From bc667aad5f6264ceeb76d487202ac2a225684f89 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 1 Jul 2022 21:00:54 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/25xxx/CVE-2022-25758.json | 17 +++++---- 2022/25xxx/CVE-2022-25876.json | 17 +++++---- 2022/25xxx/CVE-2022-25896.json | 17 +++++---- 2022/25xxx/CVE-2022-25898.json | 32 ++++++++++------- 2022/25xxx/CVE-2022-25900.json | 12 ++++--- 2022/31xxx/CVE-2022-31943.json | 56 +++++++++++++++++++++++++---- 2022/32xxx/CVE-2022-32093.json | 56 +++++++++++++++++++++++++---- 2022/32xxx/CVE-2022-32094.json | 56 +++++++++++++++++++++++++---- 2022/32xxx/CVE-2022-32095.json | 56 +++++++++++++++++++++++++---- 2022/32xxx/CVE-2022-32384.json | 66 ++++++++++++++++++++++++++++++---- 2022/32xxx/CVE-2022-32420.json | 56 +++++++++++++++++++++++++---- 11 files changed, 366 insertions(+), 75 deletions(-) diff --git a/2022/25xxx/CVE-2022-25758.json b/2022/25xxx/CVE-2022-25758.json index 233917ef9da..eea7211fdc8 100644 --- a/2022/25xxx/CVE-2022-25758.json +++ b/2022/25xxx/CVE-2022-25758.json @@ -48,16 +48,19 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JS-SCSSTOKENIZER-2339884" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JS-SCSSTOKENIZER-2339884", + "name": "https://snyk.io/vuln/SNYK-JS-SCSSTOKENIZER-2339884" }, { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2936782" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2936782", + "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2936782" }, { - "refsource": "CONFIRM", - "url": "https://github.com/sasstools/scss-tokenizer/issues/45" + "refsource": "MISC", + "url": "https://github.com/sasstools/scss-tokenizer/issues/45", + "name": "https://github.com/sasstools/scss-tokenizer/issues/45" } ] }, @@ -65,7 +68,7 @@ "description_data": [ { "lang": "eng", - "value": "All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation() function, due to the usage of insecure regex.\r\n\r\n" + "value": "All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation() function, due to the usage of insecure regex." } ] }, diff --git a/2022/25xxx/CVE-2022-25876.json b/2022/25xxx/CVE-2022-25876.json index 33bb1438b57..f0795d2df4a 100644 --- a/2022/25xxx/CVE-2022-25876.json +++ b/2022/25xxx/CVE-2022-25876.json @@ -48,16 +48,19 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JS-LINKPREVIEWJS-2933520" + "refsource": "MISC", + "url": "https://github.com/ospfranco/link-preview-js/issues/115", + "name": "https://github.com/ospfranco/link-preview-js/issues/115" }, { - "refsource": "CONFIRM", - "url": "https://github.com/ospfranco/link-preview-js/issues/115" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JS-LINKPREVIEWJS-2933520", + "name": "https://snyk.io/vuln/SNYK-JS-LINKPREVIEWJS-2933520" }, { - "refsource": "CONFIRM", - "url": "https://github.com/ospfranco/link-preview-js/pull/117" + "refsource": "MISC", + "url": "https://github.com/ospfranco/link-preview-js/pull/117", + "name": "https://github.com/ospfranco/link-preview-js/pull/117" } ] }, @@ -65,7 +68,7 @@ "description_data": [ { "lang": "eng", - "value": "The package link-preview-js before 2.1.16 are vulnerable to Server-side Request Forgery (SSRF) which allows attackers to send arbitrary requests to the local network and read the response. This is due to flawed DNS rebinding protection.\r\n\r\n" + "value": "The package link-preview-js before 2.1.16 are vulnerable to Server-side Request Forgery (SSRF) which allows attackers to send arbitrary requests to the local network and read the response. This is due to flawed DNS rebinding protection." } ] }, diff --git a/2022/25xxx/CVE-2022-25896.json b/2022/25xxx/CVE-2022-25896.json index 564cef3f92d..1a464a59ea3 100644 --- a/2022/25xxx/CVE-2022-25896.json +++ b/2022/25xxx/CVE-2022-25896.json @@ -48,16 +48,19 