From 7d85ec88386900cb46e070547370d553c889970c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 21 Jun 2022 13:01:52 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/2xxx/CVE-2022-2146.json | 18 ++++++++++ 2022/31xxx/CVE-2022-31302.json | 56 +++++++++++++++++++++++++++---- 2022/31xxx/CVE-2022-31303.json | 56 +++++++++++++++++++++++++++---- 2022/31xxx/CVE-2022-31306.json | 61 ++++++++++++++++++++++++++++++---- 2022/31xxx/CVE-2022-31307.json | 61 ++++++++++++++++++++++++++++++---- 2022/31xxx/CVE-2022-31373.json | 56 +++++++++++++++++++++++++++---- 2022/31xxx/CVE-2022-31374.json | 56 +++++++++++++++++++++++++++---- 2022/32xxx/CVE-2022-32414.json | 61 ++++++++++++++++++++++++++++++---- 2022/33xxx/CVE-2022-33119.json | 56 +++++++++++++++++++++++++++---- 2022/33xxx/CVE-2022-33139.json | 7 ++-- 10 files changed, 437 insertions(+), 51 deletions(-) create mode 100644 2022/2xxx/CVE-2022-2146.json diff --git a/2022/2xxx/CVE-2022-2146.json b/2022/2xxx/CVE-2022-2146.json new file mode 100644 index 00000000000..3480037515b --- /dev/null +++ b/2022/2xxx/CVE-2022-2146.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2146", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/31xxx/CVE-2022-31302.json b/2022/31xxx/CVE-2022-31302.json index e6516e1c01c..d58ef922ffa 100644 --- a/2022/31xxx/CVE-2022-31302.json +++ b/2022/31xxx/CVE-2022-31302.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-31302", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-31302", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "maccms8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/maccmspro/maccms8/issues/1", + "refsource": "MISC", + "name": "https://github.com/maccmspro/maccms8/issues/1" } ] } diff --git a/2022/31xxx/CVE-2022-31303.json b/2022/31xxx/CVE-2022-31303.json index cf7752dc406..ca4e989fba7 100644 --- a/2022/31xxx/CVE-2022-31303.json +++ b/2022/31xxx/CVE-2022-31303.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-31303", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-31303", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "maccms10 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/maccmspro/maccms10/issues/20", + "refsource": "MISC", + "name": "https://github.com/maccmspro/maccms10/issues/20" } ] } diff --git a/2022/31xxx/CVE-2022-31306.json b/2022/31xxx/CVE-2022-31306.json index f9bb53cb252..939b8b93a0a 100644 --- a/2022/31xxx/CVE-2022-31306.json +++ b/2022/31xxx/CVE-2022-31306.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-31306", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-31306", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_convert_to_slow_array at src/njs_array.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/nginx/njs/issues/481", + "refsource": "MISC", + "name": "https://github.com/nginx/njs/issues/481" + }, + { + "url": "https://github.com/nginx/njs/commit/81af26364c21c196dd21fb5e14c7fa9ce7debd17", + "refsource": "MISC", + "name": "https://github.com/nginx/njs/commit/81af26364c21c196dd21fb5e14c7fa9ce7debd17" } ] } diff --git a/2022/31xxx/CVE-2022-31307.json b/2022/31xxx/CVE-2022-31307.json index 9c194af7fd8..88358ceefe4 100644 --- a/2022/31xxx/CVE-2022-31307.json +++ b/2022/31xxx/CVE-2022-31307.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-31307", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-31307", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_string_offset at src/njs_string.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/nginx/njs/issues/482", + "refsource": "MISC", + "name": "https://github.com/nginx/njs/issues/482" + }, + { + "url": "https://github.com/nginx/njs/commit/eafe4c7a326b163612f10861392622b5da5b1792", + "refsource": "MISC", + "name": "https://github.com/nginx/njs/commit/eafe4c7a326b163612f10861392622b5da5b1792" } ] } diff --git a/2022/31xxx/CVE-2022-31373.json b/2022/31xxx/CVE-2022-31373.json index db97a9e1cce..63f3df1d152 100644 --- a/2022/31xxx/CVE-2022-31373.json +++ b/2022/31xxx/CVE-2022-31373.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-31373", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-31373", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SolarView Compact v6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Solar_AiConf.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/badboycxcc/SolarView_Compact_6.0_xss", + "refsource": "MISC", + "name": "https://github.com/badboycxcc/SolarView_Compact_6.0_xss" } ] } diff --git a/2022/31xxx/CVE-2022-31374.json b/2022/31xxx/CVE-2022-31374.json index d8222a25ee2..dc22a6d7fe7 100644 --- a/2022/31xxx/CVE-2022-31374.json +++ b/2022/31xxx/CVE-2022-31374.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-31374", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-31374", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An arbitrary file upload vulnerability /images/background/1.php in of SolarView Compact 6.0 allows attackers to execute arbitrary code via a crafted php file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/badboycxcc/SolarView_Compact_6.0_upload", + "refsource": "MISC", + "name": "https://github.com/badboycxcc/SolarView_Compact_6.0_upload" } ] } diff --git a/2022/32xxx/CVE-2022-32414.json b/2022/32xxx/CVE-2022-32414.json index 02fa5cae75d..3d4b8c4e5b8 100644 --- a/2022/32xxx/CVE-2022-32414.json +++ b/2022/32xxx/CVE-2022-32414.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-32414", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-32414", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_vmcode_interpreter at src/njs_vmcode.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/nginx/njs/issues/483", + "refsource": "MISC", + "name": "https://github.com/nginx/njs/issues/483" + }, + { + "url": "https://github.com/nginx/njs/commit/31ed93a5623f24ca94e6d47e895ba735d9d97d46", + "refsource": "MISC", + "name": "https://github.com/nginx/njs/commit/31ed93a5623f24ca94e6d47e895ba735d9d97d46" } ] } diff --git a/2022/33xxx/CVE-2022-33119.json b/2022/33xxx/CVE-2022-33119.json index c60217d1fac..84d8449f0e9 100644 --- a/2022/33xxx/CVE-2022-33119.json +++ b/2022/33xxx/CVE-2022-33119.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-33119", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-33119", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NUUO Network Video Recorder NVRsolo v03.06.02 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via login.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/badboycxcc/nuuo-xss/blob/main/README.md", + "refsource": "MISC", + "name": "https://github.com/badboycxcc/nuuo-xss/blob/main/README.md" } ] } diff --git a/2022/33xxx/CVE-2022-33139.json b/2022/33xxx/CVE-2022-33139.json index 480721a830a..a883959ef3b 100644 --- a/2022/33xxx/CVE-2022-33139.json +++ b/2022/33xxx/CVE-2022-33139.json @@ -66,15 +66,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC WinCC OA V3.16 (All versions in default configuration), SIMATIC WinCC OA V3.17 (All versions in non-default configuration), SIMATIC WinCC OA V3.18 (All versions in non-default configuration). Affected applications use client-side only authentication, when neither server-side authentication (SSA) nor Kerberos authentication is enabled.\n\nIn this configuration, attackers could impersonate other users or exploit the client-server protocol without being authenticated." + "value": "A vulnerability has been identified in SIMATIC WinCC OA V3.16 (All versions in default configuration), SIMATIC WinCC OA V3.17 (All versions in non-default configuration), SIMATIC WinCC OA V3.18 (All versions in non-default configuration). Affected applications use client-side only authentication, when neither server-side authentication (SSA) nor Kerberos authentication is enabled. In this configuration, attackers could impersonate other users or exploit the client-server protocol without being authenticated." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-111512.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-111512.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-111512.pdf" } ] }