diff --git a/2022/38xxx/CVE-2022-38873.json b/2022/38xxx/CVE-2022-38873.json index 643ca8fc5af..879b58cba44 100644 --- a/2022/38xxx/CVE-2022-38873.json +++ b/2022/38xxx/CVE-2022-38873.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-38873", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-38873", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "D-Link devices DAP-2310 v2.10rc036 and earlier, DAP-2330 v1.06rc020 and earlier, DAP-2360 v2.10rc050 and earlier, DAP-2553 v3.10rc031 and earlier, DAP-2660 v1.15rc093 and earlier, DAP-2690 v3.20rc106 and earlier, DAP-2695 v1.20rc119_beta31 and earlier, DAP-3320 v1.05rc027 beta and earlier, DAP-3662 v1.05rc047 and earlier allows attackers to cause a Denial of Service (DoS) via uploading a crafted firmware after modifying the firmware header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.dlink.com/en/security-bulletin/", + "refsource": "MISC", + "name": "https://www.dlink.com/en/security-bulletin/" + }, + { + "url": "https://github.com/Yuhao-W/BUG--D-Link--Firmware-Update-Vulnerabilities/blob/main/README.md", + "refsource": "MISC", + "name": "https://github.com/Yuhao-W/BUG--D-Link--Firmware-Update-Vulnerabilities/blob/main/README.md" } ] } diff --git a/2022/39xxx/CVE-2022-39304.json b/2022/39xxx/CVE-2022-39304.json index f97715fa4ed..ff4e4e1a8ed 100644 --- a/2022/39xxx/CVE-2022-39304.json +++ b/2022/39xxx/CVE-2022-39304.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-39304", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ghinstallation provides transport, which implements http.RoundTripper to provide authentication as an installation for GitHub Apps. In ghinstallation version 1, when the request to refresh an installation token failed, the HTTP request and response would be returned for debugging. The request contained the bearer JWT for the App, and was returned back to clients. This token is short lived (10 minute maximum). This issue has been patched and is available in version 2.0.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-209: Generation of Error Message Containing Sensitive Information", + "cweId": "CWE-209" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "bradleyfalzon", + "product": { + "product_data": [ + { + "product_name": "ghinstallation", + "version": { + "version_data": [ + { + "version_value": "< 2.0.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/bradleyfalzon/ghinstallation/security/advisories/GHSA-h4q8-96p6-jcgr", + "refsource": "MISC", + "name": "https://github.com/bradleyfalzon/ghinstallation/security/advisories/GHSA-h4q8-96p6-jcgr" + }, + { + "url": "https://github.com/bradleyfalzon/ghinstallation/commit/d24f14f8be70d94129d76026e8b0f4f9170c8c3e", + "refsource": "MISC", + "name": "https://github.com/bradleyfalzon/ghinstallation/commit/d24f14f8be70d94129d76026e8b0f4f9170c8c3e" + }, + { + "url": "https://docs.github.com/en/developers/apps/building-github-apps/authenticating-with-github-apps#authenticating-as-an-installation", + "refsource": "MISC", + "name": "https://docs.github.com/en/developers/apps/building-github-apps/authenticating-with-github-apps#authenticating-as-an-installation" + }, + { + "url": "https://github.com/bradleyfalzon/ghinstallation/blob/24e56b3fb7669f209134a01eff731d7e2ef72a5c/transport.go#L172-L174", + "refsource": "MISC", + "name": "https://github.com/bradleyfalzon/ghinstallation/blob/24e56b3fb7669f209134a01eff731d7e2ef72a5c/transport.go#L172-L174" + } + ] + }, + "source": { + "advisory": "GHSA-h4q8-96p6-jcgr", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L", + "version": "3.1" } ] } diff --git a/2022/46xxx/CVE-2022-46139.json b/2022/46xxx/CVE-2022-46139.json index 947029ede4c..1e23f8497d1 100644 --- a/2022/46xxx/CVE-2022-46139.json +++ b/2022/46xxx/CVE-2022-46139.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-46139", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-46139", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TP-Link TL-WR940N V4 3.16.9 and earlier allows authenticated attackers to cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/HJH7LSZPj", + "refsource": "MISC", + "name": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/HJH7LSZPj" } ] } diff --git a/2022/46xxx/CVE-2022-46422.json b/2022/46xxx/CVE-2022-46422.json index b9a1c772e14..2abae5805c1 100644 --- a/2022/46xxx/CVE-2022-46422.json +++ b/2022/46xxx/CVE-2022-46422.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-46422", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-46422", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in Netgear WNR2000 v1 1.2.3.7 and earlier allows authenticated attackers to cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.netgear.com/about/security/", + "refsource": "MISC", + "name": "https://www.netgear.com/about/security/" + }, + { + "url": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/B1bFKBWwi", + "refsource": "MISC", + "name": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/B1bFKBWwi" } ] } diff --git a/2022/46xxx/CVE-2022-46423.json b/2022/46xxx/CVE-2022-46423.json index 78d7856c198..c99ece11f13 100644 --- a/2022/46xxx/CVE-2022-46423.json +++ b/2022/46xxx/CVE-2022-46423.