diff --git a/2020/17xxx/CVE-2020-17456.json b/2020/17xxx/CVE-2020-17456.json index f16a95afc3c..6849389ce81 100644 --- a/2020/17xxx/CVE-2020-17456.json +++ b/2020/17xxx/CVE-2020-17456.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/158933/Seowon-SlC-130-Router-Remote-Code-Execution.html", "url": "http://packetstormsecurity.com/files/158933/Seowon-SlC-130-Router-Remote-Code-Execution.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/166273/Seowon-SLR-120-Router-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/166273/Seowon-SLR-120-Router-Remote-Code-Execution.html" } ] } diff --git a/2021/23xxx/CVE-2021-23246.json b/2021/23xxx/CVE-2021-23246.json index aba5bc21d73..cc4f1cb369f 100644 --- a/2021/23xxx/CVE-2021-23246.json +++ b/2021/23xxx/CVE-2021-23246.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-23246", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@oppo.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ACE2", + "version": { + "version_data": [ + { + "version_value": "ColorOS 11" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "ID" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1502209104851247104", + "url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1502209104851247104" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ACE2 ColorOS11, the attacker can obtain the foreground package name through permission promotion, resulting in user information disclosure." } ] } diff --git a/2021/26xxx/CVE-2021-26341.json b/2021/26xxx/CVE-2021-26341.json index 54b0d0cf35d..bc97fb1913f 100644 --- a/2021/26xxx/CVE-2021-26341.json +++ b/2021/26xxx/CVE-2021-26341.json @@ -1,18 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@amd.com", + "DATE_PUBLIC": "2022-03-08T20:00:00.000Z", "ID": "CVE-2021-26341", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AMD Processors", + "version": { + "version_data": [ + { + "version_affected": "!", + "version_name": "Processor ", + "version_value": "Zen 3" + } + ] + } + } + ] + }, + "vendor_name": "AMD" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NA" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1026", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1026" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26401.json b/2021/26xxx/CVE-2021-26401.json index 9b9648b52a3..a6c77170694 100644 --- a/2021/26xxx/CVE-2021-26401.json +++ b/2021/26xxx/CVE-2021-26401.json @@ -1,18 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@amd.com", + "DATE_PUBLIC": "2022-03-08T20:00:00.000Z", "ID": "CVE-2021-26401", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AMD Processors", + "version": { + "version_data": [ + { + "version_affected": "!", + "version_name": "Processor ", + "version_value": "Zen 3" + } + ] + } + } + ] + }, + "vendor_name": "AMD" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NA" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1036", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1036" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/27xxx/CVE-2021-27414.json b/2021/27xxx/CVE-2021-27414.json index 062e8761e50..5467851fb4b 100644 --- a/2021/27xxx/CVE-2021-27414.json +++ b/2021/27xxx/CVE-2021-27414.json @@ -1,18 +1,109 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2021-27414", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "User interface misrepresentation of critical information in Hitachi ABB Power Grids Ellipse EAM" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Ellipse Enterprise Asset Management (EAM)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "9.0.25" + } + ] + } + } + ] + }, + "vendor_name": "Hitachi ABB Power Grids" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Hitachi ABB Power Grids reported these vulnerabilities to CISA." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An attacker could trick a user of Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 into visiting a malicious website posing as a login page for the Ellipse application and gather authentication credentials." } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-451 User Interface (UI) Misrepresentation of Critical Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-01", + "refsource": "CONFIRM", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-01" + }, + { + "name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A7777&LanguageCode=en&DocumentPartId=&Action=Launch", + "refsource": "CONFIRM", + "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A7777&LanguageCode=en&DocumentPartId=&Action=Launch" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Hitachi ABB Power Grids recommends users apply the update as soon as they are able. Ellipse EAM Version 9.0.23 fixes one of the vulnerabilities, and Ellipse EAM Version 9.0.26 fixes both.\n\nHitachi ABB Power Grids published cybersecurity advisory PGVU-PGGA-Ellipse-202027 to give users more information about this issue." + } + ], + "source": { + "discovery": "INTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "Hitachi ABB Power Grids recommends following security best practices and firewall configurations to help protect a process control network from attacks originating from an outside the network. Such practices include:\n\n Ensure critical applications and systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall.