diff --git a/2022/1xxx/CVE-2022-1059.json b/2022/1xxx/CVE-2022-1059.json index 990ce370b72..a931f6b59e9 100644 --- a/2022/1xxx/CVE-2022-1059.json +++ b/2022/1xxx/CVE-2022-1059.json @@ -1,18 +1,85 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2022-04-12T15:20:00.000Z", "ID": "CVE-2022-1059", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "CROSS-SITE SCRIPTING CWE-79" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TUG Home Base Server", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "All versions", + "version_value": "24" + } + ] + } + } + ] + }, + "vendor_name": "Aethon" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "The \u201cLoad\u201d tab of the Fleet Management Console is vulnerable to reflected cross-site scripting attacks." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-102-05", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-102-05" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1066.json b/2022/1xxx/CVE-2022-1066.json index 705d8b0b214..1a1bb2426d7 100644 --- a/2022/1xxx/CVE-2022-1066.json +++ b/2022/1xxx/CVE-2022-1066.json @@ -1,18 +1,85 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2022-04-12T15:20:00.000Z", "ID": "CVE-2022-1066", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "MISSING AUTHORIZATION CWE-862" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TUG Home Base Server", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "All versions", + "version_value": "24" + } + ] + } + } + ] + }, + "vendor_name": "Aethon" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An unauthenticated attacker can arbitrarily add new users with administrative privileges and delete or modify existing users." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-102-05", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-102-05" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1070.json b/2022/1xxx/CVE-2022-1070.json index c2e3e73e60c..b629967ad0e 100644 --- a/2022/1xxx/CVE-2022-1070.json +++ b/2022/1xxx/CVE-2022-1070.json @@ -1,18 +1,85 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2022-04-12T15:20:00.000Z", "ID": "CVE-2022-1070", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "CHANNEL ACCESSIBLE BY NON-ENDPOINT CWE-300" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TUG Home Base Server", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "All versions", + "version_value": "24" + } + ] + } + } + ] + }, + "vendor_name": "Aethon" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An unauthenticated attacker can connect to the TUG Home Base Server websocket to take control of TUG robots." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-102-05", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-102-05" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/26xxx/CVE-2022-26423.json b/2022/26xxx/CVE-2022-26423.json index 31aafc525f5..f7ab33e2451 100644 --- a/2022/26xxx/CVE-2022-26423.json +++ b/2022/26xxx/CVE-2022-26423.json @@ -1,18 +1,85 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2022-04-12T15:20:00.000Z", "ID": "CVE-2022-26423", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "MISSING AUTHORIZATION CWE-862" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TUG Home Base Server", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "All versions", + "version_value": "24" + } + ] + } + } + ] + }, + "vendor_name": "Aethon" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An unauthenticated attacker can freely access hashed user credentials." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-102-05", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-102-05" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/27xxx/CVE-2022-27494.json b/2022/27xxx/CVE-2022-27494.json index 2ee7c0f1345..9986701402f 100644 --- a/2022/27xxx/CVE-2022-27494.json +++ b/2022/27xxx/CVE-2022-27494.json @@ -1,18 +1,85 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2022-04-12T15:20:00.000Z", "ID": "CVE-2022-27494", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "CROSS-SITE SCRIPTING CWE-79" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TUG Home Base Server", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "All versions", + "version_value": "24" + } + ] + } + } + ] + }, + "vendor_name": "Aethon" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "The \u201cReports\u201d tab of the Fleet Management Console is vulnerable to stored cross-site scripting attacks when new reports are created or edited." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-102-05", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-102-05" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38104.json b/2022/38xxx/CVE-2022-38104.json index f7d4e2bb1b7..6b4b7dc7aec 100644 --- a/2022/38xxx/CVE-2022-38104.json +++ b/2022/38xxx/CVE-2022-38104.json @@ -1,18 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-09-29T20:28:00.000Z", "ID": "CVE-2022-38104", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress Accordions plugin <= 2.0.3 - Auth. WordPress Options Change vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Accordions \u2013 Multiple Accordions or FAQs Builder (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 2.0.3", + "version_value": "2.0.3" + } + ] + } + } + ] + }, + "vendor_name": "Biplob Adhikari" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Vlad Vector (Patchstack)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Auth. WordPress Options Change (siteurl, users_can_register, default_role, admin_email and new_admin_email) vulnerability in Biplob Adhikari's Accordions \u2013 Multiple Accordions or FAQs Builder plugin (versions <= 2.0.3 on WordPress." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-264 Permissions, Privileges, and Access Controls" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/accordions-or-faqs/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/accordions-or-faqs/#developers" + }, + { + "name": "https://patchstack.com/database/vulnerability/accordions-or-faqs/wordpress-accordions-plugin-2-0-3-authenticated-wordpress-options-change-vulnerability?_s_id=cve", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/accordions-or-faqs/wordpress-accordions-plugin-2-0-3-authenticated-wordpress-options-change-vulnerability?_s_id=cve" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to 2.1.0 or higher version." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3570.json b/2022/3xxx/CVE-2022-3570.json index d7405da1726..485cba443f3 100644 --- a/2022/3xxx/CVE-2022-3570.json +++ b/2022/3xxx/CVE-2022-3570.json @@ -4,15 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3570", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "libtiff", + "product": { + "product_data": [ + { + "product_name": "libtiff", + "version": { + "version_data": [ + { + "version_value": ">=3.9.0, <=4.4.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in libtiff" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/libtiff/libtiff/-/issues/381", + "url": "https://gitlab.com/libtiff/libtiff/-/issues/381", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/libtiff/libtiff/-/issues/386", + "url": "https://gitlab.com/libtiff/libtiff/-/issues/386", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/libtiff/libtiff/-/commit/bd94a9b383d8755a27b5a1bc27660b8ad10b094c", + "url": "https://gitlab.com/libtiff/libtiff/-/commit/bd94a9b383d8755a27b5a1bc27660b8ad10b094c", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3570.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3570.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact" } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 7.7, + "baseSeverity": "HIGH" + } + }, + "credit": [ + { + "lang": "eng", + "value": "shahchintanh@gmail.com" + } + ] } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3597.json b/2022/3xxx/CVE-2022-3597.json index 0d15a0c56b1..6f50fc896f5 100644 --- a/2022/3xxx/CVE-2022-3597.json +++ b/2022/3xxx/CVE-2022-3597.json @@ -4,15 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3597", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "libtiff", + "product": { + "product_data": [ + { + "product_name": "libtiff", + "version": { + "version_data": [ + { + "version_value": "<=4.4.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read in libtiff" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047", + "url": "https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/libtiff/libtiff/-/issues/413", + "url": "https://gitlab.com/libtiff/libtiff/-/issues/413", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3597.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3597.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "wangdw.augustus@gmail.com" + } + ] } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3598.json b/2022/3xxx/CVE-2022-3598.json index 34419c9f9fa..1fa09083651 100644 --- a/2022/3xxx/CVE-2022-3598.json +++ b/2022/3xxx/CVE-2022-3598.json @@ -4,15 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3598", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "libtiff", + "product": { + "product_data": [ + { + "product_name": "libtiff", + "version": { + "version_data": [ + { + "version_value": "<=4.4.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read in libtiff" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/libtiff/libtiff/-/issues/435", + "url": "https://gitlab.com/libtiff/libtiff/-/issues/435", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/libtiff/libtiff/-/commit/cfbb883bf6ea7bedcb04177cc4e52d304522fdff", + "url": "https://gitlab.com/libtiff/libtiff/-/commit/cfbb883bf6ea7bedcb04177cc4e52d304522fdff", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3598.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3598.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "wangdw.augustus@gmail.com" + } + ] } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3599.json b/2022/3xxx/CVE-2022-3599.json index 3508a02ca10..930c144fdda 100644 --- a/2022/3xxx/CVE-2022-3599.json +++ b/2022/3xxx/CVE-2022-3599.json @@ -4,15 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3599", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "libtiff", + "product": { + "product_data": [ + { + "product_name": "libtiff", + "version": { + "version_data": [ + { + "version_value": "<=4.4.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read in libtiff" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/libtiff/libtiff/-/issues/398", + "url": "https://gitlab.com/libtiff/libtiff/-/issues/398", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246", + "url": "https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3599.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3599.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "wangdw.augustus@gmail.com" + } + ] } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3626.json b/2022/3xxx/CVE-2022-3626.json index 0ba22626489..961be131af9 100644 --- a/2022/3xxx/CVE-2022-3626.json +++ b/2022/3xxx/CVE-2022-3626.json @@ -4,15 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3626", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "libtiff", + "product": { + "product_data": [ + { + "product_name": "libtiff", + "version": { + "version_data": [ + { + "version_value": "<=4.4.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds write in libtiff" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/libtiff/libtiff/-/issues/426", + "url": "https://gitlab.com/libtiff/libtiff/-/issues/426", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047", + "url": "https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3626.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3626.