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JS-PASSPORT-2840631" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JS-PASSPORT-2840631", + "name": "https://snyk.io/vuln/SNYK-JS-PASSPORT-2840631" }, { - "refsource": "CONFIRM", - "url": "https://github.com/jaredhanson/passport/pull/900" + "refsource": "MISC", + "url": "https://github.com/jaredhanson/passport/pull/900", + "name": "https://github.com/jaredhanson/passport/pull/900" }, { - "refsource": "CONFIRM", - "url": "https://github.com/jaredhanson/passport/commit/7e9b9cf4d7be02428e963fc729496a45baeea608" + "refsource": "MISC", + "url": "https://github.com/jaredhanson/passport/commit/7e9b9cf4d7be02428e963fc729496a45baeea608", + "name": "https://github.com/jaredhanson/passport/commit/7e9b9cf4d7be02428e963fc729496a45baeea608" } ] }, @@ -65,7 +68,7 @@ "description_data": [ { "lang": "eng", - "value": "This affects the package passport before 0.6.0.\n When a user logs in or logs out, the session is regenerated instead of being closed.\n" + "value": "This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed." } ] }, diff --git a/2022/25xxx/CVE-2022-25898.json b/2022/25xxx/CVE-2022-25898.json index 4976ddc1742..1ce1a876564 100644 --- a/2022/25xxx/CVE-2022-25898.json +++ b/2022/25xxx/CVE-2022-25898.json @@ -48,28 +48,34 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JS-JSRSASIGN-2869122" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JS-JSRSASIGN-2869122", + "name": "https://snyk.io/vuln/SNYK-JS-JSRSASIGN-2869122" }, { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2935896" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2935896", + "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2935896" }, { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-2935897" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-2935897", + "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-2935897" }, { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2935898" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2935898", + "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2935898" }, { - "refsource": "CONFIRM", - "url": "https://github.com/kjur/jsrsasign/commit/4536a6e9e8bcf1a644ab7c07ed96e453347dae41" + "refsource": "MISC", + "url": "https://github.com/kjur/jsrsasign/commit/4536a6e9e8bcf1a644ab7c07ed96e453347dae41", + "name": "https://github.com/kjur/jsrsasign/commit/4536a6e9e8bcf1a644ab7c07ed96e453347dae41" }, { - "refsource": "CONFIRM", - "url": "https://github.com/kjur/jsrsasign/releases/tag/10.5.25" + "refsource": "MISC", + "url": "https://github.com/kjur/jsrsasign/releases/tag/10.5.25", + "name": "https://github.com/kjur/jsrsasign/releases/tag/10.5.25" } ] }, @@ -77,7 +83,7 @@ "description_data": [ { "lang": "eng", - "value": "The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may be validated as valid by mistake.\r\n\r\n Workaround:\r\nValidate JWS or JWT signature if it has Base64URL and dot safe string before executing JWS.verify() or JWS.verifyJWT() method.\r\n\r\n" + "value": "The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may be validated as valid by mistake. Workaround: Validate JWS or JWT signature if it has Base64URL and dot safe string before executing JWS.verify() or JWS.verifyJWT() method." } ] }, diff --git a/2022/25xxx/CVE-2022-25900.json b/2022/25xxx/CVE-2022-25900.json index 88315277e0f..a71c8d0e3bc 100644 --- a/2022/25xxx/CVE-2022-25900.json +++ b/2022/25xxx/CVE-2022-25900.json @@ -48,12 +48,14 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JS-GITCLONE-2434308" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JS-GITCLONE-2434308", + "name": "https://snyk.io/vuln/SNYK-JS-GITCLONE-2434308" }, { - "refsource": "CONFIRM", - "url": "https://gist.github.com/lirantal/9441f3a1212728476f7a6caa4acb2ccc" + "refsource": "MISC", + "url": "https://gist.github.com/lirantal/9441f3a1212728476f7a6caa4acb2ccc", + "name": "https://gist.github.com/lirantal/9441f3a1212728476f7a6caa4acb2ccc" } ] }, @@ -61,7 +63,7 @@ "description_data": [ { "lang": "eng", - "value": "All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git.