\n Firewalls should be configured to have the minimum number of ports exposed and open ports should be justified and documented.\n Critical systems should not be used for Internet surfing, instant messaging, or receiving e-mails.\n Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.\n It is important to implement robust security awareness training to ensure users are able to identify common attacks or content such as phishing emails or malicious web pages.\n" + } + ] } \ No newline at end of file diff --git a/2021/27xxx/CVE-2021-27416.json b/2021/27xxx/CVE-2021-27416.json index 66515499738..340cfcc8e58 100644 --- a/2021/27xxx/CVE-2021-27416.json +++ b/2021/27xxx/CVE-2021-27416.json @@ -1,18 +1,109 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2021-27416", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cross-site scripting in Hitachi ABB Power Grids Ellipse EAM" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Ellipse Enterprise Asset Management (EAM)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "9.0.25" + } + ] + } + } + ] + }, + "vendor_name": "Hitachi ABB Power Grids" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Hitachi ABB Power Grids reported these vulnerabilities to CISA." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web browser. This can result in the compromise of confidential information, or even the takeover of the user\u2019s session." } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-01", + "refsource": "CONFIRM", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-01" + }, + { + "name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A7777&LanguageCode=en&DocumentPartId=&Action=Launch", + "refsource": "CONFIRM", + "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A7777&LanguageCode=en&DocumentPartId=&Action=Launch" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Hitachi ABB Power Grids recommends users apply the update as soon as they are able. Ellipse EAM Version 9.0.23 fixes one of the vulnerabilities, and Ellipse EAM Version 9.0.26 fixes both.\n\nHitachi ABB Power Grids published cybersecurity advisory PGVU-PGGA-Ellipse-202027 to give users more information about this issue." + } + ], + "source": { + "discovery": "INTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "Hitachi ABB Power Grids recommends following security best practices and firewall configurations to help protect a process control network from attacks originating from an outside the network. Such practices include:\n\n Ensure critical applications and systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall.\n Firewalls should be configured to have the minimum number of ports exposed and open ports should be justified and documented.\n Critical systems should not be used for Internet surfing, instant messaging, or receiving e-mails.\n Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.\n It is important to implement robust security awareness training to ensure users are able to identify common attacks or content such as phishing emails or malicious web pages.\n" + } + ] } \ No newline at end of file diff --git a/2021/32xxx/CVE-2021-32009.json b/2021/32xxx/CVE-2021-32009.json index ea1e4b8963f..d167f155335 100644 --- a/2021/32xxx/CVE-2021-32009.json +++ b/2021/32xxx/CVE-2021-32009.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "VulnerabilityReporting@secomea.com", "ID": "CVE-2021-32009", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Missing XSS guards on firmware page" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GateManager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "All", + "version_value": "9.6.621421014" + } + ] + } + } + ] + }, + "vendor_name": "Secomea" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site Scripting (XSS) vulnerability in firmware section of Secomea GateManager allows logged in user to inject javascript in browser session. This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.secomea.com/support/cybersecurity-advisory", + "name": "https://www.secomea.com/support/cybersecurity-advisory" + } + ] + }, + "source": { + "defect": [ + "RD-5196" + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2021/32xxx/CVE-2021-32472.json b/2021/32xxx/CVE-2021-32472.json index 39aa111905f..ccfad09953b 100644 --- a/2021/32xxx/CVE-2021-32472.json +++ b/2021/32xxx/CVE-2021-32472.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-32472", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "moodle", + "version": { + "version_data": [ + { + "version_value": "3.10 to 3.10.3, 3.9 to 3.9.6 and 3.8 to 3.8.8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://moodle.org/mod/forum/discuss.php?d=422305", + "url": "https://moodle.org/mod/forum/discuss.php?d=422305" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6 and 3.8 to 3.8.8 are affected." } ] } diff --git a/2021/32xxx/CVE-2021-32473.json b/2021/32xxx/CVE-2021-32473.json index 11406241d18..4efd9b76e48 100644 --- a/2021/32xxx/CVE-2021-32473.json +++ b/2021/32xxx/CVE-2021-32473.