diff --git a/2021/20xxx/CVE-2021-20077.json b/2021/20xxx/CVE-2021-20077.json index e4c3bf4fded..01a4f3b9cae 100644 --- a/2021/20xxx/CVE-2021-20077.json +++ b/2021/20xxx/CVE-2021-20077.json @@ -15,11 +15,11 @@ "product": { "product_data": [ { - "product_name": "Tenable Nessus", + "product_name": "Tenable Nessus Agent", "version": { "version_data": [ { - "version_value": "8.13.2 and earlier" + "version_value": "7.2.0 through 8.2.2" } ] } @@ -65,7 +65,7 @@ "description_data": [ { "lang": "eng", - "value": "Nessus versions 8.13.2 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges on the Nessus host." + "value": "Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance. This could allow a privileged attacker to obtain the token." } ] } diff --git a/2022/2xxx/CVE-2022-2937.json b/2022/2xxx/CVE-2022-2937.json index bbd734187a0..d74255d7d0d 100644 --- a/2022/2xxx/CVE-2022-2937.json +++ b/2022/2xxx/CVE-2022-2937.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", "ID": "CVE-2022-2937", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Image Hover Effects Ultimate <= 9.7.3 - Authenticated Stored Cross-Site Scripting via Title & Description" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Image Hover Effects Ultimate", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "9.7.3", + "version_value": "9.7.3" + } + ] + } + } + ] + }, + "vendor_name": "biplob018" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Zhouyuan Yang" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title & Description values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugin's features available to lower privileged users through the 'Who Can Edit?' setting then this can be exploited by those users." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2669411%40image-hover-effects-ultimate&new=2669411%40image-hover-effects-ultimate&sfp_email=&sfph_mail=", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2669411%40image-hover-effects-ultimate&new=2669411%40image-hover-effects-ultimate&sfp_email=&sfph_mail=" + }, + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2937", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2937" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/30xxx/CVE-2022-30121.json b/2022/30xxx/CVE-2022-30121.json index bdc9edab705..52ead051f40 100644 --- a/2022/30xxx/CVE-2022-30121.json +++ b/2022/30xxx/CVE-2022-30121.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-30121", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Ivanti Endpoint Manager", + "version": { + "version_data": [ + { + "version_value": "11.0.1.951" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation (CAPEC-233)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://forums.ivanti.com/s/article/Security-Advisory-for-Ivanti-Endpoint-Manager-Client-CVE-2022-30121?language=en_US", + "url": "https://forums.ivanti.com/s/article/Security-Advisory-for-Ivanti-Endpoint-Manager-Client-CVE-2022-30121?language=en_US" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The \u201cLANDesk(R) Management Agent\u201d service exposes a socket and once connected, it is possible to launch commands only for signed executables. This is a security bug that allows a limited user to get escalated admin privileges on their system." } ] } diff --git a/2022/35xxx/CVE-2022-35252.json b/2022/35xxx/CVE-2022-35252.json index 54942848033..71d6ed2d3c7 100644 --- a/2022/35xxx/CVE-2022-35252.json +++ b/2022/35xxx/CVE-2022-35252.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-35252", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "https://github.com/curl/curl", + "version": { + "version_data": [ + { + "version_value": "Fixed in curl 7.85.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation (CWE-20)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/1613943", + "url": "https://hackerone.com/reports/1613943" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a\"sister site\" to deny service to all siblings." } ] } diff --git a/2022/35xxx/CVE-2022-35253.json b/2022/35xxx/CVE-2022-35253.json index 7af6dad8024..fea8fdc2ea4 100644 --- a/2022/35xxx/CVE-2022-35253.json +++ b/2022/35xxx/CVE-2022-35253.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-35253", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Hyperledger Fabric", + "version": { + "version_data": [ + { + "version_value": "fixed in v2.4, v2.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (CWE-400)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/hyperledger/fabric/pull/3572", + "url": "https://github.com/hyperledger/fabric/pull/3572" + }, + { + "refsource": "MISC", + "name": "https://github.com/hyperledger/fabric/pull/3576", + "url": "https://github.com/hyperledger/fabric/pull/3576" + }, + { + "refsource": "MISC", + "name": "https://github.com/hyperledger/fabric/pull/3577", + "url": "https://github.com/hyperledger/fabric/pull/3577" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability exists in Hyperledger Fabric <2.4 could allow an attacker to construct a non-validated request that could cause a denial of service attack." } ] } diff --git a/2022/35xxx/CVE-2022-35257.json b/2022/35xxx/CVE-2022-35257.json index 06fda3f6fb6..16208ae9db2 100644 --- a/2022/35xxx/CVE-2022-35257.json +++ b/2022/35xxx/CVE-2022-35257.