomes available.\r " + "value": "On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available." } ] }, @@ -85,4 +85,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20771.json b/2022/20xxx/CVE-2022-20771.json index ebd0e4d04c1..9ec80f7cf7d 100644 --- a/2022/20xxx/CVE-2022-20771.json +++ b/2022/20xxx/CVE-2022-20771.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "\r On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed:\r \r A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.\r \r For a description of this vulnerability, see the ClamAV blog.\r This advisory will be updated as additional information becomes available.\r " + "value": "On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available." } ] }, @@ -85,4 +85,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20777.json b/2022/20xxx/CVE-2022-20777.json index dcb80743021..2cd216d130b 100644 --- a/2022/20xxx/CVE-2022-20777.json +++ b/2022/20xxx/CVE-2022-20777.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": " Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM.\r For more information about these vulnerabilities, see the Details section of this advisory.\r " + "value": "Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory." } ] }, @@ -85,4 +85,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20779.json b/2022/20xxx/CVE-2022-20779.json index 7c574ca1c9f..f1c5b11ce5e 100644 --- a/2022/20xxx/CVE-2022-20779.json +++ b/2022/20xxx/CVE-2022-20779.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": " Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM.\r For more information about these vulnerabilities, see the Details section of this advisory.\r " + "value": "Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory." } ] }, @@ -85,4 +85,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20780.json b/2022/20xxx/CVE-2022-20780.json index 8b9f903156f..305b0ad07bd 100644 --- a/2022/20xxx/CVE-2022-20780.json +++ b/2022/20xxx/CVE-2022-20780.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": " Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM.\r For more information about these vulnerabilities, see the Details section of this advisory.\r " + "value": "Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory." } ] }, @@ -85,4 +85,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20785.json b/2022/20xxx/CVE-2022-20785.json index a62b9ece889..5c22306f291 100644 --- a/2022/20xxx/CVE-2022-20785.json +++ b/2022/20xxx/CVE-2022-20785.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "\r On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed:\r \r A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.\r \r For a description of this vulnerability, see the ClamAV blog.\r This advisory will be updated as additional information becomes available.\r " + "value": "On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available." } ] }, @@ -85,4 +85,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20794.json b/2022/20xxx/CVE-2022-20794.json index 6655f87a4ac..02e1cb04865 100644 --- a/2022/20xxx/CVE-2022-20794.json +++ b/2022/20xxx/CVE-2022-20794.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an attacker-controlled destination.\r For more information about these vulnerabilities, see the Details section of this advisory.\r " + "value": "Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an attacker-controlled destination. For more information about these vulnerabilities, see the Details section of this advisory." } ] }, @@ -85,4 +85,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20796.json b/2022/20xxx/CVE-2022-20796.json index 2c4eff67447..a2559c1c7bf 100644 --- a/2022/20xxx/CVE-2022-20796.json +++ b/2022/20xxx/CVE-2022-20796.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "\r On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed:\r \r A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device.\r \r For a description of this vulnerability, see the ClamAV blog.\r " + "value": "On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog." } ] }, @@ -85,4 +85,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20799.json b/2022/20xxx/CVE-2022-20799.json index 0822e259785..9b784d83c62 100644 --- a/2022/20xxx/CVE-2022-20799.json +++ b/2022/20xxx/CVE-2022-20799.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "\r Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device.\r These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system of the affected device. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device.\r " + "value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system of the affected device. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device." } ] }, @@ -85,4 +85,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20801.json b/2022/20xxx/CVE-2022-20801.json index bd48e106e95..559a428b81a 100644 --- a/2022/20xxx/CVE-2022-20801.json +++ b/2022/20xxx/CVE-2022-20801.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "\r Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device.\r These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system of the affected device. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device.\r " + "value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system of the affected device. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device." } ] }, @@ -85,4 +85,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/24xxx/CVE-2022-24193.json b/2022/24xxx/CVE-2022-24193.json index 8680f4d6894..c5f2a0eae8f 100644 --- a/2022/24xxx/CVE-2022-24193.json +++ b/2022/24xxx/CVE-2022-24193.