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-32473", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "moodle", + "version": { + "version_data": [ + { + "version_value": "3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://moodle.org/mod/forum/discuss.php?d=422307", + "url": "https://moodle.org/mod/forum/discuss.php?d=422307" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "It was possible for a student to view their quiz grade before it had been released, using a quiz web service. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected" } ] } diff --git a/2021/32xxx/CVE-2021-32474.json b/2021/32xxx/CVE-2021-32474.json index 2b7131ec4a3..581ad8333bf 100644 --- a/2021/32xxx/CVE-2021-32474.json +++ b/2021/32xxx/CVE-2021-32474.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-32474", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "moodle", + "version": { + "version_data": [ + { + "version_value": "3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://moodle.org/mod/forum/discuss.php?d=422308", + "url": "https://moodle.org/mod/forum/discuss.php?d=422308" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected." } ] } diff --git a/2021/32xxx/CVE-2021-32475.json b/2021/32xxx/CVE-2021-32475.json index 49c1343f62e..e80271f8e60 100644 --- a/2021/32xxx/CVE-2021-32475.json +++ b/2021/32xxx/CVE-2021-32475.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-32475", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "moodle", + "version": { + "version_data": [ + { + "version_value": "3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://moodle.org/mod/forum/discuss.php?d=422309", + "url": "https://moodle.org/mod/forum/discuss.php?d=422309" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected." } ] } diff --git a/2021/32xxx/CVE-2021-32476.json b/2021/32xxx/CVE-2021-32476.json index 420aec14137..f037a584954 100644 --- a/2021/32xxx/CVE-2021-32476.json +++ b/2021/32xxx/CVE-2021-32476.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-32476", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "moodle", + "version": { + "version_data": [ + { + "version_value": "3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://moodle.org/mod/forum/discuss.php?d=422310", + "url": "https://moodle.org/mod/forum/discuss.php?d=422310" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected." } ] } diff --git a/2021/32xxx/CVE-2021-32477.json b/2021/32xxx/CVE-2021-32477.json index ef3fac5d923..f120f3e624d 100644 --- a/2021/32xxx/CVE-2021-32477.json +++ b/2021/32xxx/CVE-2021-32477.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-32477", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "moodle", + "version": { + "version_data": [ + { + "version_value": "3.10 to 3.10.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://moodle.org/mod/forum/discuss.php?d=422313", + "url": "https://moodle.org/mod/forum/discuss.php?d=422313" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capability (site administrators by default). Moodle versions 3.10 to 3.10.3 are affected." } ] } diff --git a/2021/32xxx/CVE-2021-32478.json b/2021/32xxx/CVE-2021-32478.json index eededa17a0d..5d7542dd658 100644 --- a/2021/32xxx/CVE-2021-32478.json +++ b/2021/32xxx/CVE-2021-32478.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-32478", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "moodle", + "version": { + "version_data": [ + { + "version_value": "3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://moodle.org/mod/forum/discuss.php?d=422314", + "url": "https://moodle.org/mod/forum/discuss.php?d=422314" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected." } ] } diff --git a/2021/33xxx/CVE-2021-33150.json b/2021/33xxx/CVE-2021-33150.json index 8bad929ab6a..f556013e4d3 100644 --- a/2021/33xxx/CVE-2021-33150.json +++ b/2021/33xxx/CVE-2021-33150.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-33150", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Trace Hub instances which", + "version": { + "version_data": [ + { + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": " escalation of privilege " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00609.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00609.