"-Synchronized-Data."

2025-06-19 17:32:41 +00:00 · 2022-01-18 19:01:15 +00:00 · 2022-01-18 19:01:15 +00:00 · ae4fab331d
commit ae4fab331d
parent 47ee349c6c
6 changed files with 95 additions and 67 deletions
--- a/2020/9xxx/CVE-2020-9493.json
+++ b/2020/9xxx/CVE-2020-9493.json
@ -78,6 +78,11 @@
                "refsource": "MLIST",
                "name": "[announce] 20210615 CVE-2020-9493: Apache Chainsaw: Java deserialization in Chainsaw",
                "url": "https://lists.apache.org/thread.html/r50d389c613ba6062a26aa57e163c09bfee4ff2d95d67331d75265b83@%3Cannounce.apache.org%3E"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[oss-security] 20220118 CVE-2022-23307: Apache Log4j 1.x: A deserialization flaw in the Chainsaw component of Log4j 1 can lead to malicious code execution.",
+                "url": "http://www.openwall.com/lists/oss-security/2022/01/18/5"
            }
        ]
    },
--- a/2021/31xxx/CVE-2021-31771.json
+++ b/2021/31xxx/CVE-2021-31771.json
@ -1,71 +1,17 @@
 {
-    "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
-        "ID": "CVE-2021-31771",
-        "STATE": "PUBLIC"
-    },
-    "affects": {
-        "vendor": {
-            "vendor_data": [
-                {
-                    "product": {
-                        "product_data": [
-                            {
-                                "product_name": "n/a",
-                                "version": {
-                                    "version_data": [
-                                        {
-                                            "version_value": "n/a"
-                                        }
-                                    ]
-                                }
-                            }
-                        ]
-                    },
-                    "vendor_name": "n/a"
-                }
-            ]
-        }
-    },
-    "data_format": "MITRE",
    "data_type": "CVE",
+    "data_format": "MITRE",
    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2021-31771",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "REJECT"
+    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** DISPUTED ** Splinterware System Scheduler Professional version 5.30 is subject to insecure folders permissions issue impacting where the service 'WindowsScheduler' calls its executable. This allow a non-privileged user to execute arbitrary code with elevated privileges (system level privileges as \"nt authority\\system\") since the service runs as Local System. NOTE: the vendor states that the exploit-db.com and packetstormsecurity.com references (provided by a third party) were deleted once the vendor \"proved that he had made a mistake.\""
-            }
-        ]
-    },
-    "problemtype": {
-        "problemtype_data": [
-            {
-                "description": [
-                    {
-                        "lang": "eng",
-                        "value": "n/a"
-                    }
-                ]
-            }
-        ]
-    },
-    "references": {
-        "reference_data": [
-            {
-                "url": "http://splinterware.com",
-                "refsource": "MISC",
-                "name": "http://splinterware.com"
-            },
-            {
-                "refsource": "MISC",
-                "name": "https://packetstormsecurity.com/files/162540/Splinterware-System-Scheduler-Professional-5.30-Privilege-Escalation.html",
-                "url": "https://packetstormsecurity.com/files/162540/Splinterware-System-Scheduler-Professional-5.30-Privilege-Escalation.html"
-            },
-            {
-                "refsource": "MISC",
-                "name": "https://www.exploit-db.com/exploits/49858",
-                "url": "https://www.exploit-db.com/exploits/49858"
+                "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
            }
        ]
    }
--- a/2021/44xxx/CVE-2021-44840.json
+++ b/2021/44xxx/CVE-2021-44840.json
@ -1,17 +1,66 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
-        "ID": "CVE-2021-44840",
        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ID": "CVE-2021-44840",
+        "STATE": "PUBLIC"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "n/a",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "n/a"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "n/a"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "An issue was discovered in Delta RM 1.2. Using an privileged account, it is possible to edit, create, and delete risk labels, such as Criticality and Priority Indication labels. By using the /core/table/query endpoint, and by using a POST request and indicating the affected label with tableUid parameter and the operation with datas[query], it is possible to edit, create, and delete the following labels: Priority Indication, Quality Evaluation, Progress Margin and Priority. Furthermore, it is also possible to export Criticality labels with an unprivileged user."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "n/a"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://www.deltarm.com",
+                "refsource": "MISC",
+                "name": "https://www.deltarm.com"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://gist.github.com/rntcruz23/81f83f9e406198b08ab40ffae8336a92",
+                "url": "https://gist.github.com/rntcruz23/81f83f9e406198b08ab40ffae8336a92"
            }
        ]
    }
--- a/2021/4xxx/CVE-2021-4104.json
+++ b/2021/4xxx/CVE-2021-4104.json
@ -90,6 +90,11 @@
                "refsource": "CONFIRM",
                "name": "https://security.netapp.com/advisory/ntap-20211223-0007/",
                "url": "https://security.netapp.com/advisory/ntap-20211223-0007/"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[oss-security] 20220118 CVE-2022-23302: Deserialization of untrusted data in JMSSink in Apache Log4j 1.x",
+                "url": "http://www.openwall.com/lists/oss-security/2022/01/18/3"
            }
        ]
    },
--- a/2022/0xxx/CVE-2022-0274.json
+++ b/2022/0xxx/CVE-2022-0274.json
@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2022-0274",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}
--- a/2022/21xxx/CVE-2022-21970.json
+++ b/2022/21xxx/CVE-2022-21970.json
@ -56,6 +56,11 @@
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21970",
                "refsource": "MISC",
                "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21970"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://github.com/nu11secur1ty/Windows10Exploits/tree/master/2022/CVE-2022-21970",
+                "url": "https://github.com/nu11secur1ty/Windows10Exploits/tree/master/2022/CVE-2022-21970"
            }
        ]
    },