diff --git a/2021/35xxx/CVE-2021-35036.json b/2021/35xxx/CVE-2021-35036.json index 5b15fa7118d..1b68165bb3c 100644 --- a/2021/35xxx/CVE-2021-35036.json +++ b/2021/35xxx/CVE-2021-35036.json @@ -3,66 +3,15 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "security@zyxel.com.tw", "ID": "CVE-2021-35036", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Zyxel", - "product": { - "product_data": [ - { - "product_name": "NWA1100-NH firmware", - "version": { - "version_data": [ - { - "version_value": "2.12(AASI.0)C0" - } - ] - } - } - ] - } - } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "name": "https://www.zyxel.com/support/OS-command-injection-vulnerability-of-NWA1100-NH-access-point.shtml", - "url": "https://www.zyxel.com/support/OS-command-injection-vulnerability-of-NWA1100-NH-access-point.shtml" - } - ] - }, - "impact": { - "cvss": { - "baseScore": "9.8", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version": "3.1" - } + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA due to lack of a reference providing provenance. Notes: none." } ] } diff --git a/2021/46xxx/CVE-2021-46388.json b/2021/46xxx/CVE-2021-46388.json index 2299795b660..c2123c9c889 100644 --- a/2021/46xxx/CVE-2021-46388.json +++ b/2021/46xxx/CVE-2021-46388.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "info@cert.vde.com", "ID": "CVE-2021-46388", "STATE": "PUBLIC" }, @@ -11,18 +11,18 @@ "product": { "product_data": [ { - "product_name": "n/a", + "product_name": "WAGO 750-8212 PFC200 G2 2ETH RS", "version": { "version_data": [ { - "version_value": "n/a" + "version_value": "Frimware version: 03.05.10(17)" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name": "Wago" } ] } @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "WAGO 750-8212 PFC200 G2 2ETH RS Firmware version 03.05.10(17) is affected by a privilege escalation vulnerability. Improper handling of user cookies leads to escalating privileges to administrative account of the router." + "value": "** DISPUTED ** WAGO 750-8212 PFC200 G2 2ETH RS Firmware version 03.05.10(17) is affected by a privilege escalation vulnerability. Improper handling of user cookies leads to escalating privileges to administrative account of the router. NOTE: analysis by a security team (on behalf of the vendor) indicates that an attacker could only view data that is already publicly available, could not modify data, and could not obtain other access or interfere with the operation of the device." } ] }, @@ -44,7 +44,7 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "Privilege Escalation" } ] } diff --git a/2022/0xxx/CVE-2022-0819.json b/2022/0xxx/CVE-2022-0819.json index 9b9d59c8006..c6d59ae533c 100644 --- a/2022/0xxx/CVE-2022-0819.json +++ b/2022/0xxx/CVE-2022-0819.json @@ -1,89 +1,89 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2022-0819", - "STATE": "PUBLIC", - "TITLE": " Code Injection in dolibarr/dolibarr" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "dolibarr/dolibarr", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "15.0.1" - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2022-0819", + "STATE": "PUBLIC", + "TITLE": " Code Injection in dolibarr/dolibarr" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "dolibarr/dolibarr", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.0.1" + } + ] + } + } + ] + }, + "vendor_name": "dolibarr" } - } ] - }, - "vendor_name": "dolibarr" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": " Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 7.2, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "HIGH", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-94 Improper Control of Generation of Code" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/b03d4415-d4f9-48c8-9ae2-d3aa248027b5", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/b03d4415-d4f9-48c8-9ae2-d3aa248027b5" - }, - { - "name": "https://github.com/dolibarr/dolibarr/commit/2a48dd349e7de0d4a38e448b0d2ecbe25e968075", - "refsource": "MISC", - "url": "https://github.com/dolibarr/dolibarr/commit/2a48dd349e7de0d4a38e448b0d2ecbe25e968075" - } - ] - }, - "source": { - "advisory": "b03d4415-d4f9-48c8-9ae2-d3aa248027b5", - "discovery": "EXTERNAL" - } + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94 Improper Control of Generation of Code" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/b03d4415-d4f9-48c8-9ae2-d3aa248027b5", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/b03d4415-d4f9-48c8-9ae2-d3aa248027b5" + }, + { + "name": "https://github.com/dolibarr/dolibarr/commit/2a48dd349e7de0d4a38e448b0d2ecbe25e968075", + "refsource": "MISC", + "url": "https://github.com/dolibarr/dolibarr/commit/2a48dd349e7de0d4a38e448b0d2ecbe25e968075" + } + ] + }, + "source": { + "advisory": "b03d4415-d4f9-48c8-9ae2-d3aa248027b5", + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0834.json b/2022/0xxx/CVE-2022-0834.json new file mode 100644 index 00000000000..9d2fb03125a --- /dev/null +++ b/2022/0xxx/CVE-2022-0834.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-0834", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/26xxx/CVE-2022-26353.json b/2022/26xxx/CVE-2022-26353.json new file mode 100644 index 00000000000..77fb0925c4c --- /dev/null +++ b/2022/26xxx/CVE-2022-26353.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-26353", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/26xxx/CVE-2022-26354.json b/2022/26xxx/CVE-2022-26354.json new file mode 100644 index 00000000000..0bb96af52ed --- /dev/null +++ b/2022/26xxx/CVE-2022-26354.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-26354", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file