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Hardware allows activation of test or debug logic at runtime for some Intel(R) Trace Hub instances which may allow an unauthenticated user to potentially enable escalation of privilege via physical access." } ] } diff --git a/2021/33xxx/CVE-2021-33851.json b/2021/33xxx/CVE-2021-33851.json index 2ec9232d770..394d8ca4a69 100644 --- a/2021/33xxx/CVE-2021-33851.json +++ b/2021/33xxx/CVE-2021-33851.json @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user\u2019s browser while the browser is connected to a trusted website. The attack targets your application's users and not the application itself while using your application as the attack's vehicle. The XSS payload executes whenever the user opens the login page of the WordPress application." + "value": "A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the \"Custom logo link\" executes whenever the user opens the Settings Page of the \"Customize Login Image\" Plugin." } ] } diff --git a/2021/33xxx/CVE-2021-33852.json b/2021/33xxx/CVE-2021-33852.json index 4fb2a71336a..0d7d29199be 100644 --- a/2021/33xxx/CVE-2021-33852.json +++ b/2021/33xxx/CVE-2021-33852.json @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "A cross-site scripting (XSS) attack can cause arbitrary code (javascript) to run in a user\u2019s browser while the browser is connected to a trusted website. The application targets your application\u2019s users and not the application itself, but it uses your application as the vehicle for the attack. The XSS payload executes whenever the user opens the Settings Page of the Post Duplicator Plugin or the application root page after duplicating any of the existing posts." + "value": "A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the \"Duplicate Title\" text box executes whenever the user opens the Settings Page of the Post Duplicator Plugin or the application root page after duplicating any of the existing posts." } ] } diff --git a/2022/0xxx/CVE-2022-0001.json b/2022/0xxx/CVE-2022-0001.json index dcb52abd24b..4751b923d99 100644 --- a/2022/0xxx/CVE-2022-0001.json +++ b/2022/0xxx/CVE-2022-0001.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-0001", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Processors", + "version": { + "version_data": [ + { + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": " information disclosure " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access." } ] } diff --git a/2022/0xxx/CVE-2022-0002.json b/2022/0xxx/CVE-2022-0002.json index 5e492573db2..ccab61887a4 100644 --- a/2022/0xxx/CVE-2022-0002.json +++ b/2022/0xxx/CVE-2022-0002.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-0002", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Processors", + "version": { + "version_data": [ + { + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": " information disclosure " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access." } ] } diff --git a/2022/0xxx/CVE-2022-0853.json b/2022/0xxx/CVE-2022-0853.json index 7f6ef07058d..b3c1dc7b4d4 100644 --- a/2022/0xxx/CVE-2022-0853.json +++ b/2022/0xxx/CVE-2022-0853.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-0853", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "jboss-client", + "version": { + "version_data": [ + { + "version_value": "1.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Leakage" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725" + }, + { + "refsource": "MISC", + "name": "https://github.com/ByteHackr/CVE-2022-0853", + "url": "https://github.com/ByteHackr/CVE-2022-0853" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability." } ] } diff --git a/2022/0xxx/CVE-2022-0907.json b/2022/0xxx/CVE-2022-0907.json index 648bbbd7a9c..a660e91b6a1 100644 --- a/2022/0xxx/CVE-2022-0907.json +++ b/2022/0xxx/CVE-2022-0907.json @@ -4,15 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-0907", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "libtiff", + "product": { + "product_data": [ + { + "product_name": "libtiff", + "version": { + "version_data": [ + { + "version_value": "=4.3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Vulnerability in libtiff" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/libtiff/libtiff/-/issues/392", + "url": "https://gitlab.com/libtiff/libtiff/-/issues/392", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/libtiff/libtiff/-/merge_requests/314", + "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/314", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0907.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0907.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "wangdw.augustus@gmail.com" + } + ] } \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0908.json b/2022/0xxx/CVE-2022-0908.json index 3222878f73d..5e457027f40 100644 --- a/2022/0xxx/CVE-2022-0908.json +++ b/2022/0xxx/CVE-2022-0908.json @@ -4,15 +4,85 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-0908", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "TIFF Software Distribution", + "product": { + "product_data": [ + { + "product_name": "libtiff", + "version": { + "version_data": [ + { + "version_value": "<=4.3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Null pointer dereference in libtiff" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/libtiff/libtiff/-/issues/383", + "url": "https://gitlab.com/libtiff/libtiff/-/issues/383", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/libtiff/libtiff/-/commit/a95b799f65064e4ba2e2dfc206808f86faf93e85", + "url": "https://gitlab.com/libtiff/libtiff/-/commit/a95b799f65064e4ba2e2dfc206808f86faf93e85", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0908.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0908.