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "wangdw.augustus@gmail.com" + } + ] } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3627.json b/2022/3xxx/CVE-2022-3627.json index 15751587547..40556deb7d8 100644 --- a/2022/3xxx/CVE-2022-3627.json +++ b/2022/3xxx/CVE-2022-3627.json @@ -4,15 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3627", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "libtiff", + "product": { + "product_data": [ + { + "product_name": "libtiff", + "version": { + "version_data": [ + { + "version_value": "<=4.4.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read in libtiff" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047", + "url": "https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/libtiff/libtiff/-/issues/411", + "url": "https://gitlab.com/libtiff/libtiff/-/issues/411", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3627.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3627.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "wangdw.augustus@gmail.com" + } + ] } \ No newline at end of file diff --git a/2022/40xxx/CVE-2022-40311.json b/2022/40xxx/CVE-2022-40311.json index 11ab043ac69..d5f2e672810 100644 --- a/2022/40xxx/CVE-2022-40311.json +++ b/2022/40xxx/CVE-2022-40311.json @@ -1,18 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-09-29T20:53:00.000Z", "ID": "CVE-2022-40311", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress Analytics Cat plugin <= 1.0.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Analytics Cat \u2013 Google Analytics Made Easy (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 1.0.9", + "version_value": "1.0.9" + } + ] + } + } + ] + }, + "vendor_name": "Fatcat Apps" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Vlad Vector (Patchstack)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) in Fatcat Apps Analytics Cat plugin <= 1.0.9 on WordPress." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://patchstack.com/database/vulnerability/analytics-cat/wordpress-analytics-cat-plugin-1-0-9-authenticated-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/analytics-cat/wordpress-analytics-cat-plugin-1-0-9-authenticated-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + }, + { + "name": "https://wordpress.org/plugins/analytics-cat/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/analytics-cat/#developers" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to 1.1.0 or higher version." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41309.json b/2022/41xxx/CVE-2022-41309.json index 0b078d4c691..5591b9df68a 100644 --- a/2022/41xxx/CVE-2022-41309.json +++ b/2022/41xxx/CVE-2022-41309.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41309", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Autodesk Design Review", + "version": { + "version_data": [ + { + "version_value": "2018,\u00a02017,\u00a02013, 2012, 2011" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory corruption Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process." } ] } diff --git a/2022/41xxx/CVE-2022-41310.json b/2022/41xxx/CVE-2022-41310.json index 1fc7874e2f8..c18304106d2 100644 --- a/2022/41xxx/CVE-2022-41310.json +++ b/2022/41xxx/CVE-2022-41310.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41310", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Autodesk Design Review", + "version": { + "version_data": [ + { + "version_value": "2018,\u00a02017,\u00a02013, 2012, 2011" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory corruption Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process." } ] } diff --git a/2022/41xxx/CVE-2022-41638.json b/2022/41xxx/CVE-2022-41638.json index c527f7bda89..20fb78d6573 100644 --- a/2022/41xxx/CVE-2022-41638.json +++ b/2022/41xxx/CVE-2022-41638.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-09-26T21:07:00.000Z", "ID": "CVE-2022-41638", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress Pop-Up Chop Chop plugin <= 2.1.7 - Auth. Stored Cross-Site Scripting (XSS) vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Pop-Up Chop Chop (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 2.1.7", + "version_value": "2.1.7" + } + ] + } + } + ] + }, + "vendor_name": "Chop-Chop" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Ngo Van Thien (Patchstack Alliance)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Auth. Stored Cross-Site Scripting (XSS) in Pop-Up Chop Chop plugin <= 2.1.7 on WordPress." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://patchstack.com/database/vulnerability/pop-up/wordpress-pop-up-chop-chop-plugin-2-1-7-authenticated-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/pop-up/wordpress-pop-up-chop-chop-plugin-2-1-7-authenticated-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + }, + { + "name": "https://wordpress.org/plugins/pop-up/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/pop-up/" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42933.json b/2022/42xxx/CVE-2022-42933.json index 25d100a687d..45187de30a2 100644 --- a/2022/42xxx/CVE-2022-42933.json +++ b/2022/42xxx/CVE-2022-42933.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42933", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Autodesk Design Review", + "version": { + "version_data": [ + { + "version_value": "2018,\u00a02017,\u00a02013, 2012, 2011" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory corruption Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process." } ] } diff --git a/2022/42xxx/CVE-2022-42934.json b/2022/42xxx/CVE-2022-42934.json index 3c0c374f748..30970325376 100644 --- a/2022/42xxx/CVE-2022-42934.json +++ b/2022/42xxx/CVE-2022-42934.