diff --git a/2020/36xxx/CVE-2020-36521.json b/2020/36xxx/CVE-2020-36521.json index 82d19aad871..83cedf3ecdb 100644 --- a/2020/36xxx/CVE-2020-36521.json +++ b/2020/36xxx/CVE-2020-36521.json @@ -4,14 +4,139 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-36521", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iTunes for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.10" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "14.0" + } + ] + } + }, + { + "product_name": "iCloud for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.4" + } + ] + } + }, + { + "product_name": "iCloud for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "7.21" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "7.0" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "14.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211843", + "name": "https://support.apple.com/en-us/HT211843" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211850", + "name": "https://support.apple.com/en-us/HT211850" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211844", + "name": "https://support.apple.com/en-us/HT211844" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211952", + "name": "https://support.apple.com/en-us/HT211952" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211847", + "name": "https://support.apple.com/en-us/HT211847" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT211846", + "name": "https://support.apple.com/en-us/HT211846" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in iCloud for Windows 11.4, iOS 14.0 and iPadOS 14.0, watchOS 7.0, tvOS 14.0, iCloud for Windows 7.21, iTunes for Windows 12.10.9. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents." } ] } diff --git a/2022/22xxx/CVE-2022-22610.json b/2022/22xxx/CVE-2022-22610.json index d4255562d02..b41446ff511 100644 --- a/2022/22xxx/CVE-2022-22610.json +++ b/2022/22xxx/CVE-2022-22610.json @@ -4,14 +4,123 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22610", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "Safari", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.4" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.4" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.3" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.4" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing maliciously crafted web content may lead to code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213182", + "name": "https://support.apple.com/en-us/HT213182" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213193", + "name": "https://support.apple.com/en-us/HT213193" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213183", + "name": "https://support.apple.com/en-us/HT213183" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213186", + "name": "https://support.apple.com/en-us/HT213186" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213187", + "name": "https://support.apple.com/en-us/HT213187" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to code execution." } ] } diff --git a/2022/22xxx/CVE-2022-22624.json b/2022/22xxx/CVE-2022-22624.json index 9b06c053258..d40f6205af9 100644 --- a/2022/22xxx/CVE-2022-22624.json +++ b/2022/22xxx/CVE-2022-22624.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22624", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "Safari", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.4" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.4" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.3" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing maliciously crafted web content may lead to arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213182", + "name": "https://support.apple.com/en-us/HT213182" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213183", + "name": "https://support.apple.com/en-us/HT213183" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213186", + "name": "https://support.apple.com/en-us/HT213186" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213187", + "name": "https://support.apple.com/en-us/HT213187" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution." } ] } diff --git a/2022/22xxx/CVE-2022-22628.json b/2022/22xxx/CVE-2022-22628.json index 333d0d2a7d9..650a3089134 100644 --- a/2022/22xxx/CVE-2022-22628.json +++ b/2022/22xxx/CVE-2022-22628.json @@ -4,14 +4,123 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22628", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "Safari", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.4" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.4" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.3" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.4" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing maliciously crafted web content may lead to arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213182", + "name": "https://support.apple.com/en-us/HT213182" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213193", + "name": "https://support.apple.com/en-us/HT213193" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213183", + "name": "https://support.apple.com/en-us/HT213183" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213186", + "name": "https://support.apple.com/en-us/HT213186" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213187", + "name": "https://support.apple.com/en-us/HT213187" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution." } ] } diff --git a/2022/22xxx/CVE-2022-22637.json b/2022/22xxx/CVE-2022-22637.json index 526751f5659..96b11d5a2dd 100644 --- a/2022/22xxx/CVE-2022-22637.json +++ b/2022/22xxx/CVE-2022-22637.json @@ -4,14 +4,123 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22637", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "Safari", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.4" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.4" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.3" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.4" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious website may cause unexpected cross-origin behavior" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213182", + "name": "https://support.apple.com/en-us/HT213182" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213193", + "name": "https://support.apple.com/en-us/HT213193" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213183", + "name": "https://support.apple.com/en-us/HT213183" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213186", + "name": "https://support.apple.com/en-us/HT213186" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213187", + "name": "https://support.apple.com/en-us/HT213187" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. A malicious website may cause unexpected cross-origin behavior." } ] } diff --git a/2022/26xxx/CVE-2022-26700.json b/2022/26xxx/CVE-2022-26700.json index 30d36434ef7..55375f843e3 100644 --- a/2022/26xxx/CVE-2022-26700.json +++ b/2022/26xxx/CVE-2022-26700.json @@ -4,14 +4,123 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-26700", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.6" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing maliciously crafted web content may lead to code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213258", + "name": "https://support.apple.com/en-us/HT213258" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213253", + "name": "https://support.apple.com/en-us/HT213253" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213254", + "name": "https://support.apple.com/en-us/HT213254" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213257", + "name": "https://support.apple.com/en-us/HT213257" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213260", + "name": "https://support.apple.com/en-us/HT213260" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution." } ] } diff --git a/2022/26xxx/CVE-2022-26707.json b/2022/26xxx/CVE-2022-26707.json index 59becf0305d..a9d082ce290 100644 --- a/2022/26xxx/CVE-2022-26707.json +++ b/2022/26xxx/CVE-2022-26707.