\r\n\r\n" + "value": "All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git." } ] }, diff --git a/2022/31xxx/CVE-2022-31943.json b/2022/31xxx/CVE-2022-31943.json index 4c63202568e..3a1f01c3304 100644 --- a/2022/31xxx/CVE-2022-31943.json +++ b/2022/31xxx/CVE-2022-31943.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-31943", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-31943", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "MCMS v5.2.8 was discovered to contain an arbitrary file upload vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ming-soft/MCMS/issues/95", + "refsource": "MISC", + "name": "https://github.com/ming-soft/MCMS/issues/95" } ] } diff --git a/2022/32xxx/CVE-2022-32093.json b/2022/32xxx/CVE-2022-32093.json index d45ad03b021..6144520c737 100644 --- a/2022/32xxx/CVE-2022-32093.json +++ b/2022/32xxx/CVE-2022-32093.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-32093", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-32093", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at adminlogin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Danie1233/Hospital-Management-System-v1.0-SQLi-2/", + "refsource": "MISC", + "name": "https://github.com/Danie1233/Hospital-Management-System-v1.0-SQLi-2/" } ] } diff --git a/2022/32xxx/CVE-2022-32094.json b/2022/32xxx/CVE-2022-32094.json index 65c57dbb286..73c3b68389b 100644 --- a/2022/32xxx/CVE-2022-32094.json +++ b/2022/32xxx/CVE-2022-32094.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-32094", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-32094", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at doctorlogin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Danie1233/Hospital-Management-System-v1.0-SQLi-3/", + "refsource": "MISC", + "name": "https://github.com/Danie1233/Hospital-Management-System-v1.0-SQLi-3/" } ] } diff --git a/2022/32xxx/CVE-2022-32095.json b/2022/32xxx/CVE-2022-32095.json index 88753f2eeba..8c6fcd17305 100644 --- a/2022/32xxx/CVE-2022-32095.json +++ b/2022/32xxx/CVE-2022-32095.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-32095", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-32095", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at orders.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Danie1233/Hospital-Management-System-v1.0-SQLi-4/", + "refsource": "MISC", + "name": "https://github.com/Danie1233/Hospital-Management-System-v1.0-SQLi-4/" } ] } diff --git a/2022/32xxx/CVE-2022-32384.json b/2022/32xxx/CVE-2022-32384.json index ddeded75174..82c2340e838 100644 --- a/2022/32xxx/CVE-2022-32384.json +++ b/2022/32xxx/CVE-2022-32384.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-32384", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-32384", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC23 v16.03.07.44 was discovered to contain a stack overflow via the security_5g parameter in the function formWifiBasicSet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://tenda.com", + "refsource": "MISC", + "name": "http://tenda.com" + }, + { + "url": "http://ac23.com", + "refsource": "MISC", + "name": "http://ac23.com" + }, + { + "url": "https://drive.google.com/file/d/16hshiCHS8j3YaFPkQD3xajVuwu_QVBe3/view?usp=sharing", + "refsource": "MISC", + "name": "https://drive.google.com/file/d/16hshiCHS8j3YaFPkQD3xajVuwu_QVBe3/view?usp=sharing" } ] } diff --git a/2022/32xxx/CVE-2022-32420.json b/2022/32xxx/CVE-2022-32420.json index 1ee2a6e6870..b482a581888 100644 --- a/2022/32xxx/CVE-2022-32420.json +++ b/2022/32xxx/CVE-2022-32420.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-32420", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-32420", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "College Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /College/admin/teacher.php. This vulnerability is exploited via a crafted PHP file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/rainb0w-q/bug_report/blob/main/vendors/itsourcecode.com/college-management-system/RCE-1.md", + "url": "https://github.com/rainb0w-q/bug_report/blob/main/vendors/itsourcecode.com/college-management-system/RCE-1.md" } ] }