From c7a7d58b9ccaefedaa89e264da95042661b125a6 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 1 Jan 2023 08:00:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/34xxx/CVE-2022-34322.json | 56 +++++++++++++++++++++++++++---- 2022/34xxx/CVE-2022-34323.json | 56 +++++++++++++++++++++++++++---- 2022/34xxx/CVE-2022-34324.json | 56 +++++++++++++++++++++++++++---- 2022/37xxx/CVE-2022-37785.json | 61 ++++++++++++++++++++++++++++++---- 2022/37xxx/CVE-2022-37786.json | 61 ++++++++++++++++++++++++++++++---- 2022/37xxx/CVE-2022-37787.json | 61 ++++++++++++++++++++++++++++++---- 2022/40xxx/CVE-2022-40711.json | 56 +++++++++++++++++++++++++++---- 2022/45xxx/CVE-2022-45027.json | 56 +++++++++++++++++++++++++++---- 2022/45xxx/CVE-2022-45213.json | 56 +++++++++++++++++++++++++++---- 2022/47xxx/CVE-2022-47634.json | 56 +++++++++++++++++++++++++++---- 10 files changed, 515 insertions(+), 60 deletions(-) diff --git a/2022/34xxx/CVE-2022-34322.json b/2022/34xxx/CVE-2022-34322.json index 9ed3422648a..af6def67a41 100644 --- a/2022/34xxx/CVE-2022-34322.json +++ b/2022/34xxx/CVE-2022-34322.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-34322", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-34322", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple XSS issues were discovered in Sage Enterprise Intelligence 2021 R1.1 that allow an attacker to execute JavaScript code in the context of users' browsers. The attacker needs to be authenticated to reach the vulnerable features. An issue is present in the Notify Users About Modification menu and the Notifications feature. A user can send malicious notifications and execute JavaScript code in the browser of every user who has enabled notifications. This is a stored XSS, and can lead to privilege escalation in the context of the application. (Another issue is present in the Favorites tab. The name of a favorite or a folder of favorites is interpreted as HTML, and can thus embed JavaScript code, which is executed when displayed. This is a self-XSS.)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.synacktiv.com/sites/default/files/2022-12/sage_sei_multiple_xss.pdf", + "url": "https://www.synacktiv.com/sites/default/files/2022-12/sage_sei_multiple_xss.pdf" } ] } diff --git a/2022/34xxx/CVE-2022-34323.json b/2022/34xxx/CVE-2022-34323.json index fddbc6fb264..728ca14c399 100644 --- a/2022/34xxx/CVE-2022-34323.json +++ b/2022/34xxx/CVE-2022-34323.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-34323", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-34323", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple XSS issues were discovered in Sage XRT Business Exchange 12.4.302 that allow an attacker to execute JavaScript code in the context of other users' browsers. The attacker needs to be authenticated to reach the vulnerable features. An issue is present in the Filters and Display model features (OnlineBanking > Web Monitoring > Settings > Filters / Display models). The name of a filter or a display model is interpreted as HTML and can thus embed JavaScript code, which is executed when displayed. This is a stored XSS. Another issue is present in the Notification feature (OnlineBanking > Configuration > Notifications and alerts > Alerts *). The name of an alert is interpreted as HTML, and can thus embed JavaScript code, which is executed when displayed. This is a stored XSS. (Also, an issue is present in the File download feature, accessible via /OnlineBanking/cgi/isapi.dll/DOWNLOADFRS. When requesting to show the list of downloadable files, the contents of three form fields are embedded in the JavaScript code without prior sanitization. This is essentially a self-XSS.)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.synacktiv.com/sites/default/files/2022-12/sage_xrt_multiple_xss.pdf", + "url": "https://www.synacktiv.com/sites/default/files/2022-12/sage_xrt_multiple_xss.pdf" } ] } diff --git a/2022/34xxx/CVE-2022-34324.json b/2022/34xxx/CVE-2022-34324.json index 43943a683f1..f7e79f667a0 100644 --- a/2022/34xxx/CVE-2022-34324.json +++ b/2022/34xxx/CVE-2022-34324.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-34324", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-34324", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple SQL injections in Sage XRT Business Exchange 12.4.302 allow an authenticated attacker to inject malicious data in SQL queries: Add Currencies, Payment Order, and Transfer History." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.synacktiv.com/sites/default/files/2022-12/sage_xrt_multiple_sqli_1.pdf", + "url": "https://www.synacktiv.com/sites/default/files/2022-12/sage_xrt_multiple_sqli_1.pdf" } ] } diff --git a/2022/37xxx/CVE-2022-37785.json b/2022/37xxx/CVE-2022-37785.json index 751db8df301..80484afbadf 100644 --- a/2022/37xxx/CVE-2022-37785.json +++ b/2022/37xxx/CVE-2022-37785.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-37785", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-37785", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in WeCube Platform 3.2.2. Cleartext passwords are displayed in the configuration for terminal plugins." