From c1ab0cb0b094e7c5489077a463a97808714f79c7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 29 Jun 2022 01:00:45 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/0xxx/CVE-2022-0544.json | 5 +++ 2022/0xxx/CVE-2022-0545.json | 5 +++ 2022/0xxx/CVE-2022-0546.json | 5 +++ 2022/28xxx/CVE-2022-28803.json | 61 ++++++++++++++++++++++++++--- 2022/29xxx/CVE-2022-29269.json | 71 +++++++++++++++++++++++++++++++--- 2022/29xxx/CVE-2022-29270.json | 71 +++++++++++++++++++++++++++++++--- 2022/29xxx/CVE-2022-29271.json | 71 +++++++++++++++++++++++++++++++--- 2022/29xxx/CVE-2022-29272.json | 71 +++++++++++++++++++++++++++++++--- 2022/31xxx/CVE-2022-31266.json | 61 ++++++++++++++++++++++++++--- 2022/31xxx/CVE-2022-31897.json | 61 ++++++++++++++++++++++++++--- 10 files changed, 440 insertions(+), 42 deletions(-) diff --git a/2022/0xxx/CVE-2022-0544.json b/2022/0xxx/CVE-2022-0544.json index ceea2759f72..00553314c2a 100644 --- a/2022/0xxx/CVE-2022-0544.json +++ b/2022/0xxx/CVE-2022-0544.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://developer.blender.org/T94661", "url": "https://developer.blender.org/T94661" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20220628 [SECURITY] [DLA 3060-1] blender security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00021.html" } ] }, diff --git a/2022/0xxx/CVE-2022-0545.json b/2022/0xxx/CVE-2022-0545.json index 2f381ace1d2..f5c2ff6f5be 100644 --- a/2022/0xxx/CVE-2022-0545.json +++ b/2022/0xxx/CVE-2022-0545.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://developer.blender.org/T94629", "url": "https://developer.blender.org/T94629" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20220628 [SECURITY] [DLA 3060-1] blender security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00021.html" } ] }, diff --git a/2022/0xxx/CVE-2022-0546.json b/2022/0xxx/CVE-2022-0546.json index 4ea7c1331d1..71a90053849 100644 --- a/2022/0xxx/CVE-2022-0546.json +++ b/2022/0xxx/CVE-2022-0546.json @@ -53,6 +53,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-d9d630891d", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GIZADV3AHTWZ2YKEFTVLNK3K4F4KTYLM/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20220628 [SECURITY] [DLA 3060-1] blender security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00021.html" } ] }, diff --git a/2022/28xxx/CVE-2022-28803.json b/2022/28xxx/CVE-2022-28803.json index c22a145f199..bbfed550c31 100644 --- a/2022/28xxx/CVE-2022-28803.json +++ b/2022/28xxx/CVE-2022-28803.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-28803", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-28803", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In SilverStripe Framework through 2022-04-07, Stored XSS can occur in javascript link tags added via XMLHttpRequest (XHR)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://silverstripe.org", + "refsource": "MISC", + "name": "https://silverstripe.org" + }, + { + "refsource": "MISC", + "name": "https://www.silverstripe.org/download/security-releases/cve-2022-28803", + "url": "https://www.silverstripe.org/download/security-releases/cve-2022-28803" } ] } diff --git a/2022/29xxx/CVE-2022-29269.json b/2022/29xxx/CVE-2022-29269.json index 29b805bba1f..9caf4dcf641 100644 --- a/2022/29xxx/CVE-2022-29269.json +++ b/2022/29xxx/CVE-2022-29269.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-29269", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-29269", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to inject HTML tags that lead to the reformatting/editing of emails from an official email address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.nagios.com/downloads/nagios-xi/change-log/", + "url": "https://www.nagios.com/downloads/nagios-xi/change-log/" + }, + { + "url": "https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT", + "refsource": "MISC", + "name": "https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT" + }, + { + "url": "https://github.com/4LPH4-NL/CVEs", + "refsource": "MISC", + "name": "https://github.com/4LPH4-NL/CVEs" + }, + { + "refsource": "MISC", + "name": "https://github.com/sT0wn-nl/CVEs/blob/master/README.md#nagios-xi", + "url": "https://github.com/sT0wn-nl/CVEs/blob/master/README.md#nagios-xi" } ] } diff --git a/2022/29xxx/CVE-2022-29270.json b/2022/29xxx/CVE-2022-29270.json index 5a568844c81..85c98abe1a3 100644 --- a/2022/29xxx/CVE-2022-29270.json +++ b/2022/29xxx/CVE-2022-29270.