From b904fbd1165a5d57b6dfa10553034d13fde6933d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 3 Apr 2022 23:01:20 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/30xxx/CVE-2021-30066.json | 61 +++++++++++++++++++++++++++--- 2021/46xxx/CVE-2021-46439.json | 68 ++++------------------------------ 2021/46xxx/CVE-2021-46443.json | 63 ++++--------------------------- 2022/26xxx/CVE-2022-26233.json | 56 +++++++++++++++++++++++++--- 2022/26xxx/CVE-2022-26530.json | 66 ++++++++++++++++++++++++++++++--- 2022/27xxx/CVE-2022-27248.json | 61 +++++++++++++++++++++++++++--- 2022/27xxx/CVE-2022-27249.json | 61 +++++++++++++++++++++++++++--- 7 files changed, 289 insertions(+), 147 deletions(-) diff --git a/2021/30xxx/CVE-2021-30066.json b/2021/30xxx/CVE-2021-30066.json index 8a3282ff727..255dbd915a4 100644 --- a/2021/30xxx/CVE-2021-30066.json +++ b/2021/30xxx/CVE-2021-30066.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-30066", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-30066", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an arbitrary firmware image can be loaded because firmware signature verification (for a USB stick) can be bypassed. NOTE: this issue exists because of an incomplete fix of CVE-2017-11400." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.belden.com/support/security-assurance", + "refsource": "MISC", + "name": "https://www.belden.com/support/security-assurance" + }, + { + "refsource": "CONFIRM", + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-05", + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-05" } ] } diff --git a/2021/46xxx/CVE-2021-46439.json b/2021/46xxx/CVE-2021-46439.json index cb71974e2b6..73d17c44a31 100644 --- a/2021/46xxx/CVE-2021-46439.json +++ b/2021/46xxx/CVE-2021-46439.json @@ -1,71 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2021-46439", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-46439", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "The WinSEGAV AutoConfig service in EG Free Antivirus v2020 suffers from a local privilege escalation vulnerability, due to unquoted paths in the service's executable path." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "http://www.egsoftweb.in", - "refsource": "MISC", - "name": "http://www.egsoftweb.in" - }, - { - "url": "http://www.egsoftweb.in/OurProduct_Readmore.aspx?id=6", - "refsource": "MISC", - "name": "http://www.egsoftweb.in/OurProduct_Readmore.aspx?id=6" - }, - { - "refsource": "MISC", - "name": "https://packetstormsecurity.com/files/166554/EG-Free-AntiVirus-2020-Privilege-Escalation-Unquoted-Service-Path.html", - "url": "https://packetstormsecurity.com/files/166554/EG-Free-AntiVirus-2020-Privilege-Escalation-Unquoted-Service-Path.html" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation show" } ] } diff --git a/2021/46xxx/CVE-2021-46443.json b/2021/46xxx/CVE-2021-46443.json index d8ec894eb8a..2fcbe8a0203 100644 --- a/2021/46xxx/CVE-2021-46443.json +++ b/2021/46xxx/CVE-2021-46443.json @@ -1,66 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2021-46443", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-46443", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Spoofer 1.4.6 suffers from unquoted service paths vulnerability. An attacker as a low privileged local user can hijack the execution flow of the application to escalate privileges by inserting a malicious executable in a higher level directory with the vulnerable path." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "http://spoofer.com", - "refsource": "MISC", - "name": "http://spoofer.com" - }, - { - "refsource": "MISC", - "name": "https://packetstormsecurity.com/files/166553/Spoofer-1.4.6-Privilege-Escalation-Unquoted-Service-Path.html", - "url": "https://packetstormsecurity.com/files/166553/Spoofer-1.4.6-Privilege-Escalation-Unquoted-Service-Path.html" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2022/26xxx/CVE-2022-26233.json b/2022/26xxx/CVE-2022-26233.json index ddf16a58611..44d525d5687 100644 --- a/2022/26xxx/CVE-2022-26233.json +++ b/2022/26xxx/CVE-2022-26233.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-26233", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-26233", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Barco Control Room Management through Suite 2.9 Build 0275 was discovered to be vulnerable to directory traversal, allowing attackers to access sensitive information and components. Requests must begin with the \"GET /..\\..\" substring." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2022/Apr/0", + "url": "http://seclists.org/fulldisclosure/2022/Apr/0" } ] } diff --git a/2022/26xxx/CVE-2022-26530.json b/2022/26xxx/CVE-2022-26530.json index 9594c038e75..59edab65298 100644 --- a/2022/26xxx/CVE-2022-26530.json +++ b/2022/26xxx/CVE-2022-26530.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-26530", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-26530", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "swaylock before 1.6 allows attackers to trigger a crash and achieve unlocked access to a Wayland compositor." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/swaywm/swaylock/pull/219", + "refsource": "MISC", + "name": "https://github.com/swaywm/swaylock/pull/219" + }, + { + "url": "https://github.com/swaywm/swaylock/commit/1d1c75b6316d21933069a9d201f966d84099f6ca", + "refsource": "MISC", + "name": "https://github.com/swaywm/swaylock/commit/1d1c75b6316d21933069a9d201f966d84099f6ca" + }, + { + "refsource": "CONFIRM", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2066596", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066596" } ] } diff --git a/2022/27xxx/CVE-2022-27248.json b/2022/27xxx/CVE-2022-27248.json index f918c910b4b..a4d1d3867ef 100644 --- a/2022/27xxx/CVE-2022-27248.json +++ b/2022/27xxx/CVE-2022-27248.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-27248", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-27248", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A directory traversal vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to download arbitrary .dwg files from a remote server by specifying an absolute or relative path when invoking the affected DownloadDwg endpoint. An attack uses the path field to CaddemServiceJS/CaddemService.svc/rest/DownloadDwg." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.idearespa.eu", + "refsource": "MISC", + "name": "https://www.idearespa.eu" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/166560/IdeaRE-RefTree-Path-Traversal.html", + "url": "http://packetstormsecurity.com/files/166560/IdeaRE-RefTree-Path-Traversal.html" } ] } diff --git a/2022/27xxx/CVE-2022-27249.json b/2022/27xxx/CVE-2022-27249.json index 20a5c3ae61f..baa78913a3c 100644 --- a/2022/27xxx/CVE-2022-27249.json +++ b/2022/27xxx/CVE-2022-27249.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-27249", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-27249", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An unrestricted file upload vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to execute arbitrary code by using UploadDwg to upload a crafted aspx file to the web root, and then visiting the URL for this aspx resource." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.idearespa.eu", + "refsource": "MISC", + "name": "https://www.idearespa.eu" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/166559/IdeaRE-RefTree-Shell-Upload.html", + "url": "http://packetstormsecurity.com/files/166559/IdeaRE-RefTree-Shell-Upload.html" } ] }