diff --git a/2022/0xxx/CVE-2022-0698.json b/2022/0xxx/CVE-2022-0698.json index e60f43387b2..b50cf043b34 100644 --- a/2022/0xxx/CVE-2022-0698.json +++ b/2022/0xxx/CVE-2022-0698.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-0698", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "help@fluidattacks.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Microweber", + "version": { + "version_data": [ + { + "version_value": "1.3.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DOM-Based cross-site scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://fluidattacks.com/advisories/garrix/", + "url": "https://fluidattacks.com/advisories/garrix/" + }, + { + "refsource": "MISC", + "name": "https://github.com/microweber/microweber/", + "url": "https://github.com/microweber/microweber/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter." } ] } diff --git a/2022/32xxx/CVE-2022-32924.json b/2022/32xxx/CVE-2022-32924.json index e11bdb15a85..6c33e06b7c2 100644 --- a/2022/32xxx/CVE-2022-32924.json +++ b/2022/32xxx/CVE-2022-32924.json @@ -129,6 +129,11 @@ "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213491", "name": "https://support.apple.com/en-us/HT213491" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/170010/XNU-Dangling-PTE-Entry.html", + "url": "http://packetstormsecurity.com/files/170010/XNU-Dangling-PTE-Entry.html" } ] }, diff --git a/2022/3xxx/CVE-2022-3199.json b/2022/3xxx/CVE-2022-3199.json index c7ef3dc8975..0968ccfbad0 100644 --- a/2022/3xxx/CVE-2022-3199.json +++ b/2022/3xxx/CVE-2022-3199.json @@ -72,7 +72,12 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/170012/Chrome-blink-LocalFrameView-PerformLayout-Use-After-Free.html", + "url": "http://packetstormsecurity.com/files/170012/Chrome-blink-LocalFrameView-PerformLayout-Use-After-Free.html" } ] } -} +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3654.json b/2022/3xxx/CVE-2022-3654.json index 4ac7998a10f..fb4b293433e 100644 --- a/2022/3xxx/CVE-2022-3654.json +++ b/2022/3xxx/CVE-2022-3654.json @@ -62,7 +62,12 @@ "url": "https://crbug.com/1365330", "refsource": "MISC", "name": "https://crbug.com/1365330" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/170012/Chrome-blink-LocalFrameView-PerformLayout-Use-After-Free.html", + "url": "http://packetstormsecurity.com/files/170012/Chrome-blink-LocalFrameView-PerformLayout-Use-After-Free.html" } ] } -} +} \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41705.json b/2022/41xxx/CVE-2022-41705.json index b932633a332..521823fde83 100644 --- a/2022/41xxx/CVE-2022-41705.json +++ b/2022/41xxx/CVE-2022-41705.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41705", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "help@fluidattacks.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Badaso", + "version": { + "version_data": [ + { + "version_value": "2.6.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote command execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://fluidattacks.com/advisories/headhunterz/", + "url": "https://fluidattacks.com/advisories/headhunterz/" + }, + { + "refsource": "MISC", + "name": "https://github.com/uasoft-indonesia/badaso/", + "url": "https://github.com/uasoft-indonesia/badaso/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users." } ] } diff --git a/2022/41xxx/CVE-2022-41706.json b/2022/41xxx/CVE-2022-41706.json index 93259659118..a5df8e8b298 100644 --- a/2022/41xxx/CVE-2022-41706.json +++ b/2022/41xxx/CVE-2022-41706.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41706", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "help@fluidattacks.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Browsershot", + "version": { + "version_data": [ + { + "version_value": "3.57.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Server Side XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/spatie/browsershot/", + "url": "https://github.com/spatie/browsershot/" + }, + { + "refsource": "MISC", + "name": "https://fluidattacks.com/advisories/eminem/", + "url": "https://fluidattacks.com/advisories/eminem/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method." } ] } diff --git a/2022/41xxx/CVE-2022-41712.json b/2022/41xxx/CVE-2022-41712.json index 31f99bffee7..7e77645b216 100644 --- a/2022/41xxx/CVE-2022-41712.json +++ b/2022/41xxx/CVE-2022-41712.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41712", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "help@fluidattacks.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Frappe", + "version": { + "version_data": [ + { + "version_value": "14.10.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Lack of data validation - Path Traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://fluidattacks.com/advisories/kiniza/", + "url": "https://fluidattacks.com/advisories/kiniza/" + }, + { + "refsource": "MISC", + "name": "https://github.com/frappe/frappe/", + "url": "https://github.com/frappe/frappe/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Frappe version 14.10.