diff --git a/2021/24xxx/CVE-2021-24762.json b/2021/24xxx/CVE-2021-24762.json index 0011eb19494..5d311209196 100644 --- a/2021/24xxx/CVE-2021-24762.json +++ b/2021/24xxx/CVE-2021-24762.json @@ -13,21 +13,23 @@ "vendor": { "vendor_data": [ { + "vendor_name": "Unknown", "product": { "product_data": [ { - "product_name": "n/a", + "product_name": "Perfect Survey", "version": { "version_data": [ { - "version_value": "n/a" + "version_affected": "<", + "version_name": "1.5.2", + "version_value": "1.5.2" } ] } } ] - }, - "vendor_name": "n/a" + } } ] } @@ -46,6 +48,11 @@ "refsource": "MISC", "url": "https://wpscan.com/vulnerability/c1620905-7c31-4e62-80f5-1d9635be11ad", "name": "https://wpscan.com/vulnerability/c1620905-7c31-4e62-80f5-1d9635be11ad" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/166072/WordPress-Perfect-Survey-1.5.1-SQL-Injection.html", + "url": "http://packetstormsecurity.com/files/166072/WordPress-Perfect-Survey-1.5.1-SQL-Injection.html" } ] }, @@ -54,8 +61,8 @@ { "description": [ { - "lang": "eng", - "value": "n/a" + "value": "CWE-89 SQL Injection", + "lang": "eng" } ] } diff --git a/2021/25xxx/CVE-2021-25076.json b/2021/25xxx/CVE-2021-25076.json index 1c4073af344..df6193dc388 100644 --- a/2021/25xxx/CVE-2021-25076.json +++ b/2021/25xxx/CVE-2021-25076.json @@ -1,80 +1,85 @@ { - "CVE_data_meta": { - "ID": "CVE-2021-25076", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "WP User Frontend < 3.5.26 - SQL Injection to Reflected Cross-Site Scripting" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "WP User Frontend – Membership, Profile, Registration & Post Submission Plugin for WordPress", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "3.5.26", - "version_value": "3.5.26" + "CVE_data_meta": { + "ID": "CVE-2021-25076", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "WP User Frontend < 3.5.26 - SQL Injection to Reflected Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WP User Frontend \u2013 Membership, Profile, Registration & Post Submission Plugin for WordPress", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.5.26", + "version_value": "3.5.26" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting" - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "url": "https://wpscan.com/vulnerability/6d3eeba6-5560-4380-a6e9-f008a9112ac6", - "name": "https://wpscan.com/vulnerability/6d3eeba6-5560-4380-a6e9-f008a9112ac6" - }, - { - "refsource": "CONFIRM", - "url": "https://plugins.trac.wordpress.org/changeset/2648715", - "name": "https://plugins.trac.wordpress.org/changeset/2648715" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-89 SQL Injection", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting" + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "Krzysztof Zając" + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/6d3eeba6-5560-4380-a6e9-f008a9112ac6", + "name": "https://wpscan.com/vulnerability/6d3eeba6-5560-4380-a6e9-f008a9112ac6" + }, + { + "refsource": "CONFIRM", + "url": "https://plugins.trac.wordpress.org/changeset/2648715", + "name": "https://plugins.trac.wordpress.org/changeset/2648715" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/166071/WordPress-WP-User-Frontend-3.5.25-SQL-Injection.html", + "url": "http://packetstormsecurity.com/files/166071/WordPress-WP-User-Frontend-3.5.25-SQL-Injection.html" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-89 SQL Injection", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Krzysztof Zaj\u0105c" + } + ], + "source": { + "discovery": "EXTERNAL" } - ], - "source": { - "discovery": "EXTERNAL" - } -} +} \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26256.json b/2021/26xxx/CVE-2021-26256.json index 6ccc4030f28..2959d4565b9 100644 --- a/2021/26xxx/CVE-2021-26256.json +++ b/2021/26xxx/CVE-2021-26256.json @@ -1,18 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2021-12-03T10:28:00.000Z", "ID": "CVE-2021-26256", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress Survey Maker plugin <= 2.0.6 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Survey Maker (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 2.0.6", + "version_value": "2.0.6" + } + ] + } + } + ] + }, + "vendor_name": "Survey Maker team" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Ngo Van Thien (Patchstack Red Team project)." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in Survey Maker WordPress plugin (versions <= 2.0.6)." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/survey-maker/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/survey-maker/#developers" + }, + { + "name": "https://patchstack.com/database/vulnerability/survey-maker/wordpress-survey-maker-plugin-2-0-6-unauthenticated-stored-cross-site-scripting-xss-vulnerability", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/survey-maker/wordpress-survey-maker-plugin-2-0-6-unauthenticated-stored-cross-site-scripting-xss-vulnerability" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to 2.0.7 or higher version." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/27xxx/CVE-2021-27753.json b/2021/27xxx/CVE-2021-27753.json index 73adeea0b75..dc3b22e3eb1 100644 --- a/2021/27xxx/CVE-2021-27753.json +++ b/2021/27xxx/CVE-2021-27753.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-27753", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@hcl.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "\"HCL Sametime\"", + "version": { + "version_data": [ + { + "version_value": "\"HCL Sametime 11.6.4 and below\"" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "\"Improper Limitation of a Pathname to a Restricted Directory\"" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0096575", + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0096575" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\"Sametime Android PathTraversal Vulnerability\"" } ] } diff --git a/2021/27xxx/CVE-2021-27755.json b/2021/27xxx/CVE-2021-27755.json index 3632ca5346c..e5c40116a94 100644 --- a/2021/27xxx/CVE-2021-27755.json +++ b/2021/27xxx/CVE-2021-27755.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-27755", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@hcl.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "\"HCL Sametime\"", + "version": { + "version_data": [ + { + "version_value": "\"HCL Sametime 11.6.4 and below\"" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "\"Relative Path Traversal\"" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0096575", + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0096575" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\"Sametime Android potential path traversal vulnerability when using File class\"" } ] } diff --git a/2021/27xxx/CVE-2021-27796.json b/2021/27xxx/CVE-2021-27796.json index cd34c17724e..daeb5c349fa 100644 --- a/2021/27xxx/CVE-2021-27796.json +++ b/2021/27xxx/CVE-2021-27796.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-27796", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "sirt@brocade.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Brocade Fabric OS", + "version": { + "version_data": [ + { + "version_value": "Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privileged File Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1721", + "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1721" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could allow an authenticated attacker within the restricted shell environment (rbash) as either the \u201cuser\u201d or \u201cfactory\u201d account, to read the contents of any file on the filesystem utilizing one of a few available binaries." } ] } diff --git a/2021/27xxx/CVE-2021-27797.json b/2021/27xxx/CVE-2021-27797.json index b3e0a1dfb2e..528f0b6a1f9 100644 --- a/2021/27xxx/CVE-2021-27797.json +++ b/2021/27xxx/CVE-2021-27797.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-27797", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "sirt@brocade.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Brocade Fabric OS", + "version": { + "version_data": [ + { + "version_value": "Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "hard coded credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1722", + "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1722" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the system." } ] } diff --git a/2021/44xxx/CVE-2021-44141.json b/2021/44xxx/CVE-2021-44141.json index fdcfb53df96..23951b168c0 100644 --- a/2021/44xxx/CVE-2021-44141.json +++ b/2021/44xxx/CVE-2021-44141.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44141", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Samba", + "version": { + "version_data": [ + { + "version_value": "All versions of Samba prior to 4.15.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.samba.org/samba/security/CVE-2021-44141.html", + "url": "https://www.samba.org/samba/security/CVE-2021-44141.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed." } ] } diff --git a/2021/44xxx/CVE-2021-44142.json b/2021/44xxx/CVE-2021-44142.json index e8e7b9517f9..3eaa69b7a6b 100644 --- a/2021/44xxx/CVE-2021-44142.json +++ b/2021/44xxx/CVE-2021-44142.