admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-06-02 18:01:39 +00:00
parent 81b46dae3c
commit cc32ad4d8f
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
26 changed files with 1402 additions and 308 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
2021/38xxx/CVE-2021-38221.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-38221",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-38221",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "bbs-go <= 3.3.0 including Custom Edition is vulnerable to stored XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/mlogclub/bbs-go/issues/112",
"refsource": "MISC",
"name": "https://github.com/mlogclub/bbs-go/issues/112"
},
{
"url": "https://github.com/mlogclub/bbs-go/pull/113",
"refsource": "MISC",
"name": "https://github.com/mlogclub/bbs-go/pull/113"
}
]
}

61
2021/45xxx/CVE-2021-45981.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-45981",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-45981",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "NetScout nGeniusONE 6.3.2 allows an XML External Entity (XXE) attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.netscout.com/securityadvisories",
"url": "https://www.netscout.com/securityadvisories"
},
{
"url": "https://netscout.com",
"refsource": "MISC",
"name": "https://netscout.com"
}
]
}

61
2021/45xxx/CVE-2021-45982.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-45982",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-45982",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "NetScout nGeniusONE 6.3.2 allows Arbitrary File Upload by a privileged user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.netscout.com/securityadvisories",
"url": "https://www.netscout.com/securityadvisories"
},
{
"url": "https://netscout.com",
"refsource": "MISC",
"name": "https://netscout.com"
}
]
}

61
2021/45xxx/CVE-2021-45983.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-45983",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-45983",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "NetScout nGeniusONE 6.3.2 allows Java RMI Code Execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.netscout.com/securityadvisories",
"url": "https://www.netscout.com/securityadvisories"
},
{
"url": "https://netscout.com",
"refsource": "MISC",
"name": "https://netscout.com"
}
]
}

16
2022/1xxx/CVE-2022-1678.json
View File

@ -43,6 +43,22 @@
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{

55
2022/1xxx/CVE-2022-1716.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1716",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "help@fluidattacks.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Keep My Notes",
"version": {
"version_data": [
{
"version_value": "1.80.147"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://fluidattacks.com/advisories/tyler/",
"url": "https://fluidattacks.com/advisories/tyler/"
},
{
"refsource": "MISC",
"name": "http://www.kitetech.co/keepmynotes",
"url": "http://www.kitetech.co/keepmynotes"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An attacker with physical access to the victim's device can bypass the application's password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation."
}
]
}

12
2022/1xxx/CVE-2022-1979.json
View File

@ -49,7 +49,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in SourceCodester Product Show Room Site 1.0. It has been declared as problematic. This vulnerability affects p=contact. The manipulation of the Message textbox with the input <script>alert(1)<\/script> leads to cross site scripting. The attack can be initiated remotely but requires authentication. Exploit details have been disclosed to the public."
"value": "A vulnerability was found in SourceCodester Product Show Room Site 1.0. It has been declared as problematic. This vulnerability affects p=contact. The manipulation of the Message textbox with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely but requires authentication. Exploit details have been disclosed to the public."
}
]
},
@ -57,16 +57,20 @@
"cvss": {
"version": "3.1",
"baseScore": "3.5",
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N"
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/github.com\/Xor-Gerke\/webray.com.cn\/blob\/main\/cve\/Product%20Show%20Room%20Site\/'Message'%20Stored%20Cross-Site%20Scripting(XSS).md"
"url": "https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/Product%20Show%20Room%20Site/'Message'%20Stored%20Cross-Site%20Scripting(XSS).md",
"refsource": "MISC",
"name": "https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/Product%20Show%20Room%20Site/'Message'%20Stored%20Cross-Site%20Scripting(XSS).md"
},
{
"url": "https:\/\/vuldb.com\/?id.200950"
"url": "https://vuldb.com/?id.200950",
"refsource": "MISC",
"name": "https://vuldb.com/?id.200950"
}
]
}