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42934", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Autodesk Design Review", + "version": { + "version_data": [ + { + "version_value": "2018,\u00a02017,\u00a02013, 2012, 2011" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory corruption Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process." } ] } diff --git a/2022/42xxx/CVE-2022-42935.json b/2022/42xxx/CVE-2022-42935.json index c2e3f491a14..8e2f9227955 100644 --- a/2022/42xxx/CVE-2022-42935.json +++ b/2022/42xxx/CVE-2022-42935.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42935", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Autodesk Design Review", + "version": { + "version_data": [ + { + "version_value": "2018,\u00a02017,\u00a02013, 2012, 2011" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory corruption Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process." } ] } diff --git a/2022/42xxx/CVE-2022-42936.json b/2022/42xxx/CVE-2022-42936.json index d292cde07e9..7ba80a93391 100644 --- a/2022/42xxx/CVE-2022-42936.json +++ b/2022/42xxx/CVE-2022-42936.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42936", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Autodesk Design Review", + "version": { + "version_data": [ + { + "version_value": "2018,\u00a02017,\u00a02013, 2012, 2011" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory corruption Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process." } ] } diff --git a/2022/42xxx/CVE-2022-42937.json b/2022/42xxx/CVE-2022-42937.json index 57531a4ebfe..b8e880543bf 100644 --- a/2022/42xxx/CVE-2022-42937.json +++ b/2022/42xxx/CVE-2022-42937.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42937", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Autodesk Design Review", + "version": { + "version_data": [ + { + "version_value": "2018,\u00a02017,\u00a02013, 2012, 2011" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory corruption Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process." } ] } diff --git a/2022/42xxx/CVE-2022-42938.json b/2022/42xxx/CVE-2022-42938.json index 28023de65a7..8f007679fbb 100644 --- a/2022/42xxx/CVE-2022-42938.json +++ b/2022/42xxx/CVE-2022-42938.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42938", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Autodesk Design Review", + "version": { + "version_data": [ + { + "version_value": "2018,\u00a02017,\u00a02013, 2012, 2011" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory corruption vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process." } ] } diff --git a/2022/42xxx/CVE-2022-42939.json b/2022/42xxx/CVE-2022-42939.json index 39119bf44d3..bf2bf4df43c 100644 --- a/2022/42xxx/CVE-2022-42939.json +++ b/2022/42xxx/CVE-2022-42939.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42939", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Autodesk Design Review", + "version": { + "version_data": [ + { + "version_value": "2018,\u00a02017,\u00a02013, 2012, 2011" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory corruption vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process." } ] } diff --git a/2022/42xxx/CVE-2022-42940.json b/2022/42xxx/CVE-2022-42940.json index d056bfe5b13..d72b450f45c 100644 --- a/2022/42xxx/CVE-2022-42940.json +++ b/2022/42xxx/CVE-2022-42940.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42940", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Autodesk Design Review", + "version": { + "version_data": [ + { + "version_value": "2018,\u00a02017,\u00a02013, 2012, 2011" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory corruption vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process." } ] } diff --git a/2022/42xxx/CVE-2022-42941.json b/2022/42xxx/CVE-2022-42941.json index cd311aab8ee..d6b098278aa 100644 --- a/2022/42xxx/CVE-2022-42941.json +++ b/2022/42xxx/CVE-2022-42941.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42941", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Autodesk Design Review", + "version": { + "version_data": [ + { + "version_value": "2018,\u00a02017,\u00a02013, 2012, 2011" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory corruption vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process." } ] } diff --git a/2022/42xxx/CVE-2022-42942.json b/2022/42xxx/CVE-2022-42942.json index 3b1cc75aa5e..24d8d3fcb45 100644 --- a/2022/42xxx/CVE-2022-42942.json +++ b/2022/42xxx/CVE-2022-42942.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42942", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Autodesk Design Review", + "version": { + "version_data": [ + { + "version_value": "2018,\u00a02017,\u00a02013, 2012, 2011" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory corruption vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process." } ] } diff --git a/2022/42xxx/CVE-2022-42943.json b/2022/42xxx/CVE-2022-42943.json index 8ce0c2fedf6..49f28f60ed8 100644 --- a/2022/42xxx/CVE-2022-42943.json +++ b/2022/42xxx/CVE-2022-42943.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42943", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Autodesk Design Review", + "version": { + "version_data": [ + { + "version_value": "2018,\u00a02017,\u00a02013, 2012, 2011" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory corruption vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process." } ] } diff --git a/2022/42xxx/CVE-2022-42944.json b/2022/42xxx/CVE-2022-42944.json index 8375e218993..38b7eea5f73 100644 --- a/2022/42xxx/CVE-2022-42944.json +++ b/2022/42xxx/CVE-2022-42944.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42944", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Autodesk Design Review", + "version": { + "version_data": [ + { + "version_value": "2018,\u00a02017,\u00a02013, 2012, 2011" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory corruption vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process." } ] }