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file." } ] + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 7.7, + "baseSeverity": "HIGH" + } } } \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0909.json b/2022/0xxx/CVE-2022-0909.json index 87b3139441a..3af56b5244a 100644 --- a/2022/0xxx/CVE-2022-0909.json +++ b/2022/0xxx/CVE-2022-0909.json @@ -4,15 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-0909", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "libtiff", + "product": { + "product_data": [ + { + "product_name": "libtiff", + "version": { + "version_data": [ + { + "version_value": "=4.3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Divide by zero in libtiff" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/libtiff/libtiff/-/issues/393", + "url": "https://gitlab.com/libtiff/libtiff/-/issues/393", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/libtiff/libtiff/-/merge_requests/310", + "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/310", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0909.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0909.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "wangdw.augustus@gmail.com" + } + ] } \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0924.json b/2022/0xxx/CVE-2022-0924.json index 641bfc9ff4c..5eb3306fe37 100644 --- a/2022/0xxx/CVE-2022-0924.json +++ b/2022/0xxx/CVE-2022-0924.json @@ -4,15 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-0924", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "libtiff", + "product": { + "product_data": [ + { + "product_name": "libtiff", + "version": { + "version_data": [ + { + "version_value": "=4.3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read in libtiff" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/libtiff/libtiff/-/issues/278", + "url": "https://gitlab.com/libtiff/libtiff/-/issues/278", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/libtiff/libtiff/-/merge_requests/311", + "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/311", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0924.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0924.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "wangdw.augustus@gmail.com" + } + ] } \ No newline at end of file diff --git a/2022/23xxx/CVE-2022-23187.json b/2022/23xxx/CVE-2022-23187.json index 0df70f3ac53..06c07515ede 100644 --- a/2022/23xxx/CVE-2022-23187.json +++ b/2022/23xxx/CVE-2022-23187.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-03-08T23:00:00.000Z", "ID": "CVE-2022-23187", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Illustrator 2022 Buffer Overflow could lead to Arbitrary code execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Illustrator", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "26.0.3" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Illustrator version 26.0.3 (and earlier) is affected by a buffer overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Illustrator." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow (CWE-120)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/illustrator/apsb22-15.html", + "name": "https://helpx.adobe.com/security/products/illustrator/apsb22-15.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/23xxx/CVE-2022-23730.json b/2022/23xxx/CVE-2022-23730.json index 60bc9659f7b..bed8fee2247 100644 --- a/2022/23xxx/CVE-2022-23730.json +++ b/2022/23xxx/CVE-2022-23730.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23730", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product.security@lge.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "LG webOS TV", + "version": { + "version_data": [ + { + "version_value": "webOS 4.0 or higher" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://lgsecurity.lge.com/bulletins/tv", + "url": "https://lgsecurity.lge.com/bulletins/tv" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The public API error causes for the attacker to be able to bypass API access control." } ] } diff --git a/2022/23xxx/CVE-2022-23731.json b/2022/23xxx/CVE-2022-23731.json index 7d7c6d2a256..aa0cd9bd711 100644 --- a/2022/23xxx/CVE-2022-23731.json +++ b/2022/23xxx/CVE-2022-23731.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23731", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product.security@lge.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "LG webOS TV", + "version": { + "version_data": [ + { + "version_value": "webOS 4.0 or higher" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-264 Permissions, Privileges, and Access Controls" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://lgsecurity.lge.com/bulletins/tv", + "url": "https://lgsecurity.lge.com/bulletins/tv" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "V8 javascript engine (heap vulnerability) can cause privilege escalation ,which can impact on some webOS TV models." } ] } diff --git a/2022/23xxx/CVE-2022-23924.json b/2022/23xxx/CVE-2022-23924.json index 5a1fa4e6958..0eb08cc86ce 100644 --- a/2022/23xxx/CVE-2022-23924.json +++ b/2022/23xxx/CVE-2022-23924.