12
2022/1xxx/CVE-2022-1980.json
View File

@ -49,7 +49,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in SourceCodester Product Show Room Site 1.0. It has been rated as problematic. This issue affects the file \/admin\/?page=system_info\/contact_info. The manipulation of the textbox Telephone with the input <script>alert(1)<\/script> leads to cross site scripting. The attack may be initiated remotely but requires authentication. Expliot details have been disclosed to the public."
"value": "A vulnerability was found in SourceCodester Product Show Room Site 1.0. It has been rated as problematic. This issue affects the file /admin/?page=system_info/contact_info. The manipulation of the textbox Telephone with the input <script>alert(1)</script> leads to cross site scripting. The attack may be initiated remotely but requires authentication. Expliot details have been disclosed to the public."
}
]
},
@ -57,16 +57,20 @@
"cvss": {
"version": "3.1",
"baseScore": "2.4",
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:H\/UI:R\/S:U\/C:N\/I:L\/A:N"
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/github.com\/Xor-Gerke\/webray.com.cn\/blob\/main\/cve\/Product%20Show%20Room%20Site\/'Telephone'%20Stored%20Cross-Site%20Scripting(XSS).md"
"url": "https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/Product%20Show%20Room%20Site/'Telephone'%20Stored%20Cross-Site%20Scripting(XSS).md",
"refsource": "MISC",
"name": "https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/Product%20Show%20Room%20Site/'Telephone'%20Stored%20Cross-Site%20Scripting(XSS).md"
},
{
"url": "https:\/\/vuldb.com\/?id.200951"
"url": "https://vuldb.com/?id.200951",
"refsource": "MISC",
"name": "https://vuldb.com/?id.200951"
}
]
}

113
2022/1xxx/CVE-2022-1982.json
View File

@ -1,18 +1,117 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "responsibledisclosure@mattermost.com",
"ID": "CVE-2022-1982",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "A crafted SVG attachment can crash a Mattermost server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mattermost",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "5.x",
"version_value": "5.39"
},
{
"version_affected": "<=",
"version_name": "6.x",
"version_value": "6.3.7"
},
{
"version_affected": "<=",
"version_name": "6.4.x",
"version_value": "6.4.2"
},
{
"version_affected": "=",
"version_name": "6.5.x",
"version_value": "6.5.0"
},
{
"version_affected": "=",
"version_name": "6.6.x",
"version_value": "6.6.0"
}
]
}
}
]
},
"vendor_name": "Mattermost"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Uncontrolled resource consumption in Mattermost version 6.6.0 and earlier allows an authenticated attacker to crash the server via a crafted SVG attachment on a post."
}
]
}
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://mattermost.com/security-updates/",
"name": "https://mattermost.com/security-updates/"
}
]
},
"source": {
"advisory": "MMSA-2022-00104",
"defect": [
"https://mattermost.atlassian.net/browse/MM-43392"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Configure the maximum file size for message attachments to 20 megabytes or less: https://docs.mattermost.com/configure/configuration-settings.html#maximum-file-size"
}
]
}

73
2022/25xxx/CVE-2022-25155.json
View File

@ -15,7 +15,7 @@
"product": {
"product_data": [
{
"product_name": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU",
"product_name": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU; Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU; Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU; Mitsubishi Electric MELSEC iQ-R series RJ71GN11-T2; Mitsubishi Electric MELSEC iQ-R series RJ71GN11-EIP; Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4); Mitsubishi Electric MELSEC iQ-R series RJ71EN71; Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2; Mitsubishi Electric MELSEC Q series Q03UDECPU; Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU; Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU; Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU; Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4); Mitsubishi Electric MELSEC Q series QJ71E71-100; Mitsubishi Electric MELSEC Q series QJ72BR15; Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE); Mitsubishi Electric MELSEC L series L02/06/26CPU(-P); Mitsubishi Electric MELSEC L series L26CPU-(P)BT; Mitsubishi Electric MELSEC L series LJ71C24(-R2); Mitsubishi Electric MELSEC L series LJ71E71-100; Mitsubishi Electric MELSEC L series LJ72GF15-T2",
"version": {
"version_data": [
{
@ -23,6 +23,75 @@
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71GN11-T2 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71GN11-EIP all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series Q03UDECPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series QJ72BR15 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE) all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC L series LJ71E71-100 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions"
}
]
}
@ -68,7 +137,7 @@
"description_data": [
{
"lang": "eng",
"value": "Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to login to the product by replaying an eavesdropped password hash."
"value": "Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GN11-T2 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GN11-EIP all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC Q series QJ72BR15 all versions, Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE) all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote unauthenticated attacker to login to the product by replaying an eavesdropped password hash."
}
]
}

67
2022/25xxx/CVE-2022-25156.json
View File

@ -15,7 +15,7 @@
"product": {
"product_data": [
{
"product_name": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU",
"product_name": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU; Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU; Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU; Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4); Mitsubishi Electric MELSEC iQ-R series RJ71EN71; Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2; Mitsubishi Electric MELSEC Q series Q03UDECPU; Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU; Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU; Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU; Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4); Mitsubishi Electric MELSEC Q series QJ71E71-100; Mitsubishi Electric MELSEC Q series QJ72BR15; Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE); Mitsubishi Electric MELSEC L series L02/06/26CPU(-P); Mitsubishi Electric MELSEC L series L26CPU-(P)BT; Mitsubishi Electric MELSEC L series LJ71C24(-R2); Mitsubishi Electric MELSEC L series LJ71E71-100; Mitsubishi Electric MELSEC L series LJ72GF15-T2",
"version": {
"version_data": [
{
@ -23,6 +23,69 @@
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series Q03UDECPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series QJ72BR15 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE) all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC L series LJ71E71-100 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions"
}
]
}
@ -68,7 +131,7 @@
"description_data": [
{
"lang": "eng",
"value": "Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to login to the product by using a password reversed from a previously eavesdropped password hash."
"value": "Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC Q series QJ72BR15 all versions, Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE) all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote unauthenticated attacker to login to the product by using a password reversed from a previously eavesdropped password hash."
}
]
}

