diff --git a/2022/26xxx/CVE-2022-26078.json b/2022/26xxx/CVE-2022-26078.json index 47f92af3cfb..8af5cd63f6e 100644 --- a/2022/26xxx/CVE-2022-26078.json +++ b/2022/26xxx/CVE-2022-26078.json @@ -1,18 +1,101 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "disclosures@gallagher.com", "ID": "CVE-2022-26078", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Gallagher Controller 6000", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "vCR8.60", + "version_value": "220303a" + }, + { + "version_affected": "<", + "version_name": "vCR8.50", + "version_value": "220303a" + }, + { + "version_affected": "<", + "version_name": "vCR8.40", + "version_value": "220303a" + }, + { + "version_affected": "<", + "version_name": "vCR8.30", + "version_value": "220303a" + } + ] + } + } + ] + }, + "vendor_name": "Gallagher" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Gallagher Controller 6000 is vulnerable to a Denial of Service attack via conflicting ARP packets with a duplicate IP address. This issue affects: Gallagher Gallagher Controller 6000 vCR8.60 versions prior to 220303a; vCR8.50 versions prior to 220303a; vCR8.40 versions prior to 220303a; vCR8.30 versions prior to 220303a." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-754 Improper Check for Unusual or Exceptional Conditions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.gallagher.com/Security-Advisories/CVE-2022-26078", + "name": "https://security.gallagher.com/Security-Advisories/CVE-2022-26078" + } + ] + }, + "source": { + "discovery": "USER" } } \ No newline at end of file diff --git a/2022/26xxx/CVE-2022-26348.json b/2022/26xxx/CVE-2022-26348.json index 26589984aae..470bc38e833 100644 --- a/2022/26xxx/CVE-2022-26348.json +++ b/2022/26xxx/CVE-2022-26348.json @@ -1,18 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "disclosures@gallagher.com", "ID": "CVE-2022-26348", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Command Centre", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "8.60", + "version_value": "8.60.1652" + }, + { + "version_affected": "<", + "version_name": "8.50", + "version_value": "8.50.2245" + }, + { + "version_affected": "<", + "version_name": "8.40", + "version_value": "8.40.2216" + }, + { + "version_affected": "<", + "version_name": "8.30", + "version_value": "8.30.1470" + }, + { + "version_affected": "<=", + "version_value": "8.20" + } + ] + } + } + ] + }, + "vendor_name": "Gallagher" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. The Windows Registry setting allows an attacker using the Visitor Management Kiosk, an application designed for public use, to invoke an arbitrary SQL query that has been preloaded into the registry of the Windows Server to obtain sensitive information. This issue affects: Gallagher Command Centre 8.60 versions prior to 8.60.1652; 8.50 versions prior to 8.50.2245; 8.40 versions prior to 8.40.2216; 8.30 versions prior to 8.30.1470; version 8.20 and prior versions." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.gallagher.com/Security-Advisories/CVE-2022-26348", + "name": "https://security.gallagher.com/Security-Advisories/CVE-2022-26348" + } + ] + }, + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2022/28xxx/CVE-2022-28217.json b/2022/28xxx/CVE-2022-28217.json index 7b7c81cf3a5..5093e6ea812 100644 --- a/2022/28xxx/CVE-2022-28217.json +++ b/2022/28xxx/CVE-2022-28217.json @@ -51,7 +51,7 @@ "description_data": [ { "lang": "eng", - "value": "Some part of SAP NetWeaver (EP Web Page Composer) does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking at endpoints, and a possibility to conduct SSRF attacks that could compromise system\u2019s Availability by causing system to crash." + "value": "Some part of SAP NetWeaver (EP Web Page Composer) does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking at endpoints, and a possibility to conduct SSRF attacks that could compromise system\ufffds Availability by causing system to crash." } ] }, @@ -68,7 +68,7 @@ "description": [ { "lang": "eng", - "value": "CWE-112" + "value": "CWE-918" } ] } diff --git a/2022/29xxx/CVE-2022-29617.json b/2022/29xxx/CVE-2022-29617.json index bf222548e91..425c44477d7 100644 --- a/2022/29xxx/CVE-2022-29617.json +++ b/2022/29xxx/CVE-2022-29617.json @@ -52,7 +52,7 @@ "description": [ { "lang": "eng", - "value": "CWE-703" + "value": "CWE-755" } ] } diff --git a/2022/34xxx/CVE-2022-34595.json b/2022/34xxx/CVE-2022-34595.json index cca9c50f905..c878a9fb029 100644 --- a/2022/34xxx/CVE-2022-34595.json +++ b/2022/34xxx/CVE-2022-34595.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-34595", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-34595", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function setipv6status." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/zhefox/IOT_Vul/blob/main/Tenda/tendaAX1803/readme_en.md", + "refsource": "MISC", + "name": "https://github.com/zhefox/IOT_Vul/blob/main/Tenda/tendaAX1803/readme_en.md" } ] } diff --git a/2022/34xxx/CVE-2022-34596.json b/2022/34xxx/CVE-2022-34596.json index 813b6e8d291..261a005c9b7 100644 --- a/2022/34xxx/CVE-2022-34596.json +++ b/2022/34xxx/CVE-2022-34596.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-34596", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-34596", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function WanParameterSetting." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/zhefox/IOT_Vul/blob/main/Tenda/tendaAX1803/2/readme_en.md", + "refsource": "MISC", + "name": "https://github.com/zhefox/IOT_Vul/blob/main/Tenda/tendaAX1803/2/readme_en.md" } ] } diff --git a/2022/34xxx/CVE-2022-34597.json b/2022/34xxx/CVE-2022-34597.json index 1b68dc5c33d..679127f638d 100644 --- a/2022/34xxx/CVE-2022-34597.json +++ b/2022/34xxx/CVE-2022-34597.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-34597", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-34597", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability via the function WanParameterSetting." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/zhefox/IOT_Vul/blob/main/Tenda/TendaAX1806/readme_en.md", + "refsource": "MISC", + "name": "https://github.com/zhefox/IOT_Vul/blob/main/Tenda/TendaAX1806/readme_en.md" } ] } diff --git a/2022/34xxx/CVE-2022-34598.json b/2022/34xxx/CVE-2022-34598.json index a1f88eb83e4..ac94a20b291 100644 --- a/2022/34xxx/CVE-2022-34598.json +++ b/2022/34xxx/CVE-2022-34598.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-34598", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-34598", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The udpserver in H3C Magic R100 V200R004 and V100R005 has the 9034 port opened, allowing attackers to execute arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/zhefox/IOT_Vul/tree/main/H3C/H3CR100/1", + "refsource": "MISC", + "name": "https://github.com/zhefox/IOT_Vul/tree/main/H3C/H3CR100/1" } ] }