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "cert@cert.org", + "ASSIGNER": "secalert@redhat.com", "DATE_PUBLIC": "2022-01-31T15:41:00.000Z", "ID": "CVE-2021-44142", "STATE": "PUBLIC" diff --git a/2021/44xxx/CVE-2021-44568.json b/2021/44xxx/CVE-2021-44568.json index 8d326a9b578..7728589744d 100644 --- a/2021/44xxx/CVE-2021-44568.json +++ b/2021/44xxx/CVE-2021-44568.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-44568", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-44568", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies function at src/solver.c (line 1940 & line 1995), which could cause a remote Denial of Service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openSUSE/libsolv/issues/425", + "refsource": "MISC", + "name": "https://github.com/openSUSE/libsolv/issues/425" + }, + { + "url": "https://github.com/yangjiageng/PoC/blob/master/libsolv-PoCs/resolve_dependencies-1940", + "refsource": "MISC", + "name": "https://github.com/yangjiageng/PoC/blob/master/libsolv-PoCs/resolve_dependencies-1940" + }, + { + "url": "https://github.com/yangjiageng/PoC/blob/master/libsolv-PoCs/resolve_dependencies-1995", + "refsource": "MISC", + "name": "https://github.com/yangjiageng/PoC/blob/master/libsolv-PoCs/resolve_dependencies-1995" } ] } diff --git a/2021/45xxx/CVE-2021-45092.json b/2021/45xxx/CVE-2021-45092.json index c17f20910ee..e33c70aa653 100644 --- a/2021/45xxx/CVE-2021-45092.json +++ b/2021/45xxx/CVE-2021-45092.json @@ -56,6 +56,11 @@ "url": "https://github.com/cybelesoft/virtualui/issues/2", "refsource": "MISC", "name": "https://github.com/cybelesoft/virtualui/issues/2" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/166068/Thinfinity-VirtualUI-2.5.41.0-IFRAME-Injection.html", + "url": "http://packetstormsecurity.com/files/166068/Thinfinity-VirtualUI-2.5.41.0-IFRAME-Injection.html" } ] } diff --git a/2021/46xxx/CVE-2021-46354.json b/2021/46xxx/CVE-2021-46354.json index 7790219e4bf..c681048b6a6 100644 --- a/2021/46xxx/CVE-2021-46354.json +++ b/2021/46xxx/CVE-2021-46354.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://github.com/cybelesoft/virtualui/issues/3", "url": "https://github.com/cybelesoft/virtualui/issues/3" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/166069/Thinfinity-VirtualUI-2.5.26.2-Information-Disclosure.html", + "url": "http://packetstormsecurity.com/files/166069/Thinfinity-VirtualUI-2.5.26.2-Information-Disclosure.html" } ] } diff --git a/2022/0xxx/CVE-2022-0290.json b/2022/0xxx/CVE-2022-0290.json index 8b499ab34d0..383700b77cd 100644 --- a/2022/0xxx/CVE-2022-0290.json +++ b/2022/0xxx/CVE-2022-0290.json @@ -54,6 +54,11 @@ "url": "https://crbug.com/1260134", "refsource": "MISC", "name": "https://crbug.com/1260134" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/166080/Chrome-RenderFrameHostImpl-Use-After-Free.html", + "url": "http://packetstormsecurity.com/files/166080/Chrome-RenderFrameHostImpl-Use-After-Free.html" } ] }, diff --git a/2022/0xxx/CVE-2022-0557.json b/2022/0xxx/CVE-2022-0557.json index 4d09fa57c2a..dcfbc36265d 100644 --- a/2022/0xxx/CVE-2022-0557.json +++ b/2022/0xxx/CVE-2022-0557.json @@ -1,89 +1,94 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2022-0557", - "STATE": "PUBLIC", - "TITLE": "OS Command Injection in microweber/microweber" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "microweber/microweber", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "1.2.11" - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2022-0557", + "STATE": "PUBLIC", + "TITLE": "OS Command Injection in microweber/microweber" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "microweber/microweber", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "1.2.11" + } + ] + } + } + ] + }, + "vendor_name": "microweber" } - } ] - }, - "vendor_name": "microweber" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "OS Command Injection in Packagist microweber/microweber prior to 1.2.11." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 8.1, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "HIGH", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OS Command Injection in Packagist microweber/microweber prior to 1.2.11." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/660c89af-2de5-41bc-aada-9e4e78142db8", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/660c89af-2de5-41bc-aada-9e4e78142db8" - }, - { - "name": "https://github.com/microweber/microweber/commit/0a7e5f1d81de884861ca677ee1aaac31f188d632", - "refsource": "MISC", - "url": "https://github.com/microweber/microweber/commit/0a7e5f1d81de884861ca677ee1aaac31f188d632" - } - ] - }, - "source": { - "advisory": "660c89af-2de5-41bc-aada-9e4e78142db8", - "discovery": "EXTERNAL" - } + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/660c89af-2de5-41bc-aada-9e4e78142db8", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/660c89af-2de5-41bc-aada-9e4e78142db8" + }, + { + "name": "https://github.com/microweber/microweber/commit/0a7e5f1d81de884861ca677ee1aaac31f188d632", + "refsource": "MISC", + "url": "https://github.com/microweber/microweber/commit/0a7e5f1d81de884861ca677ee1aaac31f188d632" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/166077/Microweber-1.2.11-Shell-Upload.html", + "url": "http://packetstormsecurity.com/files/166077/Microweber-1.2.11-Shell-Upload.html" + } + ] + }, + "source": { + "advisory": "660c89af-2de5-41bc-aada-9e4e78142db8", + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0708.json b/2022/0xxx/CVE-2022-0708.json index eb9d5497f05..ebaee54f623 100644 --- a/2022/0xxx/CVE-2022-0708.json +++ b/2022/0xxx/CVE-2022-0708.json @@ -1,18 +1,102 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "responsibledisclosure@mattermost.com", "ID": "CVE-2022-0708", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Team Creator's Email Address is disclosed to Team Members via one of the APIs" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Mattermost", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.3.0" + }, + { + "version_affected": "!>=", + "version_value": "6.2.2" + }, + { + "version_affected": "!>=", + "version_value": "6.1.2" + }, + { + "version_affected": "!>=", + "version_value": "5.37.7" + } + ] + } + } + ] + }, + "vendor_name": "Mattermost " + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mattermost 6.3.0 and earlier fails to protect email addresses of the creator of the team via one of the APIs, which allows authenticated team members to access this information resulting in sensitive & private information disclosure." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Information Exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://mattermost.com/security-updates/", + "name": "https://mattermost.com/security-updates/" + } + ] + }, + "source": { + "advisory": "MMSA-2022-0082", + "defect": [ + "https://mattermost.atlassian.net/browse/MM-40177" + ], + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0711.json b/2022/0xxx/CVE-2022-0711.json new file mode 100644 index 00000000000..4c3beeb2608 --- /dev/null +++ b/2022/0xxx/CVE-2022-0711.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-0711", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0712.json b/2022/0xxx/CVE-2022-0712.json new file mode 100644 index 00000000000..fe1f96fb6c8 --- /dev/null +++ b/2022/0xxx/CVE-2022-0712.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-0712", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/23xxx/CVE-2022-23983.json b/2022/23xxx/CVE-2022-23983.json index 6d2e388f1d1..afa5196bf2b 100644 --- a/2022/23xxx/CVE-2022-23983.json +++ b/2022/23xxx/CVE-2022-23983.json @@ -1,18 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-02-16T08:04:00.000Z", "ID": "CVE-2022-23983", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress WP Content Copy Protection & No Right Click plugin <= 3.4.4 - Cross-Site Request Forgery (CSRF) leads to Settings Update vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WP Content Copy Protection & No Right Click (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 3.4.4", + "version_value": "3.4.4" + } + ] + } + } + ] + }, + "vendor_name": "WP-buy" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Muhammad Daffa (Patchstack Red Team)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Settings Update discovered in WP Content Copy Protection & No Right Click WordPress plugin (versions <= 3.4.4)." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/wp-content-copy-protector/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/wp-content-copy-protector/#developers" + }, + { + "name": "https://patchstack.com/database/vulnerability/wp-content-copy-protector/wordpress-wp-content-copy-protection-no-right-click-plugin-3-4-4-cross-site-request-forgery-csrf-leads-to-settings-update-vulnerability", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/wp-content-copy-protector/wordpress-wp-content-copy-protection-no-right-click-plugin-3-4-4-cross-site-request-forgery-csrf-leads-to-settings-update-vulnerability" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to 3.4.4 or higher version." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/23xxx/CVE-2022-23984.json b/2022/23xxx/CVE-2022-23984.json index f2046de4a38..d3b615e6cbc 100644 --- a/2022/23xxx/CVE-2022-23984.json +++ b/2022/23xxx/CVE-2022-23984.json @@ -1,18 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-02-10T08:34:00.000Z", "ID": "CVE-2022-23984", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress wpDiscuz plugin <= 7.3.11 - Sensitive Information Disclosure" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Comments \u2013 wpDiscuz (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 7.3.11", + "version_value": "7.3.11" + } + ] + } + } + ] + }, + "vendor_name": "gVectors Team" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Muhammad Daffa (Patchstack Red Team)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sensitive information disclosure discovered in wpDiscuz WordPress plugin (versions <= 7.3.11)." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.7, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Information Exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/wpdiscuz/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/wpdiscuz/#developers" + }, + { + "name": "https://patchstack.com/database/vulnerability/wpdiscuz/wordpress-wpdiscuz-plugin-7-3-11-sensitive-information-disclosure", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/wpdiscuz/wordpress-wpdiscuz-plugin-7-3-11-sensitive-information-disclosure" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to 7.3.12 or higher version." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/24xxx/CVE-2022-24295.json b/2022/24xxx/CVE-2022-24295.json index 2e8a5a0cc6c..04f022caafc 100644 --- a/2022/24xxx/CVE-2022-24295.json +++ b/2022/24xxx/CVE-2022-24295.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-24295", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@okta.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Okta", + "product": { + "product_data": [ + { + "product_name": "Okta Advanced Server Access Client", + "version": { + "version_data": [ + { + "version_value": "Prior to version 1.57.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://trust.okta.com/security-advisories/okta-advanced-server-access-client-cve-2022-24295", + "refsource": "MISC", + "name": "https://trust.okta.com/security-advisories/okta-advanced-server-access-client-cve-2022-24295" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Okta Advanced Server Access Client for Windows prior to version 1.57.0 was found to be vulnerable to command injection via a specially crafted URL." } ] } diff --git a/2022/25xxx/CVE-2022-25241.json b/2022/25xxx/CVE-2022-25241.json index 56d2e4f999e..4592ca7a962 100644 --- a/2022/25xxx/CVE-2022-25241.json +++ b/2022/25xxx/CVE-2022-25241.json @@ -61,6 +61,11 @@ "url": "https://www.filecloud.com/supportdocs/display/cloud/Advisory+2022-01-3+Threat+of+CSRF+via+User+Creation", "refsource": "MISC", "name": "https://www.filecloud.com/supportdocs/display/cloud/Advisory+2022-01-3+Threat+of+CSRF+via+User+Creation" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/166074/FileCloud-21.2-Cross-Site-Request-Forgery.html", + "url": "http://packetstormsecurity.com/files/166074/FileCloud-21.2-Cross-Site-Request-Forgery.html" } ] } diff --git a/2022/25xxx/CVE-2022-25599.json b/2022/25xxx/CVE-2022-25599.json index 87098b5c724..4864b59713d 100644 --- a/2022/25xxx/CVE-2022-25599.json +++ b/2022/25xxx/CVE-2022-25599.json @@ -1,18 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-02-10T15:58:00.000Z", "ID": "CVE-2022-25599", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress Spiffy Calendar plugin <= 4.9.0 - Event deletion via Cross-Site Request Forgery (CSRF) vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Spiffy Calendar (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 4.9.0", + "version_value": "4.9.0" + } + ] + } + } + ] + }, + "vendor_name": "Spiffy Plugins" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Ngo Van Thien (Patchstack Red Team project)." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability leading to event deletion was discovered in Spiffy Calendar WordPress plugin (versions <= 4.9.0)." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/spiffy-calendar/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/spiffy-calendar/#developers" + }, + { + "name": "https://patchstack.com/database/vulnerability/spiffy-calendar/wordpress-spiffy-calendar-plugin-4-9-0-event-deletion-via-cross-site-request-forgery-csrf-vulnerability", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/spiffy-calendar/wordpress-spiffy-calendar-plugin-4-9-0-event-deletion-via-cross-site-request-forgery-csrf-vulnerability" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to 4.9.1 or higher version." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file