From c71836cd86e910609f074b14b3598352537671de Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 28 Jul 2022 15:00:46 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2016/2xxx/CVE-2016-2138.json | 63 ++++++++++++++++--- 2016/2xxx/CVE-2016-2139.json | 63 ++++++++++++++++--- 2021/22xxx/CVE-2021-22640.json | 108 +++++++++++++++++++++++++++++++-- 2021/22xxx/CVE-2021-22642.json | 108 +++++++++++++++++++++++++++++++-- 2021/22xxx/CVE-2021-22644.json | 108 +++++++++++++++++++++++++++++++-- 2021/22xxx/CVE-2021-22646.json | 108 +++++++++++++++++++++++++++++++-- 2021/22xxx/CVE-2021-22648.json | 108 +++++++++++++++++++++++++++++++-- 2021/22xxx/CVE-2021-22650.json | 108 +++++++++++++++++++++++++++++++-- 2022/1xxx/CVE-2022-1805.json | 50 ++++++++++++++- 2022/1xxx/CVE-2022-1948.json | 84 +++++++++++++++++++++++-- 2022/2xxx/CVE-2022-2553.json | 50 ++++++++++++++- 2022/2xxx/CVE-2022-2566.json | 18 ++++++ 2022/2xxx/CVE-2022-2567.json | 18 ++++++ 2022/2xxx/CVE-2022-2568.json | 18 ++++++ 2022/35xxx/CVE-2022-35882.json | 93 ++++++++++++++++++++++++++-- 15 files changed, 1039 insertions(+), 66 deletions(-) create mode 100644 2022/2xxx/CVE-2022-2566.json create mode 100644 2022/2xxx/CVE-2022-2567.json create mode 100644 2022/2xxx/CVE-2022-2568.json diff --git a/2016/2xxx/CVE-2016-2138.json b/2016/2xxx/CVE-2016-2138.json index e945a900d44..638918160be 100644 --- a/2016/2xxx/CVE-2016-2138.json +++ b/2016/2xxx/CVE-2016-2138.json @@ -1,17 +1,66 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2016-2138", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2138", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "kippo-graph", + "version": { + "version_data": [ + { + "version_value": "1.5.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/ikoniaris/kippo-graph/issues/35", + "url": "https://github.com/ikoniaris/kippo-graph/issues/35" + }, + { + "refsource": "MISC", + "name": "https://github.com/ikoniaris/kippo-graph/commit/e6587ec598902763110b70c8bd0a72f7951b4997", + "url": "https://github.com/ikoniaris/kippo-graph/commit/e6587ec598902763110b70c8bd0a72f7951b4997" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in xss_clean() in class/KippoInput.class.php." } ] } diff --git a/2016/2xxx/CVE-2016-2139.json b/2016/2xxx/CVE-2016-2139.json index 95f6eb763d8..dd6e9696865 100644 --- a/2016/2xxx/CVE-2016-2139.json +++ b/2016/2xxx/CVE-2016-2139.json @@ -1,17 +1,66 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2016-2139", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2139", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "kippo-graph", + "version": { + "version_data": [ + { + "version_value": "1.5.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/ikoniaris/kippo-graph/issues/35", + "url": "https://github.com/ikoniaris/kippo-graph/issues/35" + }, + { + "refsource": "MISC", + "name": "https://github.com/ikoniaris/kippo-graph/commit/e6587ec598902763110b70c8bd0a72f7951b4997", + "url": "https://github.com/ikoniaris/kippo-graph/commit/e6587ec598902763110b70c8bd0a72f7951b4997" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in $file_link in class/KippoInput.class.php." } ] } diff --git a/2021/22xxx/CVE-2021-22640.json b/2021/22xxx/CVE-2021-22640.json index 91e022d7b96..825903df31f 100644 --- a/2021/22xxx/CVE-2021-22640.json +++ b/2021/22xxx/CVE-2021-22640.json @@ -1,18 +1,114 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2021-22640", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Ovarro TBox Insufficiently Protected Credentials" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TBox", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "LT2" + }, + { + "version_affected": "=", + "version_value": "MS-CPU32" + }, + { + "version_affected": "=", + "version_value": "MS-CPU32-S2" + }, + { + "version_affected": "=", + "version_value": "RM2" + }, + { + "version_affected": "=", + "version_value": "TG2" + } + ] + } + } + ] + }, + "vendor_name": "Ovarro" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Uri Katz of Claroty reported these vulnerabilities to CISA." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVE-522" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-054-04", + "refsource": "CONFIRM", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-054-04" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Ovarro recommends affected users update to 12.5 or later of TWinSoft to mitigate these vulnerabilities.\n\nThe latest version can be found on www.ovarro.com in the customer support section (service portal)." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/22xxx/CVE-2021-22642.json b/2021/22xxx/CVE-2021-22642.json index 3badc96d6d9..7f0d1ef6f54 100644 --- a/2021/22xxx/CVE-2021-22642.json +++ b/2021/22xxx/CVE-2021-22642.json @@ -1,18 +1,114 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2021-22642", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Ovarro TBox Uncontrolled Resource Consumption" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TBox", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "LT2" + }, + { + "version_affected": "=", + "version_value": "MS-CPU32" + }, + { + "version_affected": "=", + "version_value": "MS-CPU32-S2" + }, + { + "version_affected": "=", + "version_value": "RM2" + }, + { + "version_affected": "=", + "version_value": "TG2" + } + ] + } + } + ] + }, + "vendor_name": "Ovarro" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Uri Katz of Claroty reported these vulnerabilities to CISA." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An attacker could use specially crafted invalid Modbus frames to crash the Ovarro TBox system." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVE-400" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-054-04", + "refsource": "CONFIRM", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-054-04" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Ovarro recommends affected users update to 12.5 or later of TWinSoft to mitigate these vulnerabilities.