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23924", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HP PC BIOS", + "version": { + "version_data": [ + { + "version_value": "before 02.07.10 (S05, S15 BIOS)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege; Arbitrary Code Execution; Unauthorized Code Execution; Denial of Service; Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hp.com/us-en/document/ish_5817864-5817896-16", + "url": "https://support.hp.com/us-en/document/ish_5817864-5817896-16" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure." } ] } diff --git a/2022/23xxx/CVE-2022-23925.json b/2022/23xxx/CVE-2022-23925.json index 918cbb5a140..3516611a26a 100644 --- a/2022/23xxx/CVE-2022-23925.json +++ b/2022/23xxx/CVE-2022-23925.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23925", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HP PC BIOS", + "version": { + "version_data": [ + { + "version_value": "before 02.07.10 (S05, S15 BIOS)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege; Arbitrary Code Execution; Unauthorized Code Execution; Denial of Service; Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hp.com/us-en/document/ish_5817864-5817896-16", + "url": "https://support.hp.com/us-en/document/ish_5817864-5817896-16" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure." } ] } diff --git a/2022/23xxx/CVE-2022-23926.json b/2022/23xxx/CVE-2022-23926.json index 20f49dfcee1..bc2587f6057 100644 --- a/2022/23xxx/CVE-2022-23926.json +++ b/2022/23xxx/CVE-2022-23926.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23926", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HP PC BIOS", + "version": { + "version_data": [ + { + "version_value": "before 02.07.10 (S05, S15 BIOS)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege; Arbitrary Code Execution; Unauthorized Code Execution; Denial of Service; Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hp.com/us-en/document/ish_5817864-5817896-16", + "url": "https://support.hp.com/us-en/document/ish_5817864-5817896-16" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure." } ] } diff --git a/2022/23xxx/CVE-2022-23927.json b/2022/23xxx/CVE-2022-23927.json index c511c7cbfdd..e02f5dde912 100644 --- a/2022/23xxx/CVE-2022-23927.json +++ b/2022/23xxx/CVE-2022-23927.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23927", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HP PC BIOS", + "version": { + "version_data": [ + { + "version_value": "before 02.07.10 (S05, S15 BIOS)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege; Arbitrary Code Execution; Unauthorized Code Execution; Denial of Service; Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hp.com/us-en/document/ish_5817864-5817896-16", + "url": "https://support.hp.com/us-en/document/ish_5817864-5817896-16" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure." } ] } diff --git a/2022/23xxx/CVE-2022-23930.json b/2022/23xxx/CVE-2022-23930.json index 55098bb424d..543eed8616c 100644 --- a/2022/23xxx/CVE-2022-23930.json +++ b/2022/23xxx/CVE-2022-23930.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23930", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HP PC BIOS", + "version": { + "version_data": [ + { + "version_value": "before 02.07.10 (S05, S15 BIOS)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege; Arbitrary Code Execution; Unauthorized Code Execution; Denial of Service; Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hp.com/us-en/document/ish_5817864-5817896-16", + "url": "https://support.hp.com/us-en/document/ish_5817864-5817896-16" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure." } ] } diff --git a/2022/23xxx/CVE-2022-23931.json b/2022/23xxx/CVE-2022-23931.json index 9129337a073..40e001247ed 100644 --- a/2022/23xxx/CVE-2022-23931.json +++ b/2022/23xxx/CVE-2022-23931.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23931", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HP PC BIOS", + "version": { + "version_data": [ + { + "version_value": "before 02.07.10 (S05, S15 BIOS)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege; Arbitrary Code Execution; Unauthorized Code Execution; Denial of Service; Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hp.com/us-en/document/ish_5817864-5817896-16", + "url": "https://support.hp.com/us-en/document/ish_5817864-5817896-16" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure." } ] } diff --git a/2022/23xxx/CVE-2022-23934.json b/2022/23xxx/CVE-2022-23934.json index d5969e6c715..6e8dacc4bd8 100644 --- a/2022/23xxx/CVE-2022-23934.json +++ b/2022/23xxx/CVE-2022-23934.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23934", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HP PC BIOS", + "version": { + "version_data": [ + { + "version_value": "before 02.07.10 (S05, S15 BIOS)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege; Arbitrary Code Execution; Unauthorized Code Execution; Denial of Service; Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hp.com/us-en/document/ish_5817864-5817896-16", + "url": "https://support.hp.com/us-en/document/ish_5817864-5817896-16" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure." } ] } diff --git a/2022/24xxx/CVE-2022-24090.json b/2022/24xxx/CVE-2022-24090.json index 7f746af19f8..7626b82a481 100644 --- a/2022/24xxx/CVE-2022-24090.json +++ b/2022/24xxx/CVE-2022-24090.