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-29270", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-29270", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Nagios XI through 5.8.5, it is possible for a user without password verification to change his e-mail address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.nagios.com/downloads/nagios-xi/change-log/", + "url": "https://www.nagios.com/downloads/nagios-xi/change-log/" + }, + { + "url": "https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT", + "refsource": "MISC", + "name": "https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT" + }, + { + "url": "https://github.com/4LPH4-NL/CVEs", + "refsource": "MISC", + "name": "https://github.com/4LPH4-NL/CVEs" + }, + { + "refsource": "MISC", + "name": "https://github.com/sT0wn-nl/CVEs/blob/master/README.md#nagios-xi", + "url": "https://github.com/sT0wn-nl/CVEs/blob/master/README.md#nagios-xi" } ] } diff --git a/2022/29xxx/CVE-2022-29271.json b/2022/29xxx/CVE-2022-29271.json index caa9ea22ad7..06c17ffdad7 100644 --- a/2022/29xxx/CVE-2022-29271.json +++ b/2022/29xxx/CVE-2022-29271.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-29271", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-29271", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorrect permission check) is able to schedule downtime for any host/services. This allows an attacker to permanently disable all monitoring checks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.nagios.com/downloads/nagios-xi/change-log/", + "url": "https://www.nagios.com/downloads/nagios-xi/change-log/" + }, + { + "url": "https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT", + "refsource": "MISC", + "name": "https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT" + }, + { + "url": "https://github.com/4LPH4-NL/CVEs", + "refsource": "MISC", + "name": "https://github.com/4LPH4-NL/CVEs" + }, + { + "refsource": "MISC", + "name": "https://github.com/sT0wn-nl/CVEs/blob/master/README.md#nagios-xi", + "url": "https://github.com/sT0wn-nl/CVEs/blob/master/README.md#nagios-xi" } ] } diff --git a/2022/29xxx/CVE-2022-29272.json b/2022/29xxx/CVE-2022-29272.json index 18a8548f76f..b74a6be8b32 100644 --- a/2022/29xxx/CVE-2022-29272.json +++ b/2022/29xxx/CVE-2022-29272.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-29272", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-29272", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.nagios.com/downloads/nagios-xi/change-log/", + "url": "https://www.nagios.com/downloads/nagios-xi/change-log/" + }, + { + "url": "https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT", + "refsource": "MISC", + "name": "https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT" + }, + { + "url": "https://github.com/4LPH4-NL/CVEs", + "refsource": "MISC", + "name": "https://github.com/4LPH4-NL/CVEs" + }, + { + "refsource": "MISC", + "name": "https://github.com/sT0wn-nl/CVEs/blob/master/README.md#nagios-xi", + "url": "https://github.com/sT0wn-nl/CVEs/blob/master/README.md#nagios-xi" } ] } diff --git a/2022/31xxx/CVE-2022-31266.json b/2022/31xxx/CVE-2022-31266.json index f734e568ad1..88fa8a8ceaa 100644 --- a/2022/31xxx/CVE-2022-31266.json +++ b/2022/31xxx/CVE-2022-31266.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-31266", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-31266", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ILIAS through 7.10, lack of verification when changing an email address (on the Profile Page) allows remote attackers to take over accounts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.bcksec.com/services/", + "refsource": "MISC", + "name": "https://www.bcksec.com/services/" + }, + { + "refsource": "MISC", + "name": "https://medium.com/@bcksec/in-ilias-through-7-10-620c0de685ee", + "url": "https://medium.com/@bcksec/in-ilias-through-7-10-620c0de685ee" } ] } diff --git a/2022/31xxx/CVE-2022-31897.json b/2022/31xxx/CVE-2022-31897.json index 1661397823a..da4bee5a51f 100644 --- a/2022/31xxx/CVE-2022-31897.json +++ b/2022/31xxx/CVE-2022-31897.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-31897", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-31897", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SourceCodester Zoo Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via public_html/register_visitor?msg=." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://sourcecodester.com", + "refsource": "MISC", + "name": "http://sourcecodester.com" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/167572/Zoo-Management-System-1.0-Cross-Site-Scripting.html", + "url": "https://packetstormsecurity.com/files/167572/Zoo-Management-System-1.0-Cross-Site-Scripting.html" } ] }