From ae4fab331df07f69d7a27a90819d5a33785553e5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 18 Jan 2022 19:01:15 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/9xxx/CVE-2020-9493.json | 5 +++ 2021/31xxx/CVE-2021-31771.json | 68 ++++------------------------------ 2021/44xxx/CVE-2021-44840.json | 61 +++++++++++++++++++++++++++--- 2021/4xxx/CVE-2021-4104.json | 5 +++ 2022/0xxx/CVE-2022-0274.json | 18 +++++++++ 2022/21xxx/CVE-2022-21970.json | 5 +++ 6 files changed, 95 insertions(+), 67 deletions(-) create mode 100644 2022/0xxx/CVE-2022-0274.json diff --git a/2020/9xxx/CVE-2020-9493.json b/2020/9xxx/CVE-2020-9493.json index 122ef688b82..38e914a878d 100644 --- a/2020/9xxx/CVE-2020-9493.json +++ b/2020/9xxx/CVE-2020-9493.json @@ -78,6 +78,11 @@ "refsource": "MLIST", "name": "[announce] 20210615 CVE-2020-9493: Apache Chainsaw: Java deserialization in Chainsaw", "url": "https://lists.apache.org/thread.html/r50d389c613ba6062a26aa57e163c09bfee4ff2d95d67331d75265b83@%3Cannounce.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20220118 CVE-2022-23307: Apache Log4j 1.x: A deserialization flaw in the Chainsaw component of Log4j 1 can lead to malicious code execution.", + "url": "http://www.openwall.com/lists/oss-security/2022/01/18/5" } ] }, diff --git a/2021/31xxx/CVE-2021-31771.json b/2021/31xxx/CVE-2021-31771.json index 7a5d927f640..cbc6cbdd13c 100644 --- a/2021/31xxx/CVE-2021-31771.json +++ b/2021/31xxx/CVE-2021-31771.json @@ -1,71 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2021-31771", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-31771", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** DISPUTED ** Splinterware System Scheduler Professional version 5.30 is subject to insecure folders permissions issue impacting where the service 'WindowsScheduler' calls its executable. This allow a non-privileged user to execute arbitrary code with elevated privileges (system level privileges as \"nt authority\\system\") since the service runs as Local System. NOTE: the vendor states that the exploit-db.com and packetstormsecurity.com references (provided by a third party) were deleted once the vendor \"proved that he had made a mistake.\"" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "http://splinterware.com", - "refsource": "MISC", - "name": "http://splinterware.com" - }, - { - "refsource": "MISC", - "name": "https://packetstormsecurity.com/files/162540/Splinterware-System-Scheduler-Professional-5.30-Privilege-Escalation.html", - "url": "https://packetstormsecurity.com/files/162540/Splinterware-System-Scheduler-Professional-5.30-Privilege-Escalation.html" - }, - { - "refsource": "MISC", - "name": "https://www.exploit-db.com/exploits/49858", - "url": "https://www.exploit-db.com/exploits/49858" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2021/44xxx/CVE-2021-44840.json b/2021/44xxx/CVE-2021-44840.json index 1f8e5413f8b..51af3938ba7 100644 --- a/2021/44xxx/CVE-2021-44840.json +++ b/2021/44xxx/CVE-2021-44840.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-44840", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-44840", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Delta RM 1.2. Using an privileged account, it is possible to edit, create, and delete risk labels, such as Criticality and Priority Indication labels. By using the /core/table/query endpoint, and by using a POST request and indicating the affected label with tableUid parameter and the operation with datas[query], it is possible to edit, create, and delete the following labels: Priority Indication, Quality Evaluation, Progress Margin and Priority. Furthermore, it is also possible to export Criticality labels with an unprivileged user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.deltarm.com", + "refsource": "MISC", + "name": "https://www.deltarm.com" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/rntcruz23/81f83f9e406198b08ab40ffae8336a92", + "url": "https://gist.github.com/rntcruz23/81f83f9e406198b08ab40ffae8336a92" } ] } diff --git a/2021/4xxx/CVE-2021-4104.json b/2021/4xxx/CVE-2021-4104.json index f3eddea28f3..3adc8a270f4 100644 --- a/2021/4xxx/CVE-2021-4104.json +++ b/2021/4xxx/CVE-2021-4104.json @@ -90,6 +90,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20211223-0007/", "url": "https://security.netapp.com/advisory/ntap-20211223-0007/" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20220118 CVE-2022-23302: Deserialization of untrusted data in JMSSink in Apache Log4j 1.x", + "url": "http://www.openwall.com/lists/oss-security/2022/01/18/3" } ] }, diff --git a/2022/0xxx/CVE-2022-0274.json b/2022/0xxx/CVE-2022-0274.json new file mode 100644 index 00000000000..04b46c29708 --- /dev/null +++ b/2022/0xxx/CVE-2022-0274.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-0274", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21970.json b/2022/21xxx/CVE-2022-21970.json index 20b47ca7556..1804875c9c2 100644 --- a/2022/21xxx/CVE-2022-21970.json +++ b/2022/21xxx/CVE-2022-21970.json @@ -56,6 +56,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21970", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21970" + }, + { + "refsource": "MISC", + "name": "https://github.com/nu11secur1ty/Windows10Exploits/tree/master/2022/CVE-2022-21970", + "url": "https://github.com/nu11secur1ty/Windows10Exploits/tree/master/2022/CVE-2022-21970" } ] },