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-03-08T23:00:00.000Z", "ID": "CVE-2022-24090", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Photoshop 2022 Out-of-bounds Read could lead to Memory leak" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Photoshop", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "23.1.1" + }, + { + "version_affected": "<=", + "version_value": "22.5.5" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Photoshop versions 23.1.1 (and earlier) and 22.5.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "None", + "baseScore": 5.5, + "baseSeverity": "Medium", + "confidentialityImpact": "High", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read (CWE-125)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/photoshop/apsb22-14.html", + "name": "https://helpx.adobe.com/security/products/photoshop/apsb22-14.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/24xxx/CVE-2022-24094.json b/2022/24xxx/CVE-2022-24094.json index eae3e442a5c..a68e9958e95 100644 --- a/2022/24xxx/CVE-2022-24094.json +++ b/2022/24xxx/CVE-2022-24094.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-03-08T23:00:00.000Z", "ID": "CVE-2022-24094", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe After Effects Stack-based Buffer Overflow Arbitrary code execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "After Effects", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "22.2" + }, + { + "version_affected": "<=", + "version_value": "18.4.4" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stack-based Buffer Overflow (CWE-121)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/after_effects/apsb22-17.html", + "name": "https://helpx.adobe.com/security/products/after_effects/apsb22-17.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/24xxx/CVE-2022-24095.json b/2022/24xxx/CVE-2022-24095.json index 5a8485d37bd..29d71472e55 100644 --- a/2022/24xxx/CVE-2022-24095.json +++ b/2022/24xxx/CVE-2022-24095.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-03-08T23:00:00.000Z", "ID": "CVE-2022-24095", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe After Effects Stack-based Buffer Overflow Arbitrary code execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "After Effects", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "22.2" + }, + { + "version_affected": "<=", + "version_value": "18.4.4" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stack-based Buffer Overflow (CWE-121)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/after_effects/apsb22-17.html", + "name": "https://helpx.adobe.com/security/products/after_effects/apsb22-17.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/24xxx/CVE-2022-24096.json b/2022/24xxx/CVE-2022-24096.json index e7536816e94..36d748f4d22 100644 --- a/2022/24xxx/CVE-2022-24096.json +++ b/2022/24xxx/CVE-2022-24096.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-03-08T23:00:00.000Z", "ID": "CVE-2022-24096", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe After Effects Heap-based Buffer Overflow Arbitrary code execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "After Effects", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "22.2" + }, + { + "version_affected": "<=", + "version_value": "18.4.4" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlier) are affected by an Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap-based Buffer Overflow (CWE-122)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/after_effects/apsb22-17.html", + "name": "https://helpx.adobe.com/security/products/after_effects/apsb22-17.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/24xxx/CVE-2022-24097.json b/2022/24xxx/CVE-2022-24097.json index 169fee1d452..08f3375e465 100644 --- a/2022/24xxx/CVE-2022-24097.json +++ b/2022/24xxx/CVE-2022-24097.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-03-08T23:00:00.000Z", "ID": "CVE-2022-24097", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe After Effects Out-of-bounds Write could lead to Arbitrary code execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "After Effects", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "22.2" + }, + { + "version_affected": "<=", + "version_value": "18.4.4" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Write (CWE-787)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/after_effects/apsb22-17.html", + "name": "https://helpx.adobe.com/security/products/after_effects/apsb22-17.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/25xxx/CVE-2022-25216.json b/2022/25xxx/CVE-2022-25216.json index efa792acb06..7eb8a2c1c34 100644 --- a/2022/25xxx/CVE-2022-25216.json +++ b/2022/25xxx/CVE-2022-25216.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-25216", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "DVDFab 12 Player / PlayerFab", + "version": { + "version_data": [ + { + "version_value": "6.2.1.0 - 7.0.0.