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-26707", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A user may be able to view sensitive user information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213257", + "name": "https://support.apple.com/en-us/HT213257" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the handling of environment variables was addressed with improved validation. This issue is fixed in macOS Monterey 12.4. A user may be able to view sensitive user information." } ] } diff --git a/2022/28xxx/CVE-2022-28886.json b/2022/28xxx/CVE-2022-28886.json index 9c7fc3132d4..15640231e42 100644 --- a/2022/28xxx/CVE-2022-28886.json +++ b/2022/28xxx/CVE-2022-28886.json @@ -1,18 +1,97 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-notifications-us@f-secure.com", "ID": "CVE-2022-28886", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Denial-of-Service (DoS) Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "All F-Secure and WithSecure Endpoint Protection products for Windows running 32 bit operating system. F-Secure Linux Security 32 F-Secure Internet Gatekeeper", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All Version " + } + ] + } + } + ] + }, + "vendor_name": "F-Secure and WithSecure" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.so/aerdl.dll may go into an infinite loop when unpacking PE files. It is possible that this can crash the scanning engine" } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service Vulnerability " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories", + "name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories" + }, + { + "refsource": "MISC", + "url": "https://www.withsecure.com/en/support/security-advisories", + "name": "https://www.withsecure.com/en/support/security-advisories" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-09-13_07" + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/30xxx/CVE-2022-30124.json b/2022/30xxx/CVE-2022-30124.json index db3e1c0e485..a01cc15c9b7 100644 --- a/2022/30xxx/CVE-2022-30124.json +++ b/2022/30xxx/CVE-2022-30124.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-30124", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Rocket.Chat Mobile app", + "version": { + "version_data": [ + { + "version_value": "4.14.1.22788 iOS/Android" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authentication - Generic (CWE-287)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/1126414", + "url": "https://hackerone.com/reports/1126414" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper authentication vulnerability exists in Rocket.Chat Mobile App <4.14.1.22788 that allowed an attacker with physical access to a mobile device to bypass local authentication (PIN code)." } ] } diff --git a/2022/32xxx/CVE-2022-32211.json b/2022/32xxx/CVE-2022-32211.json index 8a70dded466..780acc7284b 100644 --- a/2022/32xxx/CVE-2022-32211.json +++ b/2022/32xxx/CVE-2022-32211.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-32211", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Rocket.Chat", + "version": { + "version_data": [ + { + "version_value": "Fixed in 3.18.6, 4.4.4 and 4.7.3>" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection (CWE-89)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/1581059", + "url": "https://hackerone.com/reports/1581059" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A SQL injection vulnerability exists in Rocket.Chat " + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cleartext Storage of Sensitive Information (CWE-312)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/1394399", + "url": "https://hackerone.com/reports/1394399" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cleartext storage of sensitive information exists in Rocket.Chat " + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure (CWE-200)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/1406953", + "url": "https://hackerone.com/reports/1406953" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An information disclosure vulnerability exists in Rocket.Chat " + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure (CWE-200)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/1140631", + "url": "https://hackerone.com/reports/1140631" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An information disclosure vulnerability exists in Rocket.Chat " + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure (CWE-200)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/1410246", + "url": "https://hackerone.com/reports/1410246" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An information disclosure vulnerability exists in Rocket.Chat " + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure (CWE-200)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/1446767", + "url": "https://hackerone.com/reports/1446767" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A information disclosure vulnerability exists in Rockert.Chat " + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure (CWE-200)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/1458020", + "url": "https://hackerone.com/reports/1458020" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat " + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure (CWE-200)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/1447440", + "url": "https://hackerone.com/reports/1447440" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A information disclosure vulnerability exists in Rocket.chat " + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authentication - Generic (CWE-287)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/1448268", + "url": "https://hackerone.com/reports/1448268" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A improper authentication vulnerability exists in Rocket.Chat " + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure (CWE-200)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/1410246", + "url": "https://hackerone.com/reports/1410246" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A information disclosure vulnerability exists in Rocket.Chat " + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation (CAPEC-233)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/917946", + "url": "https://hackerone.com/reports/917946" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A privilege escalation vulnerability exists in Rocket.chat " + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Stored (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/1401268", + "url": "https://hackerone.com/reports/1401268" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting vulnerability exists in Rocket.chat =", + "version_name": "EN6200-PRIME QUAD-35", + "version_value": "19.1.1" + }, + { + "version_affected": "<=", + "version_name": "EN6200-PRIME QUAD-35", + "version_value": "22.20.1" + }, + { + "version_affected": ">=", + "version_name": "EN6200-PRIME QUAD-100", + "version_value": "19.1.1" + }, + { + "version_affected": "<=", + "version_name": "EN6200-PRIME QUAD-100", + "version_value": "22.20.1" + } + ] + } + } + ] + }, + "vendor_name": "Tacitine" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "This vulnerability is reported by Sreedev Kumar from Crowe India" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 (inclusive), due to improper session management in the Tacitine Firewall web-based management interface. An unauthenticated remote attacker could exploit this vulnerability by sending a specially crafted http request on the targeted device. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to perform session fixation on the targeted device." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-384 Session Fixation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2022-0363", + "name": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2022-0363" + }, + { + "refsource": "MISC", + "url": "https://tacitine.com/newdownload/CVE-2022-40630.pdf", + "name": "https://tacitine.com/newdownload/CVE-2022-40630.pdf" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update Tacitine Firewall to latest software version 22.21.2" + } + ], + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file