diff --git a/2022/43xxx/CVE-2022-43543.json b/2022/43xxx/CVE-2022-43543.json index 94ff6a0c687..9151e65c127 100644 --- a/2022/43xxx/CVE-2022-43543.json +++ b/2022/43xxx/CVE-2022-43543.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-43543", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "KDDI CORPORATION, NTT DOCOMO, INC., and SoftBank Corp.", + "product": { + "product_data": [ + { + "product_name": "KDDI +Message App for Android and for iOS, NTT DOCOMO +Message App for Android and for iOS, and SoftBank +Message App for Android and for iOS", + "version": { + "version_data": [ + { + "version_value": "KDDI +Message App for Android prior to version 3.9.2 and +Message App for iOS prior to version 3.9.4, NTT DOCOMO +Message App for Android prior to version 54.49.0500 and +Message App for iOS prior to version 3.9.4, and SoftBank +Message App for Android prior to version 12.9.5 and +Message App for iOS prior to version 3.9.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "User Interface (UI) Misrepresentation of Critical Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.au.com/mobile/service/plus-message/information/" + }, + { + "url": "https://www.docomo.ne.jp/service/plus_message/" + }, + { + "url": "https://www.softbank.jp/mobile/service/plus-message/" + }, + { + "url": "https://jvn.jp/en/jp/JVN43561812/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "KDDI +Message App, NTT DOCOMO +Message App, and SoftBank +Message App contain a vulnerability caused by improper handling of Unicode control characters. +Message App displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode control character's specifications. Therefore, a crafted text may display misleading web links. As a result, a spoofed URL may be displayed and phishing attacks may be conducted. Affected products and versions are as follows: KDDI +Message App for Android prior to version 3.9.2 and +Message App for iOS prior to version 3.9.4, NTT DOCOMO +Message App for Android prior to version 54.49.0500 and +Message App for iOS prior to version 3.9.4, and SoftBank +Message App for Android prior to version 12.9.5 and +Message App for iOS prior to version 3.9.4" } ] } diff --git a/2022/44xxx/CVE-2022-44449.json b/2022/44xxx/CVE-2022-44449.json index 6b648009c0d..115bd58b936 100644 --- a/2022/44xxx/CVE-2022-44449.json +++ b/2022/44xxx/CVE-2022-44449.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-44449", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Zenphoto", + "product": { + "product_data": [ + { + "product_name": "Zenphoto", + "version": { + "version_data": [ + { + "version_value": "versions prior to 1.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/zenphoto/zenphoto" + }, + { + "url": "https://www.zenphoto.org/" + }, + { + "url": "https://jvn.jp/en/jp/JVN06093462/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Stored cross-site scripting vulnerability in Zenphoto versions prior to 1.6 allows remote a remote authenticated attacker with an administrative privilege to inject an arbitrary script." } ] } diff --git a/2022/46xxx/CVE-2022-46282.json b/2022/46xxx/CVE-2022-46282.json index 8a5ff96e1aa..720c067af0f 100644 --- a/2022/46xxx/CVE-2022-46282.json +++ b/2022/46xxx/CVE-2022-46282.json @@ -4,14 +4,55 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-46282", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OMRON Corporation", + "product": { + "product_data": [ + { + "product_name": "CX-Drive", + "version": { + "version_data": [ + { + "version_value": "V3.00 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jvn.jp/en/vu/JVNVU92689335/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free vulnerability in CX-Drive V3.00 and earlier allows a local attacker to execute arbitrary code by having a user to open a specially crafted file," } ] } diff --git a/2022/46xxx/CVE-2022-46330.json b/2022/46xxx/CVE-2022-46330.json index 4ab766503c6..18019844820 100644 --- a/2022/46xxx/CVE-2022-46330.json +++ b/2022/46xxx/CVE-2022-46330.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-46330", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Squirrel", + "product": { + "product_data": [ + { + "product_name": "Installers generated by Squirrel.Windows", + "version": { + "version_data": [ + { + "version_value": "2.0.1 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Uncontrolled Search Path Element" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Squirrel/Squirrel.Windows/pull/1807" + }, + { + "url": "https://github.com/Squirrel/Squirrel.Windows" + }, + { + "url": "https://jvn.jp/en/jp/JVN29902403/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Squirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications. Installers generated by Squirrel.Windows 2.0.1 and earlier contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer." } ] } diff --git a/2022/46xxx/CVE-2022-46662.json b/2022/46xxx/CVE-2022-46662.json index 346a7374b12..f706433a106 100644 --- a/2022/46xxx/CVE-2022-46662.json +++ b/2022/46xxx/CVE-2022-46662.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-46662", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Corel Corporation", + "product": { + "product_data": [ + { + "product_name": "Roxio Creator LJB", + "version": { + "version_data": [ + { + "version_value": "version number 12.2 build number 106B62B, version number 12.2 build number 106B63A, version number 12.2 build number 106B69A, version number 12.2 build number 106B71A, and version number 12.2 build number 106B74A" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unquoted Search Path or Element" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://kb.corel.com/jp/129393" + }, + { + "url": "https://jvn.jp/en/jp/JVN13075438/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Roxio Creator LJB starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service. The affected product and versions are as follows: Roxio Creator LJB version number 12.2 build number 106B62B, version number 12.2 build number 106B63A, version number 12.2 build number 106B69A, version number 12.2 build number 106B71A, and version number 12.2 build number 106B74A)" } ] }