\n\nThe latest version can be found on www.ovarro.com in the customer support section (service portal)." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/22xxx/CVE-2021-22644.json b/2021/22xxx/CVE-2021-22644.json index 3b50b273597..4e0a082ac4f 100644 --- a/2021/22xxx/CVE-2021-22644.json +++ b/2021/22xxx/CVE-2021-22644.json @@ -1,18 +1,114 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2021-22644", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Ovarro TBox Use of Hard-coded Cryptographic Key" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TBox", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "LT2" + }, + { + "version_affected": "=", + "version_value": "MS-CPU32" + }, + { + "version_affected": "=", + "version_value": "MS-CPU32-S2" + }, + { + "version_affected": "=", + "version_value": "RM2" + }, + { + "version_affected": "=", + "version_value": "TG2" + } + ] + } + } + ] + }, + "vendor_name": "Ovarro" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Uri Katz of Claroty reported these vulnerabilities to CISA." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Ovarro TBox TWinSoft uses the custom hardcoded user \u201cTWinSoft\u201d with a hardcoded key." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVE-321" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-054-04", + "refsource": "CONFIRM", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-054-04" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Ovarro recommends affected users update to 12.5 or later of TWinSoft to mitigate these vulnerabilities.\n\nThe latest version can be found on www.ovarro.com in the customer support section (service portal)." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/22xxx/CVE-2021-22646.json b/2021/22xxx/CVE-2021-22646.json index d5328535a08..6d0108d0ac3 100644 --- a/2021/22xxx/CVE-2021-22646.json +++ b/2021/22xxx/CVE-2021-22646.json @@ -1,18 +1,114 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2021-22646", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Ovarro TBox Code Injection" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TBox", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "LT2" + }, + { + "version_affected": "=", + "version_value": "MS-CPU32" + }, + { + "version_affected": "=", + "version_value": "MS-CPU32-S2" + }, + { + "version_affected": "=", + "version_value": "RM2" + }, + { + "version_affected": "=", + "version_value": "TG2" + } + ] + } + } + ] + }, + "vendor_name": "Ovarro" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Uri Katz of Claroty reported these vulnerabilities to CISA." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The \u201cipk\u201d package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVE-94" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-054-04", + "refsource": "CONFIRM", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-054-04" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Ovarro recommends affected users update to 12.5 or later of TWinSoft to mitigate these vulnerabilities.\n\nThe latest version can be found on www.ovarro.com in the customer support section (service portal)." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/22xxx/CVE-2021-22648.json b/2021/22xxx/CVE-2021-22648.json index 2260c8ca186..39367a49af0 100644 --- a/2021/22xxx/CVE-2021-22648.json +++ b/2021/22xxx/CVE-2021-22648.json @@ -1,18 +1,114 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2021-22648", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Ovarro TBox Incorrect Permission Assignment for Critical Resource" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TBox", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "LT2" + }, + { + "version_affected": "=", + "version_value": "MS-CPU32" + }, + { + "version_affected": "=", + "version_value": "MS-CPU32-S2" + }, + { + "version_affected": "=", + "version_value": "RM2" + }, + { + "version_affected": "=", + "version_value": "TG2" + } + ] + } + } + ] + }, + "vendor_name": "Ovarro" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Uri Katz of Claroty reported these vulnerabilities to CISA." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Ovarro TBox proprietary Modbus file access functions allow attackers to read, alter, or delete the configuration file." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVE-732" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-054-04", + "refsource": "CONFIRM", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-054-04" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Ovarro recommends affected users update to 12.5 or later of TWinSoft to mitigate these vulnerabilities.\n\nThe latest version can be found on www.ovarro.com in the customer support section (service portal)." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/22xxx/CVE-2021-22650.json b/2021/22xxx/CVE-2021-22650.json index da33b6d6987..e234eba9222 100644 --- a/2021/22xxx/CVE-2021-22650.json +++ b/2021/22xxx/CVE-2021-22650.json @@ -1,18 +1,114 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2021-22650", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Ovarro TBox Relative Path Traversal" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TBox", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "LT2" + }, + { + "version_affected": "=", + "version_value": "MS-CPU32" + }, + { + "version_affected": "=", + "version_value": "MS-CPU32-S2" + }, + { + "version_affected": "=", + "version_value": "RM2" + }, + { + "version_affected": "=", + "version_value": "TG2" + } + ] + } + } + ] + }, + "vendor_name": "Ovarro" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Uri Katz of Claroty reported these vulnerabilities to CISA." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An attacker may use TWinSoft and a malicious source project file (TPG) to extract files on machine executing Ovarro TWinSoft, which could lead to code execution." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVE-23" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-054-04", + "refsource": "CONFIRM", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-054-04" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Ovarro recommends affected users update to 12.5 or later of TWinSoft to mitigate these vulnerabilities.\n\nThe latest version can be found on www.ovarro.com in the customer support section (service portal)." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1805.json b/2022/1xxx/CVE-2022-1805.json index 9eda8d19346..4b0c823f3d9 100644 --- a/2022/1xxx/CVE-2022-1805.json +++ b/2022/1xxx/CVE-2022-1805.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-1805", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Tera2 Zero Client", + "version": { + "version_data": [ + { + "version_value": "Firmware version 22.04 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Man in the Middle Attack" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hp.com/us-en/document/ish_6545906-6545930-16/hpsbhf03794", + "url": "https://support.hp.com/us-en/document/ish_6545906-6545930-16/hpsbhf03794" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by Zero Clients. The issue could be exploited by an adversary that places a MITM (Man in the Middle) between a zero client and AWS session provisioner in the network. This issue is only applicable when connecting to an Amazon Workspace from a PCoIP Zero Client." } ] } diff --git a/2022/1xxx/CVE-2022-1948.json b/2022/1xxx/CVE-2022-1948.json index 6d9b68de09e..258aa2b1e0e 100644 --- a/2022/1xxx/CVE-2022-1948.json +++ b/2022/1xxx/CVE-2022-1948.json @@ -4,15 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-1948", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=15.0.0, <15.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper neutralization of input during web page generation ('cross-site scripting') in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/security/gitlab/-/issues/673", + "url": "https://gitlab.com/gitlab-org/security/gitlab/-/issues/673", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/1578400", + "url": "https://hackerone.com/reports/1578400", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1948.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1948.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue has been discovered in GitLab affecting all versions starting from 15.0 before 15.0.1. Missing validation of input used in quick actions allowed an attacker to exploit XSS by injecting HTML in contact details." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1", + "baseScore": 8.7, + "baseSeverity": "HIGH" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks cryptopone(https://hackerone.com/cryptopone) for reporting this vulnerability through our HackerOne bug bounty program" + } + ] } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2553.json b/2022/2xxx/CVE-2022-2553.json index 1229668bec7..dbc61522811 100644 --- a/2022/2xxx/CVE-2022-2553.json +++ b/2022/2xxx/CVE-2022-2553.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2553", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Booth", + "version": { + "version_data": [ + { + "version_value": "Booth versions after v1.0-85-gda79b8b are vulnerable. Resolved in booth v1.0-263-g35bf0b7." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/ClusterLabs/booth/commit/35bf0b7b048d715f671eb68974fb6b4af6528c67", + "url": "https://github.com/ClusterLabs/booth/commit/35bf0b7b048d715f671eb68974fb6b4af6528c67" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster." } ] } diff --git a/2022/2xxx/CVE-2022-2566.json b/2022/2xxx/CVE-2022-2566.json new file mode 100644 index 00000000000..2cbbaaeb2a2 --- /dev/null +++ b/2022/2xxx/CVE-2022-2566.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2566", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2567.json b/2022/2xxx/CVE-2022-2567.json new file mode 100644 index 00000000000..1f14c098a49 --- /dev/null +++ b/2022/2xxx/CVE-2022-2567.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2567", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2568.json b/2022/2xxx/CVE-2022-2568.json new file mode 100644 index 00000000000..9b3bd91d7b8 --- /dev/null +++ b/2022/2xxx/CVE-2022-2568.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2568", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/35xxx/CVE-2022-35882.json b/2022/35xxx/CVE-2022-35882.json index d3d1a1ec447..8f009e59b27 100644 --- a/2022/35xxx/CVE-2022-35882.json +++ b/2022/35xxx/CVE-2022-35882.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-07-27T23:02:00.000Z", "ID": "CVE-2022-35882", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress GS Testimonial Slider plugin <= 1.9.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GS Testimonial Slider (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 1.9.1", + "version_value": "1.9.1" + } + ] + } + } + ] + }, + "vendor_name": "GS Plugins" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Tien Nguyen Anh (Patchstack Alliance)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in GS Plugins GS Testimonial Slider plugin <= 1.9.1 at WordPress." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/gs-testimonial/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/gs-testimonial/#developers" + }, + { + "name": "https://patchstack.com/database/vulnerability/gs-testimonial/wordpress-gs-testimonial-slider-plugin-1-9-1-authenticated-stored-cross-site-scripting-xss-vulnerability", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/gs-testimonial/wordpress-gs-testimonial-slider-plugin-1-9-1-authenticated-stored-cross-site-scripting-xss-vulnerability" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file