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-46423", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-46423", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable firmware modification vulnerability was discovered on the Netgear WNR2000v1 router. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service (DoS). This affects v1.2.3.7 and earlier." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.netgear.com/about/security/", + "refsource": "MISC", + "name": "https://www.netgear.com/about/security/" + }, + { + "url": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/BktKl8ZDo", + "refsource": "MISC", + "name": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/BktKl8ZDo" } ] } diff --git a/2022/46xxx/CVE-2022-46424.json b/2022/46xxx/CVE-2022-46424.json index fb852d79679..9e560381ea0 100644 --- a/2022/46xxx/CVE-2022-46424.json +++ b/2022/46xxx/CVE-2022-46424.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-46424", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-46424", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable firmware modification vulnerability was discovered on the Netgear XWN5001 Powerline 500 WiFi Access Point. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service (DoS). This affects v0.4.1.1 and earlier." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.netgear.com/about/security/", + "refsource": "MISC", + "name": "https://www.netgear.com/about/security/" + }, + { + "url": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/B1rKQuzDj", + "refsource": "MISC", + "name": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/B1rKQuzDj" } ] } diff --git a/2022/46xxx/CVE-2022-46428.json b/2022/46xxx/CVE-2022-46428.json index 451b42c960d..110a47c768d 100644 --- a/2022/46xxx/CVE-2022-46428.json +++ b/2022/46xxx/CVE-2022-46428.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-46428", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-46428", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TP-Link TL-WR1043ND V1 3.13.15 and earlier allows authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.tp-link.com/us/press/security-advisory/", + "refsource": "MISC", + "name": "https://www.tp-link.com/us/press/security-advisory/" + }, + { + "url": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/S1hP34Hvj", + "refsource": "MISC", + "name": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/S1hP34Hvj" } ] } diff --git a/2022/46xxx/CVE-2022-46430.json b/2022/46xxx/CVE-2022-46430.json index d941e3e818c..3e3b9ec9176 100644 --- a/2022/46xxx/CVE-2022-46430.json +++ b/2022/46xxx/CVE-2022-46430.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-46430", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-46430", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TP-Link TL-WR740N V1 and V2 v3.12.4 and earlier allows authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.tp-link.com/us/press/security-advisory/", + "refsource": "MISC", + "name": "https://www.tp-link.com/us/press/security-advisory/" + }, + { + "url": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/BJxlw2Pwi", + "refsource": "MISC", + "name": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/BJxlw2Pwi" } ] } diff --git a/2022/46xxx/CVE-2022-46432.json b/2022/46xxx/CVE-2022-46432.json index 6b825d704ef..8457399e4c8 100644 --- a/2022/46xxx/CVE-2022-46432.json +++ b/2022/46xxx/CVE-2022-46432.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-46432", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-46432", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable firmware modification vulnerability was discovered on TP-Link TL-WR743ND V1. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service (DoS). This affects v3.12.20 and earlier." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.tp-link.com/us/press/security-advisory/", + "refsource": "MISC", + "name": "https://www.tp-link.com/us/press/security-advisory/" + }, + { + "url": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/B1Vgv1uwo", + "refsource": "MISC", + "name": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/B1Vgv1uwo" } ] } diff --git a/2022/46xxx/CVE-2022-46434.json b/2022/46xxx/CVE-2022-46434.json index b5c0419682c..d40bcccacf5 100644 --- a/2022/46xxx/CVE-2022-46434.json +++ b/2022/46xxx/CVE-2022-46434.