diff --git a/2022/34xxx/CVE-2022-34906.json b/2022/34xxx/CVE-2022-34906.json index d6398653de7..20d3c9bf5e2 100644 --- a/2022/34xxx/CVE-2022-34906.json +++ b/2022/34xxx/CVE-2022-34906.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-34906", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-34906", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A hard-coded cryptographic key is used in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitation could allow an unauthenticated actor to decrypt sensitive information saved in FileWave, and even send crafted requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://kb.filewave.com/pages/viewpage.action?pageId=55544244", + "refsource": "MISC", + "name": "https://kb.filewave.com/pages/viewpage.action?pageId=55544244" + }, + { + "refsource": "MISC", + "name": "https://claroty.com/2022/07/25/blog-research-with-management-comes-risk-finding-flaws-in-filewave-mdm/", + "url": "https://claroty.com/2022/07/25/blog-research-with-management-comes-risk-finding-flaws-in-filewave-mdm/" } ] } diff --git a/2022/34xxx/CVE-2022-34907.json b/2022/34xxx/CVE-2022-34907.json index 1da8a950600..99c7282770c 100644 --- a/2022/34xxx/CVE-2022-34907.json +++ b/2022/34xxx/CVE-2022-34907.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-34907", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-34907", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An authentication bypass vulnerability exists in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitation could allow an unauthenticated actor to gain access to the system with the highest authority possible and gain full control over the FileWave platform." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://kb.filewave.com/pages/viewpage.action?pageId=55544244", + "refsource": "MISC", + "name": "https://kb.filewave.com/pages/viewpage.action?pageId=55544244" + }, + { + "refsource": "MISC", + "name": "https://claroty.com/2022/07/25/blog-research-with-management-comes-risk-finding-flaws-in-filewave-mdm/", + "url": "https://claroty.com/2022/07/25/blog-research-with-management-comes-risk-finding-flaws-in-filewave-mdm/" } ] } diff --git a/2022/35xxx/CVE-2022-35131.json b/2022/35xxx/CVE-2022-35131.json index 1ad01b1d2bd..2e02c2b88e7 100644 --- a/2022/35xxx/CVE-2022-35131.json +++ b/2022/35xxx/CVE-2022-35131.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-35131", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-35131", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Joplin v2.8.8 allows attackers to execute arbitrary commands via a crafted payload injected into the Node titles." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://joplin.com", + "refsource": "MISC", + "name": "http://joplin.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/ly1g3/Joplin-CVE-2022-35131", + "url": "https://github.com/ly1g3/Joplin-CVE-2022-35131" + }, + { + "refsource": "MISC", + "name": "https://github.com/laurent22/joplin/releases/tag/v2.9.1", + "url": "https://github.com/laurent22/joplin/releases/tag/v2.9.1" } ] }