From 73fe612f840ba60ef3b95512853199ab0fedc0ba Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 23 Mar 2022 23:01:27 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/24xxx/CVE-2020-24772.json | 2 +- 2022/25xxx/CVE-2022-25266.json | 61 ++++++++++++++++++++++++++++++---- 2022/25xxx/CVE-2022-25267.json | 61 ++++++++++++++++++++++++++++++---- 2022/25xxx/CVE-2022-25268.json | 61 ++++++++++++++++++++++++++++++---- 2022/25xxx/CVE-2022-25269.json | 61 ++++++++++++++++++++++++++++++---- 5 files changed, 221 insertions(+), 25 deletions(-) diff --git a/2020/24xxx/CVE-2020-24772.json b/2020/24xxx/CVE-2020-24772.json index e2c602cb18c..7196ffa4827 100644 --- a/2020/24xxx/CVE-2020-24772.json +++ b/2020/24xxx/CVE-2020-24772.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "In Dreamacro 1.1.0, an attacker could embed a malicious iframe in a website with a crafted URL that would launch the Clash Windows client and force it to open a remote SMB share. Windows will perform NTLM authentication when opening the SMB share and that request can be relayed (using a tool like responder) for code execution (or captured for hash cracking)." + "value": "In Dreamacro Clash for Windows v0.11.4, an attacker could embed a malicious iframe in a website with a crafted URL that would launch the Clash Windows client and force it to open a remote SMB share. Windows will perform NTLM authentication when opening the SMB share and that request can be relayed (using a tool like responder) for code execution (or captured for hash cracking)." } ] }, diff --git a/2022/25xxx/CVE-2022-25266.json b/2022/25xxx/CVE-2022-25266.json index e9d74b489d4..7a50fc2cf09 100644 --- a/2022/25xxx/CVE-2022-25266.json +++ b/2022/25xxx/CVE-2022-25266.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-25266", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-25266", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Passwork On-Premise Edition before 4.6.13 allows migration/downloadExportFile Directory Traversal (to read files)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://passwork.me", + "refsource": "MISC", + "name": "https://passwork.me" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/garakh/e0e2fe6d6e234f0595dea6a8141568f2", + "url": "https://gist.github.com/garakh/e0e2fe6d6e234f0595dea6a8141568f2" } ] } diff --git a/2022/25xxx/CVE-2022-25267.json b/2022/25xxx/CVE-2022-25267.json index fd91ba6149d..6f02f70f8fa 100644 --- a/2022/25xxx/CVE-2022-25267.json +++ b/2022/25xxx/CVE-2022-25267.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-25267", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-25267", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Passwork On-Premise Edition before 4.6.13 allows migration/uploadExportFile Directory Traversal (to upload files)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://passwork.me", + "refsource": "MISC", + "name": "https://passwork.me" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/garakh/e0e2fe6d6e234f0595dea6a8141568f2", + "url": "https://gist.github.com/garakh/e0e2fe6d6e234f0595dea6a8141568f2" } ] } diff --git a/2022/25xxx/CVE-2022-25268.json b/2022/25xxx/CVE-2022-25268.json index 8f730cde90e..bcf5680121d 100644 --- a/2022/25xxx/CVE-2022-25268.json +++ b/2022/25xxx/CVE-2022-25268.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-25268", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-25268", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, password, and history subsystems." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://passwork.me", + "refsource": "MISC", + "name": "https://passwork.me" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/garakh/e0e2fe6d6e234f0595dea6a8141568f2", + "url": "https://gist.github.com/garakh/e0e2fe6d6e234f0595dea6a8141568f2" } ] } diff --git a/2022/25xxx/CVE-2022-25269.json b/2022/25xxx/CVE-2022-25269.json index 4e79a1762b4..43855c37b73 100644 --- a/2022/25xxx/CVE-2022-25269.json +++ b/2022/25xxx/CVE-2022-25269.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-25269", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-25269", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Passwork On-Premise Edition before 4.6.13 has multiple XSS issues." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://passwork.me", + "refsource": "MISC", + "name": "https://passwork.me" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/garakh/e0e2fe6d6e234f0595dea6a8141568f2", + "url": "https://gist.github.com/garakh/e0e2fe6d6e234f0595dea6a8141568f2" } ] }