70
2022/25xxx/CVE-2022-25157.json
View File

@ -15,7 +15,7 @@
"product": {
"product_data": [
{
"product_name": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU",
"product_name": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU; Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU; Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU; Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU; Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4); Mitsubishi Electric MELSEC iQ-R series RJ71EN71; Mitsubishi Electric MELSEC iQ-R series RJ71GF11-T2; Mitsubishi Electric MELSEC iQ-R series RJ71GP21(S)-SX; Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2; Mitsubishi Electric MELSEC Q series Q03UDECPU; Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU; Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU; Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU; Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4); Mitsubishi Electric MELSEC Q series QJ71E71-100; Mitsubishi Electric MELSEC L series L02/06/26CPU(-P); Mitsubishi Electric MELSEC L series L26CPU-(P)BT; Mitsubishi Electric MELSEC L series LJ71C24(-R2); Mitsubishi Electric MELSEC L series LJ71E71-100; Mitsubishi Electric MELSEC L series LJ72GF15-T2",
"version": {
"version_data": [
{
@ -23,6 +23,72 @@
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71GF11-T2 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71GP21(S)-SX all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series Q03UDECPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC L series LJ71E71-100 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions"
}
]
}
@ -68,7 +134,7 @@
"description_data": [
{
"lang": "eng",
"value": "Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to disclose or tamper with the information in the product by using an eavesdropped password hash."
"value": "Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GF11-T2 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GP21(S)-SX all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote unauthenticated attacker to disclose or tamper with the information in the product by using an eavesdropped password hash."
}
]
}

67
2022/25xxx/CVE-2022-25158.json
View File

@ -15,7 +15,7 @@
"product": {
"product_data": [
{
"product_name": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU",
"product_name": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU; Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU; Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU; itsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4); Mitsubishi Electric MELSEC iQ-R series RJ71EN71; Mitsubishi Electric MELSEC iQ-R series RJ71GF11-T2; Mitsubishi Electric MELSEC iQ-R series RJ71GP21(S)-SX; Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2; Mitsubishi Electric MELSEC Q series Q03UDECPU; Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU; Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU; Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU; Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4); Mitsubishi Electric MELSEC Q series QJ71E71-100; Mitsubishi Electric MELSEC L series L02/06/26CPU(-P); Mitsubishi Electric MELSEC L series L26CPU-(P)BT; Mitsubishi Electric MELSEC L series LJ71C24(-R2); Mitsubishi Electric MELSEC L series LJ71E71-100; Mitsubishi Electric MELSEC L series LJ72GF15-T2",
"version": {
"version_data": [
{
@ -23,6 +23,69 @@
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71GF11-T2 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71GP21(S)-SX all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series Q03UDECPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC L series LJ71E71-100 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions"
}
]
}
@ -68,7 +131,7 @@
"description_data": [
{
"lang": "eng",
"value": "Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote attacker to disclose or tamper with a file in which password hash is saved in cleartext."
"value": "Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GF11-T2 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GP21(S)-SX all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote attacker to disclose or tamper with a file in which password hash is saved in cleartext."
}
]
}

43
2022/25xxx/CVE-2022-25159.json
View File

@ -15,7 +15,7 @@
"product": {
"product_data": [
{
"product_name": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU",
"product_name": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU; Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU; Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU; Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU; Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4); Mitsubishi Electric MELSEC iQ-R series RJ71EN71; Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2; Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU; Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU; Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4); Mitsubishi Electric MELSEC Q series QJ71E71-100",
"version": {
"version_data": [
{
@ -23,6 +23,45 @@
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions"
}
]
}
@ -68,7 +107,7 @@
"description_data": [
{
"lang": "eng",
"value": "Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to login to the product by replay attack."
"value": "Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions and Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions allows a remote unauthenticated attacker to login to the product by replay attack."
}
]
}