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not correctly validate the information injected by the user in the import_file parameter." } ] } diff --git a/2022/42xxx/CVE-2022-42801.json b/2022/42xxx/CVE-2022-42801.json index 924b2baa09e..6ce890046db 100644 --- a/2022/42xxx/CVE-2022-42801.json +++ b/2022/42xxx/CVE-2022-42801.json @@ -129,6 +129,11 @@ "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213490", "name": "https://support.apple.com/en-us/HT213490" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/170011/XNU-vm_object-Use-After-Free.html", + "url": "http://packetstormsecurity.com/files/170011/XNU-vm_object-Use-After-Free.html" } ] }, diff --git a/2022/44xxx/CVE-2022-44858.json b/2022/44xxx/CVE-2022-44858.json index 4a1ff326840..8c2cec7e7d2 100644 --- a/2022/44xxx/CVE-2022-44858.json +++ b/2022/44xxx/CVE-2022-44858.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-44858", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-44858", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /asms/products/view_product.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/thir3een/bug_report/blob/main/vendors/oretnom23/automotive-shop-management-system/SQLi-1.md", + "url": "https://github.com/thir3een/bug_report/blob/main/vendors/oretnom23/automotive-shop-management-system/SQLi-1.md" } ] } diff --git a/2022/44xxx/CVE-2022-44859.json b/2022/44xxx/CVE-2022-44859.json index 94e31a2b127..a42ac6b5336 100644 --- a/2022/44xxx/CVE-2022-44859.json +++ b/2022/44xxx/CVE-2022-44859.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-44859", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-44859", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /asms/admin/products/manage_product.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/thir3een/bug_report/blob/main/vendors/oretnom23/automotive-shop-management-system/SQLi-2.md", + "url": "https://github.com/thir3een/bug_report/blob/main/vendors/oretnom23/automotive-shop-management-system/SQLi-2.md" } ] } diff --git a/2022/44xxx/CVE-2022-44860.json b/2022/44xxx/CVE-2022-44860.json index 4e388e31c5f..c6a8971f380 100644 --- a/2022/44xxx/CVE-2022-44860.json +++ b/2022/44xxx/CVE-2022-44860.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-44860", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-44860", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/transactions/update_status.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/thir3een/bug_report/blob/main/vendors/oretnom23/automotive-shop-management-system/SQLi-3.md", + "url": "https://github.com/thir3een/bug_report/blob/main/vendors/oretnom23/automotive-shop-management-system/SQLi-3.md" } ] } diff --git a/2022/45xxx/CVE-2022-45475.json b/2022/45xxx/CVE-2022-45475.json index d40d58b3ab2..dd0b97d03dc 100644 --- a/2022/45xxx/CVE-2022-45475.json +++ b/2022/45xxx/CVE-2022-45475.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-45475", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "help@fluidattacks.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Tiny File Manager", + "version": { + "version_data": [ + { + "version_value": "2.4.8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote command execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/prasathmani/tinyfilemanager/", + "url": "https://github.com/prasathmani/tinyfilemanager/" + }, + { + "refsource": "MISC", + "name": "https://fluidattacks.com/advisories/mosey/", + "url": "https://fluidattacks.com/advisories/mosey/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to CSRF, processes uploaded files server-side (instead of just returning them for download), and allows unauthenticated users to access uploaded files." } ] } diff --git a/2022/45xxx/CVE-2022-45476.json b/2022/45xxx/CVE-2022-45476.json index 656f409ce4f..9a65f65e33f 100644 --- a/2022/45xxx/CVE-2022-45476.json +++ b/2022/45xxx/CVE-2022-45476.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-45476", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "help@fluidattacks.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Tiny File Manager", + "version": { + "version_data": [ + { + "version_value": "2.4.8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote command execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/prasathmani/tinyfilemanager/", + "url": "https://github.com/prasathmani/tinyfilemanager/" + }, + { + "refsource": "MISC", + "name": "https://fluidattacks.com/advisories/mosey/", + "url": "https://fluidattacks.com/advisories/mosey/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to CSRF, processes uploaded files server-side (instead of just returning them for download), and allows unauthenticated users to access uploaded files." } ] }