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/WeBankPartners/wecube-plugins-terminal", + "refsource": "MISC", + "name": "https://github.com/WeBankPartners/wecube-plugins-terminal" + }, + { + "refsource": "MISC", + "name": "https://github.com/WeBankPartners/wecube-platform/issues/2329", + "url": "https://github.com/WeBankPartners/wecube-platform/issues/2329" } ] } diff --git a/2022/37xxx/CVE-2022-37786.json b/2022/37xxx/CVE-2022-37786.json index cb647c4b180..6d021b99815 100644 --- a/2022/37xxx/CVE-2022-37786.json +++ b/2022/37xxx/CVE-2022-37786.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-37786", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-37786", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in WeCube Platform 3.2.2. There are multiple CSV injection issues: the [Home / Admin / Resources] page, the [Home / Admin / System Params] page, and the [Home / Design / Basekey Configuration] page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/WeBankPartners/wecube-platform", + "refsource": "MISC", + "name": "https://github.com/WeBankPartners/wecube-platform" + }, + { + "refsource": "MISC", + "name": "https://github.com/WeBankPartners/wecube-platform/issues/2327", + "url": "https://github.com/WeBankPartners/wecube-platform/issues/2327" } ] } diff --git a/2022/37xxx/CVE-2022-37787.json b/2022/37xxx/CVE-2022-37787.json index 3d059821bef..157b2d3f685 100644 --- a/2022/37xxx/CVE-2022-37787.json +++ b/2022/37xxx/CVE-2022-37787.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-37787", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-37787", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in WeCube platform 3.2.2. A DOM XSS vulnerability has been found on the plugin database execution page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/WeBankPartners/wecube-platform", + "refsource": "MISC", + "name": "https://github.com/WeBankPartners/wecube-platform" + }, + { + "refsource": "MISC", + "name": "https://github.com/WeBankPartners/wecube-platform/issues/2328", + "url": "https://github.com/WeBankPartners/wecube-platform/issues/2328" } ] } diff --git a/2022/40xxx/CVE-2022-40711.json b/2022/40xxx/CVE-2022-40711.json index 604b4659cc8..23a6316aa24 100644 --- a/2022/40xxx/CVE-2022-40711.json +++ b/2022/40xxx/CVE-2022-40711.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-40711", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-40711", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PrimeKey EJBCA 7.9.0.2 Community allows stored XSS in the End Entity section. A user with the RA Administrator role can inject an XSS payload to target higher-privilege users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://verneet.com/cve-2022-40711/", + "url": "https://verneet.com/cve-2022-40711/" } ] } diff --git a/2022/45xxx/CVE-2022-45027.json b/2022/45xxx/CVE-2022-45027.json index 33807bf1db2..03aa450c459 100644 --- a/2022/45xxx/CVE-2022-45027.json +++ b/2022/45xxx/CVE-2022-45027.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-45027", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-45027", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "perfSONAR before 4.4.6, when performing participant discovery, incorrectly uses an HTTP request header value to determine a local address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.perfsonar.net/releasenotes-2022-11-09-4-4-6.html", + "url": "https://www.perfsonar.net/releasenotes-2022-11-09-4-4-6.html" } ] } diff --git a/2022/45xxx/CVE-2022-45213.json b/2022/45xxx/CVE-2022-45213.json index e9281aff1de..381251e5262 100644 --- a/2022/45xxx/CVE-2022-45213.json +++ b/2022/45xxx/CVE-2022-45213.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-45213", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-45213", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "perfSONAR before 4.4.6 inadvertently supports the parse option for a file:// URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.perfsonar.net/releasenotes-2022-11-09-4-4-6.html", + "url": "https://www.perfsonar.net/releasenotes-2022-11-09-4-4-6.html" } ] } diff --git a/2022/47xxx/CVE-2022-47634.json b/2022/47xxx/CVE-2022-47634.json index c812a3f4dce..cc491a0e684 100644 --- a/2022/47xxx/CVE-2022-47634.json +++ b/2022/47xxx/CVE-2022-47634.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-47634", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-47634", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "M-Link Archive Server in Isode M-Link R16.2v1 through R17.0 before R17.0v24 allows non-administrative users to access and manipulate archive data via certain HTTP endpoints, aka LINK-2867." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.isode.com/support/security/advisory/m-link-incorrect-access-control-vulnerability-21-12-2022.html", + "url": "https://www.isode.com/support/security/advisory/m-link-incorrect-access-control-vulnerability-21-12-2022.html" } ] }