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-46434", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-46434", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the firmware update process of TP-Link TL-WA7510N v1 v3.12.6 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.tp-link.com/us/press/security-advisory/", + "refsource": "MISC", + "name": "https://www.tp-link.com/us/press/security-advisory/" + }, + { + "url": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/rJl69Icws", + "refsource": "MISC", + "name": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/rJl69Icws" } ] } diff --git a/2022/46xxx/CVE-2022-46435.json b/2022/46xxx/CVE-2022-46435.json index 96281babe6e..630fa27553f 100644 --- a/2022/46xxx/CVE-2022-46435.json +++ b/2022/46xxx/CVE-2022-46435.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-46435", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-46435", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the firmware update process of TP-Link TL-WR941ND V2/V3 up to 3.13.9 and TL-WR941ND V4 up to 3.12.8 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.tp-link.com/us/press/security-advisory/", + "refsource": "MISC", + "name": "https://www.tp-link.com/us/press/security-advisory/" + }, + { + "url": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/SyvnlO9Pi", + "refsource": "MISC", + "name": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/SyvnlO9Pi" } ] } diff --git a/2022/46xxx/CVE-2022-46771.json b/2022/46xxx/CVE-2022-46771.json index 371f419d079..4adc2257a7b 100644 --- a/2022/46xxx/CVE-2022-46771.json +++ b/2022/46xxx/CVE-2022-46771.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-46771", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 242273." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "UrbanCode Deploy (UCD)", + "version": { + "version_data": [ + { + "version_value": "6.2.0.0", + "version_affected": "=" + }, + { + "version_value": "7.0.5.0", + "version_affected": "=" + }, + { + "version_value": "7.1.0.0", + "version_affected": "=" + }, + { + "version_value": "7.2.0.0", + "version_affected": "=" + }, + { + "version_value": "7.3.0.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6848897", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/6848897" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/242273", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/242273" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2022/46xxx/CVE-2022-46910.json b/2022/46xxx/CVE-2022-46910.json index 71ceea4788d..45bfe658b9d 100644 --- a/2022/46xxx/CVE-2022-46910.json +++ b/2022/46xxx/CVE-2022-46910.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-46910", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-46910", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the firmware update process of TP-Link TL-WA901ND V1 up to v3.11.2 and TL-WA901N V2 up to v3.12.16 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.tp-link.com/us/press/security-advisory/", + "refsource": "MISC", + "name": "https://www.tp-link.com/us/press/security-advisory/" + }, + { + "url": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/BkwzORiDo", + "refsource": "MISC", + "name": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/BkwzORiDo" } ] } diff --git a/2022/46xxx/CVE-2022-46912.json b/2022/46xxx/CVE-2022-46912.json index 9675d7c72bb..66f471edf89 100644 --- a/2022/46xxx/CVE-2022-46912.json +++ b/2022/46xxx/CVE-2022-46912.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-46912", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-46912", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the firmware update process of TP-Link TL-WR841N / TL-WA841ND V7 3.13.9 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.tp-link.com/us/press/security-advisory/", + "refsource": "MISC", + "name": "https://www.tp-link.com/us/press/security-advisory/" + }, + { + "url": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/Sk6sfbTPi", + "refsource": "MISC", + "name": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/Sk6sfbTPi" } ] } diff --git a/2022/46xxx/CVE-2022-46914.json b/2022/46xxx/CVE-2022-46914.json index 990b0addf58..39096ee4281 100644 --- a/2022/46xxx/CVE-2022-46914.json +++ b/2022/46xxx/CVE-2022-46914.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-46914", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-46914", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the firmware update process of TP-LINK TL-WA801N / TL-WA801ND V1 v3.12.16 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.tp-link.com/us/press/security-advisory/", + "refsource": "MISC", + "name": "https://www.tp-link.com/us/press/security-advisory/" + }, + { + "url": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/BJ4czlpwi", + "refsource": "MISC", + "name": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/BJ4czlpwi" } ] }