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "CasaOS before v0.2.7 was discovered to contain a command injection vulnerability via the component leave or join zerotier api." + "value": "CasaOS before v0.2.7 was discovered to contain a command injection vulnerability." } ] }, diff --git a/2022/25xxx/CVE-2022-25786.json b/2022/25xxx/CVE-2022-25786.json index b75cec021da..172846633e9 100644 --- a/2022/25xxx/CVE-2022-25786.json +++ b/2022/25xxx/CVE-2022-25786.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "VulnerabilityReporting@secomea.com", "ID": "CVE-2022-25786", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "GateManager debug interface is included in production builds" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GateManager", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "all", + "version_value": "9.7" + } + ] + } + } + ] + }, + "vendor_name": "Secomea" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information. This issue affects: GateManager all versions prior to 9.7." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-420 Unprotected Alternate Channel" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.secomea.com/support/cybersecurity-advisory/", + "name": "https://www.secomea.com/support/cybersecurity-advisory/" + } + ] + }, + "source": { + "defect": [ + "RD-5457" + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2022/27xxx/CVE-2022-27311.json b/2022/27xxx/CVE-2022-27311.json index 23b98805779..8b24f37714f 100644 --- a/2022/27xxx/CVE-2022-27311.json +++ b/2022/27xxx/CVE-2022-27311.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://github.com/amro/gibbon/commit/b2eb99ed304d7491a6d348a5bbdc83a008fc6e0b", "url": "https://github.com/amro/gibbon/commit/b2eb99ed304d7491a6d348a5bbdc83a008fc6e0b" + }, + { + "refsource": "MISC", + "name": "https://github.com/amro/gibbon/commit/cade20ca2438cd1b182dad70cbb77fb895779d10", + "url": "https://github.com/amro/gibbon/commit/cade20ca2438cd1b182dad70cbb77fb895779d10" } ] } diff --git a/2022/29xxx/CVE-2022-29942.json b/2022/29xxx/CVE-2022-29942.json index 868f6c32728..7a7bac54b71 100644 --- a/2022/29xxx/CVE-2022-29942.json +++ b/2022/29xxx/CVE-2022-29942.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-29942", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-29942", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Talend Administration Center has a vulnerability that allows an authenticated user to use the Service Registry 'Add' functionality to perform SSRF HTTP GET requests on URLs in the internal network. The issue is fixed for versions 8.0.x in TPS-5189, versions 7.3.x in TPS-5175, and versions 7.2.x in TPS-5201. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://Talend.com", + "refsource": "MISC", + "name": "https://Talend.com" + }, + { + "refsource": "MISC", + "name": "https://www.talend.com/security/incident-response/#CVE-2022-29942", + "url": "https://www.talend.com/security/incident-response/#CVE-2022-29942" } ] } diff --git a/2022/29xxx/CVE-2022-29943.json b/2022/29xxx/CVE-2022-29943.json index 46f41c72882..adb2b81e861 100644 --- a/2022/29xxx/CVE-2022-29943.json +++ b/2022/29xxx/CVE-2022-29943.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-29943", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-29943", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Talend Administration Center has a vulnerability that allows an authenticated user to use XML External Entity (XXE) processing to achieve read access as root on the remote filesystem. The issue is fixed for versions 8.0.x in TPS-5189, versions 7.3.x in TPS-5175, and versions 7.2.x in TPS-5201. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://Talend.com", + "refsource": "MISC", + "name": "https://Talend.com" + }, + { + "refsource": "MISC", + "name": "https://www.talend.com/security/incident-response/#CVE-2022-29942", + "url": "https://www.talend.com/security/incident-response/#CVE-2022-29942" } ] } diff --git a/2022/30xxx/CVE-2022-30239.json b/2022/30xxx/CVE-2022-30239.json new file mode 100644 index 00000000000..332308449da --- /dev/null +++ b/2022/30xxx/CVE-2022-30239.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-30239", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/30xxx/CVE-2022-30240.json b/2022/30xxx/CVE-2022-30240.json new file mode 100644 index 00000000000..a604801ba87 --- /dev/null +++ b/2022/30xxx/CVE-2022-30240.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-30240", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/30xxx/CVE-2022-30241.json b/2022/30xxx/CVE-2022-30241.json new file mode 100644 index 00000000000..6dd797a9456 --- /dev/null +++ b/2022/30xxx/CVE-2022-30241.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2022-30241", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The jquery.json-viewer library through 1.4.0 for Node.js does not properly escape characters such as < in a JSON object, as demonstrated by a SCRIPT element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/abodelot/jquery.json-viewer/pull/26", + "refsource": "MISC", + "name": "https://github.com/abodelot/jquery.json-viewer/pull/26" + }, + { + "url": "https://www.npmjs.com/package/jquery.json-viewer", + "refsource": "MISC", + "name": "https://www.npmjs.com/package/jquery.json-viewer" + } + ] + } +} \ No newline at end of file