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-35257", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "UI Desktop for Windows", + "version": { + "version_data": [ + { + "version_value": "Fixed in Version 0.55.3.17 and later" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation (CAPEC-233)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://community.ui.com/releases/Security-Advisory-Bulletin-025-025/7fc92851-054d-46d3-bdb0-fbb8f7023fed", + "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-025-025/7fc92851-054d-46d3-bdb0-fbb8f7023fed" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A local privilege escalation vulnerability in UI Desktop for Windows (Version 0.55.1.2 and earlier) allows a malicious actor with local access to a Windows device with UI Desktop to run arbitrary commands as SYSTEM." } ] } diff --git a/2022/36xxx/CVE-2022-36798.json b/2022/36xxx/CVE-2022-36798.json index 1580af7b5d5..aa84a753a4c 100644 --- a/2022/36xxx/CVE-2022-36798.json +++ b/2022/36xxx/CVE-2022-36798.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-09-02T20:41:00.000Z", "ID": "CVE-2022-36798", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress Mega Addons For WPBakery Page Builder plugin <= 4.2.7 - Cross-Site Request Forgery (CSRF) vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Mega Addons For WPBakery Page Builder (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 4.2.7", + "version_value": "4.2.7" + } + ] + } + } + ] + }, + "vendor_name": "Topdigitaltrends" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Rasi Afeef (Patchstack Alliance)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Topdigitaltrends Mega Addons For WPBakery Page Builder plugin <= 4.2.7 at WordPress." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://patchstack.com/database/vulnerability/mega-addons-for-visual-composer/wordpress-mega-addons-for-wpbakery-page-builder-plugin-4-2-7-cross-site-request-forgery-csrf-vulnerability", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/mega-addons-for-visual-composer/wordpress-mega-addons-for-wpbakery-page-builder-plugin-4-2-7-cross-site-request-forgery-csrf-vulnerability" + }, + { + "name": "https://wordpress.org/plugins/mega-addons-for-visual-composer/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/mega-addons-for-visual-composer/" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/37xxx/CVE-2022-37330.json b/2022/37xxx/CVE-2022-37330.json index 39e69bfaae2..0eb1447a4cf 100644 --- a/2022/37xxx/CVE-2022-37330.json +++ b/2022/37xxx/CVE-2022-37330.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-09-01T19:26:00.000Z", "ID": "CVE-2022-37330", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress WHA Crossword plugin <= 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WHA Crossword (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 1.1.10", + "version_value": "1.1.10" + } + ] + } + } + ] + }, + "vendor_name": "WHA" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Ngo Van Thien (Patchstack Alliance)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WHA Crossword plugin <= 1.1.10 at WordPress." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/wha-crossword/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/wha-crossword/" + }, + { + "name": "https://patchstack.com/database/vulnerability/wha-crossword/wordpress-wha-crossword-plugin-1-1-10-authenticated-stored-cross-site-scripting-xss-vulnerability", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/wha-crossword/wordpress-wha-crossword-plugin-1-1-10-authenticated-stored-cross-site-scripting-xss-vulnerability" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/37xxx/CVE-2022-37338.json b/2022/37xxx/CVE-2022-37338.json index 6846d739145..1eecbfcc9d8 100644 --- a/2022/37xxx/CVE-2022-37338.json +++ b/2022/37xxx/CVE-2022-37338.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-09-01T19:39:00.000Z", "ID": "CVE-2022-37338", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress Blossom Recipe Maker plugin <= 1.0.7 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Blossom Recipe Maker (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 1.0.7", + "version_value": "1.0.7" + } + ] + } + } + ] + }, + "vendor_name": "Blossomthemes" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Ngo Van Thien (Patchstack Alliance)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in Blossom Recipe Maker plugin <= 1.0.7 at WordPress." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://patchstack.com/database/vulnerability/blossom-recipe-maker/wordpress-blossom-recipe-maker-plugin-1-0-7-multiple-authenticated-stored-cross-site-scripting-xss-vulnerabilities", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/blossom-recipe-maker/wordpress-blossom-recipe-maker-plugin-1-0-7-multiple-authenticated-stored-cross-site-scripting-xss-vulnerabilities" + }, + { + "name": "https://wordpress.org/plugins/blossom-recipe-maker/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/blossom-recipe-maker/" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/37xxx/CVE-2022-37339.json b/2022/37xxx/CVE-2022-37339.json index ad9dc28ab5d..af0c652b3ae 100644 --- a/2022/37xxx/CVE-2022-37339.json +++ b/2022/37xxx/CVE-2022-37339.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-09-02T20:06:00.000Z", "ID": "CVE-2022-37339", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress Meet My Team plugin <= 2.0.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Meet My Team (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 2.0.5", + "version_value": "2.0.5" + } + ] + } + } + ] + }, + "vendor_name": "Fullworks" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Ngo Van Thien (Patchstack Alliance)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Meet My Team plugin <= 2.0.5 at WordPress." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://patchstack.com/database/vulnerability/meet-my-team/wordpress-meet-my-team-plugin-2-0-5-authenticated-stored-cross-site-scripting-xss-vulnerability", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/meet-my-team/wordpress-meet-my-team-plugin-2-0-5-authenticated-stored-cross-site-scripting-xss-vulnerability" + }, + { + "name": "https://wordpress.org/plugins/meet-my-team/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/meet-my-team/#developers" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38095.json b/2022/38xxx/CVE-2022-38095.json index d5aab8a5384..5cd6f0da61d 100644 --- a/2022/38xxx/CVE-2022-38095.json +++ b/2022/38xxx/CVE-2022-38095.json @@ -1,18 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-09-14T20:49:00.000Z", "ID": "CVE-2022-38095", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.3 - Cross-Site Request Forgery (CSRF) vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Advanced Dynamic Pricing for WooCommerce (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 4.1.3", + "version_value": "4.1.3" + } + ] + } + } + ] + }, + "vendor_name": "AlgolPlus" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Muhammad Daffa (Patchstack Alliance)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.3 at WordPress." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://patchstack.com/database/vulnerability/advanced-dynamic-pricing-for-woocommerce/wordpress-advanced-dynamic-pricing-for-woocommerce-plugin-4-1-3-cross-site-request-forgery-csrf-vulnerability", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/advanced-dynamic-pricing-for-woocommerce/wordpress-advanced-dynamic-pricing-for-woocommerce-plugin-4-1-3-cross-site-request-forgery-csrf-vulnerability" + }, + { + "name": "https://wordpress.org/plugins/advanced-dynamic-pricing-for-woocommerce/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/advanced-dynamic-pricing-for-woocommerce/#developers" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to 4.1.4 or a higher version." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38703.json b/2022/38xxx/CVE-2022-38703.json index 956bdaf868d..d6738684d93 100644 --- a/2022/38xxx/CVE-2022-38703.json +++ b/2022/38xxx/CVE-2022-38703.json @@ -1,18 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-08-01T22:41:00.000Z", "ID": "CVE-2022-38703", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress Button Plugin MaxButtons plugin <= 9.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WordPress Button Plugin MaxButtons (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 9.2", + "version_value": "9.2" + } + ] + } + } + ] + }, + "vendor_name": "Max Foundry" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Muhammad Daffa (Patchstack Alliance)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Max Foundry Button Plugin MaxButtons plugin <= 9.2 at WordPress" } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.4, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/maxbuttons/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/maxbuttons/#developers" + }, + { + "name": "https://patchstack.com/database/vulnerability/maxbuttons/wordpress-wordpress-button-plugin-maxbuttons-plugin-9-2-authenticated-stored-cross-site-scripting-xss-vulnerability/_s_id=cve", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/maxbuttons/wordpress-wordpress-button-plugin-maxbuttons-plugin-9-2-authenticated-stored-cross-site-scripting-xss-vulnerability/_s_id=cve" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to 9.3 or higher version." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3144.json b/2022/3xxx/CVE-2022-3144.json index 04170d530e6..12348bb9035 100644 --- a/2022/3xxx/CVE-2022-3144.json +++ b/2022/3xxx/CVE-2022-3144.json @@ -1,18 +1,110 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", "ID": "CVE-2022-3144", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Wordfence Security \u2013 Firewall & Malware Scan <= 7.6.0 - Authenticated (Admin+) Stored Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Wordfence Security \u2013 Firewall & Malware Scan", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.6.0", + "version_value": "7.6.0" + } + ] + } + } + ] + }, + "vendor_name": "Wordfence Security" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Ori Gabriel" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Wordfence Security \u2013 Firewall & Malware Scan plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 7.6.0 via a setting on the options page due to insufficient escaping on the stored value. This makes it possible for authenticated users, with administrative privileges, to inject malicious web scripts into the setting that executes whenever a user accesses a page displaying the affected setting on sites running a vulnerable version." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wordpress.org/plugins/wordfence/#developers", + "name": "https://wordpress.org/plugins/wordfence/#developers" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2780937%40wordfence&new=2780937%40wordfence&sfp_email=&sfph_mail=", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2780937%40wordfence&new=2780937%40wordfence&sfp_email=&sfph_mail=" + }, + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-3144", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-3144" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to version 7.6.1, or newer. " + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/40xxx/CVE-2022-40091.json b/2022/40xxx/CVE-2022-40091.json index 8e3bf12bfa5..761a2b1a9f9 100644 --- a/2022/40xxx/CVE-2022-40091.json +++ b/2022/40xxx/CVE-2022-40091.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-40091", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-40091", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/update_packages.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/autumnmap/Bug_report/blob/main/vendors/mayuri_k/online-tours-travels-management-system/SQLi-1.md", + "url": "https://github.com/autumnmap/Bug_report/blob/main/vendors/mayuri_k/online-tours-travels-management-system/SQLi-1.md" } ] } diff --git a/2022/40xxx/CVE-2022-40092.json b/2022/40xxx/CVE-2022-40092.json index 1d8a1cfab41..e8e1367c20a 100644 --- a/2022/40xxx/CVE-2022-40092.json +++ b/2022/40xxx/CVE-2022-40092.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-40092", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-40092", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/update_payment.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/autumnmap/Bug_report/blob/main/vendors/mayuri_k/online-tours-travels-management-system/SQLi-2.md", + "url": "https://github.com/autumnmap/Bug_report/blob/main/vendors/mayuri_k/online-tours-travels-management-system/SQLi-2.md" } ] } diff --git a/2022/40xxx/CVE-2022-40093.json b/2022/40xxx/CVE-2022-40093.json index 7831d471379..9df71f9b481 100644 --- a/2022/40xxx/CVE-2022-40093.json +++ b/2022/40xxx/CVE-2022-40093.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-40093", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-40093", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/update_tax.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/autumnmap/Bug_report/blob/main/vendors/mayuri_k/online-tours-travels-management-system/SQLi-3.md", + "url": "https://github.com/autumnmap/Bug_report/blob/main/vendors/mayuri_k/online-tours-travels-management-system/SQLi-3.md" } ] } diff --git a/2022/40xxx/CVE-2022-40213.json b/2022/40xxx/CVE-2022-40213.json index e29fc904b88..4f82248fa35 100644 --- a/2022/40xxx/CVE-2022-40213.json +++ b/2022/40xxx/CVE-2022-40213.json @@ -1,18 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-09-14T22:29:00.000Z", "ID": "CVE-2022-40213", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress GS Testimonial Slider plugin <= 1.9.6 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GS Testimonial Slider (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 1.9.6", + "version_value": "1.9.6" + } + ] + } + } + ] + }, + "vendor_name": "GS Plugins" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Ngo Van Thien (Patchstack Alliance)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in GS Testimonial Slider plugin <= 1.9.6 at WordPress." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/gs-testimonial/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/gs-testimonial/#developers" + }, + { + "name": "https://patchstack.com/database/vulnerability/gs-testimonial/wordpress-gs-testimonial-slider-plugin-1-9-6-multiple-authenticated-stored-cross-site-scripting-xss-vulnerabilities/_s_id=cve", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/gs-testimonial/wordpress-gs-testimonial-slider-plugin-1-9-6-multiple-authenticated-stored-cross-site-scripting-xss-vulnerabilities/_s_id=cve" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to 1.9.7 or higher version." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/40xxx/CVE-2022-40853.json b/2022/40xxx/CVE-2022-40853.json index 9beebab7c86..094da85214f 100644 --- a/2022/40xxx/CVE-2022-40853.json +++ b/2022/40xxx/CVE-2022-40853.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-40853", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-40853", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC15 router V15.03.05.19 contains a stack overflow via the list parameter at /goform/fast_setting_wifi_set" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC15/form_fast_setting_wifi_set.md", + "refsource": "MISC", + "name": "https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC15/form_fast_setting_wifi_set.md" } ] } diff --git a/2022/40xxx/CVE-2022-40860.json b/2022/40xxx/CVE-2022-40860.json index f08aa2e3a9b..cc07a64f2fd 100644 --- a/2022/40xxx/CVE-2022-40860.json +++ b/2022/40xxx/CVE-2022-40860.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-40860", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-40860", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC15 router V15.03.05.19 contains a stack overflow vulnerability in the function formSetQosBand->FUN_0007dd20 with request /goform/SetNetControlList" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC15/formSetQosBand.md", + "refsource": "MISC", + "name": "https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC15/formSetQosBand.md" } ] } diff --git a/2022/40xxx/CVE-2022-40862.json b/2022/40xxx/CVE-2022-40862.json index 46e86eb616f..700975387f4 100644 --- a/2022/40xxx/CVE-2022-40862.json +++ b/2022/40xxx/CVE-2022-40862.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-40862", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-40862", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC15 and AC18 router V15.03.05.19 contains stack overflow vulnerability in the function fromNatStaticSetting with the request /goform/NatStaticSetting" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC15/fromNatStaticSetting.md", + "refsource": "MISC", + "name": "https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC15/fromNatStaticSetting.md" + }, + { + "refsource": "MISC", + "name": "https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC18/fromNatStaticSetting.md", + "url": "https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC18/fromNatStaticSetting.md" } ] } diff --git a/2022/40xxx/CVE-2022-40864.json b/2022/40xxx/CVE-2022-40864.json index af34bd76ea2..0e1209217f7 100644 --- a/2022/40xxx/CVE-2022-40864.json +++ b/2022/40xxx/CVE-2022-40864.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-40864", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-40864", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function setSmartPowerManagement with the request /goform/PowerSaveSet" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC18/setSmartPowerManagement.md", + "refsource": "MISC", + "name": "https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC18/setSmartPowerManagement.md" + }, + { + "url": "https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC15/setSmartPowerManagement.md", + "refsource": "MISC", + "name": "https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC15/setSmartPowerManagement.md" } ] } diff --git a/2022/40xxx/CVE-2022-40865.json b/2022/40xxx/CVE-2022-40865.json index 9b20345cc25..917610651c4 100644 --- a/2022/40xxx/CVE-2022-40865.json +++ b/2022/40xxx/CVE-2022-40865.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-40865", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-40865", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC15 and AC18 routers V15.03.05.19 contain heap overflow vulnerabilities in the function setSchedWifi with the request /goform/openSchedWifi/" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC15/setSchedWifi.md", + "refsource": "MISC", + "name": "https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC15/setSchedWifi.md" + }, + { + "url": "https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC18/setSchedWifi.md", + "refsource": "MISC", + "name": "https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC18/setSchedWifi.md" } ] } diff --git a/2022/40xxx/CVE-2022-40869.json b/2022/40xxx/CVE-2022-40869.json index 1e9e28eedf3..add8968d727 100644 --- a/2022/40xxx/CVE-2022-40869.json +++ b/2022/40xxx/CVE-2022-40869.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-40869", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-40869", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function fromDhcpListClient with a combined parameter \"list*\" (\"%s%d\",\"list\")." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC15/fromDhcpListClient-list.md", + "refsource": "MISC", + "name": "https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC15/fromDhcpListClient-list.md" + }, + { + "url": "https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC18/fromDhcpListClient-list.md", + "refsource": "MISC", + "name": "https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC18/fromDhcpListClient-list.md" } ] }