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2022-07", + "url": "https://www.tenable.com/security/research/tra-2022-07" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An absolute path traversal vulnerability allows a remote attacker to download any file on the Windows file system for which the user account running DVDFab 12 Player (recently renamed PlayerFab) has read-access, by means of an HTTP GET request to http://:32080/download/." } ] } diff --git a/2022/25xxx/CVE-2022-25600.json b/2022/25xxx/CVE-2022-25600.json index 55f9f3dbafb..562fae715dd 100644 --- a/2022/25xxx/CVE-2022-25600.json +++ b/2022/25xxx/CVE-2022-25600.json @@ -1,18 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-02-22T14:59:00.000Z", "ID": "CVE-2022-25600", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress WP Google Map plugin <= 4.2.3 - Cross-Site Request Forgery (CSRF) vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WP Google Map Plugin (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 4.2.3", + "version_value": "4.2.3" + } + ] + } + } + ] + }, + "vendor_name": "Flippercode" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Ex.Mi (Patchstack)." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions <= 4.2.3)." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/wp-google-map-plugin/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/wp-google-map-plugin/#developers" + }, + { + "name": "https://patchstack.com/database/vulnerability/wp-google-map-plugin/wordpress-wp-google-map-plugin-4-2-3-cross-site-request-forgery-csrf-vulnerability", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/wp-google-map-plugin/wordpress-wp-google-map-plugin-4-2-3-cross-site-request-forgery-csrf-vulnerability" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to 4.2.4 or higher version." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/25xxx/CVE-2022-25601.json b/2022/25xxx/CVE-2022-25601.json index b045bf7e8c0..d3bbb98064a 100644 --- a/2022/25xxx/CVE-2022-25601.json +++ b/2022/25xxx/CVE-2022-25601.json @@ -1,18 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-02-25T15:41:00.000Z", "ID": "CVE-2022-25601", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress Contact Form X plugin <= 2.4 - Reflected Cross-Site Scripting (XSS) vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Contact Form X (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 2.4", + "version_value": "2.4" + } + ] + } + } + ] + }, + "vendor_name": "Jeff Starr" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Ex.Mi (Patchstack)." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter &tab discovered in Contact Form X WordPress plugin (versions <= 2.4)." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/contact-form-x/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/contact-form-x/#developers" + }, + { + "name": "https://patchstack.com/database/vulnerability/contact-form-x/wordpress-contact-form-x-plugin-2-4-authenticated-reflected-cross-site-scripting-xss-vulnerability", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/contact-form-x/wordpress-contact-form-x-plugin-2-4-authenticated-reflected-cross-site-scripting-xss-vulnerability" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to 2.4.1 or higher version." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/25xxx/CVE-2022-25621.json b/2022/25xxx/CVE-2022-25621.json index d6b506192ef..af73b10e6da 100644 --- a/2022/25xxx/CVE-2022-25621.json +++ b/2022/25xxx/CVE-2022-25621.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-25621", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt-info@cyber.jp.nec.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NEC Platforms, Ltd.", + "product": { + "product_data": [ + { + "product_name": "UNIVERGE DT", + "version": { + "version_data": [ + { + "version_value": "UNIVERGE WA 1020 Ver8.2.11 and prior, UNIVERGE WA 1510 Ver8.2.11 and prior, UNIVERGE WA 1511 Ver8.2.11 and prior, UNIVERGE WA 1512 Ver8.2.11 and prior, UNIVERGE WA 2020 Ver8.2.11 and prior, UNIVERGE WA 2021 Ver8.2.11 and prior, UNIVERGE WA 2610-AP Ver8.2.11 and prior, UNIVERGE WA 2611-AP Ver8.2.11 and prior, UNIVERGE WA 2611E-AP Ver8.2.11 and prior, UNIVERGE WA WA2612-AP Ver8.2.11 and prior," + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS command injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jpn.nec.com/security-info/secinfo/nv22-004_en.html", + "refsource": "MISC", + "name": "https://jpn.nec.com/security-info/secinfo/nv22-004_en.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "UUNIVERGE WA 1020 Ver8.2.11 and prior, UNIVERGE WA 1510 Ver8.2.11 and prior, UNIVERGE WA 1511 Ver8.2.11 and prior, UNIVERGE WA 1512 Ver8.2.11 and prior, UNIVERGE WA 2020 Ver8.2.11 and prior, UNIVERGE WA 2021 Ver8.2.11 and prior, UNIVERGE WA 2610-AP Ver8.2.11 and prior, UNIVERGE WA 2611-AP Ver8.2.11 and prior, UNIVERGE WA 2611E-AP Ver8.2.11 and prior, UNIVERGE WA WA2612-AP Ver8.2.11 and prior allows a remote attacker to execute arbitrary OS commands." } ] }