43
2022/25xxx/CVE-2022-25160.json
View File

@ -15,7 +15,7 @@
"product": {
"product_data": [
{
"product_name": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU",
"product_name": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU; Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU; Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU; Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU; Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4); Mitsubishi Electric MELSEC iQ-R series RJ71EN71; Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2; Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU; Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU; Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4); Mitsubishi Electric MELSEC Q series QJ71E71-100",
"version": {
"version_data": [
{
@ -23,6 +23,45 @@
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions"
},
{
"version_value": "Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions"
}
]
}
@ -68,7 +107,7 @@
"description_data": [
{
"lang": "eng",
"value": "Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to disclose a file in a legitimate user's product by using previously eavesdropped cleartext information and to counterfeit a legitimate user's system."
"value": "Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions and Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions allows a remote unauthenticated attacker to disclose a file in a legitimate user's product by using previously eavesdropped cleartext information and to counterfeit a legitimate user\u2019s system."
}
]
}

33
2022/25xxx/CVE-2022-25161.json
View File

@ -15,26 +15,38 @@
"product": {
"product_data": [
{
"product_name": "Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS); Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS); Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS)",
"product_name": "Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS); Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS); Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS); Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/ES-A(x=24,40,60, y=T,R); Mitsubishi Electric MELSEC iQ-F series FX5S-xMy/z(x=30,40,60,80, y=T,R, z=ES,ESS)",
"version": {
"version_data": [
{
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) Prior to 1.270"
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later and versions prior to 1.270"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) Prior to 1.270"
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179**** and prior and versions prior to 1.073"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS Prior to 1.270"
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) with serial number 17X**** or later and versions prior to 1.270"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS Prior to 1.270"
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) with serial number 179**** and prior and versions prior to 1.073"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS Prior to 1.270"
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS versions prior to 1.270"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS) Prior to 1.030"
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS versions prior to 1.270"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS versions prior to 1.270"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS) versions prior to 1.030"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/ES-A(x=24,40,60, y=T,R) versions prior to 1.031"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5S-xMy/z(x=30,40,60,80, y=T,R, z=ES,ESS) version 1.000"
}
]
}
@ -68,6 +80,11 @@
"refsource": "MISC",
"name": "https://jvn.jp/vu/JVNVU95926817/index.html",
"url": "https://jvn.jp/vu/JVNVU95926817/index.html"
},
{
"refsource": "MISC",
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-139-01",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-139-01"
}
]
},
@ -75,7 +92,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS versions prior to 1.270 and Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS) versions prior to 1.030 allows a remote unauthenticated attacker to cause a DoS condition for the product's program execution or communication by sending specially crafted packets. System reset of the product is required for recovery."
"value": "Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later and versions prior to 1.270, Mitsubishi Electric Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179**** and prior and versions prior to 1.073, MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) with serial number 17X**** or later and versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) with serial number 179**** and prior and versions prior to 1.073, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS) versions prior to 1.030, Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/ES-A(x=24,40,60, y=T,R) versions prior to 1.031 and Mitsubishi Electric MELSEC iQ-F series FX5S-xMy/z(x=30,40,60,80, y=T,R, z=ES,ESS) version 1.000 allows a remote unauthenticated attacker to cause a DoS condition for the product's program execution or communication by sending specially crafted packets. System reset of the product is required for recovery."
}
]
}

33
2022/25xxx/CVE-2022-25162.json
View File

@ -15,26 +15,38 @@
"product": {
"product_data": [
{
"product_name": "Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS); Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS); Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS)",
"product_name": "Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS); Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS); Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS); Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/ES-A(x=24,40,60, y=T,R); Mitsubishi Electric MELSEC iQ-F series FX5S-xMy/z(x=30,40,60,80, y=T,R, z=ES,ESS)",
"version": {
"version_data": [
{
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) Prior to 1.270"
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later and versions prior to 1.270"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) Prior to 1.270"
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179**** and prior and versions prior to 1.073"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS Prior to 1.270"
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) with serial number 17X**** or later and versions prior to 1.270"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS Prior to 1.270"
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) with serial number 179**** and prior and versions prior to 1.073"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS Prior to 1.270"
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS versions prior to 1.270"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS) Prior to 1.030"
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS versions prior to 1.270"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS versions prior to 1.270"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS) versions prior to 1.030"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/ES-A(x=24,40,60, y=T,R) versions prior to 1.031"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-F series FX5S-xMy/z(x=30,40,60,80, y=T,R, z=ES,ESS) version 1.000"
}
]
}
@ -68,6 +80,11 @@
"refsource": "MISC",
"name": "https://jvn.jp/vu/JVNVU95926817/index.html",
"url": "https://jvn.jp/vu/JVNVU95926817/index.html"
},
{
"refsource": "MISC",
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-139-01",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-139-01"
}
]
},
@ -75,7 +92,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS versions prior to 1.270 and Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS) versions prior to 1.030 allows a remote unauthenticated attacker to cause a temporary DoS condition for the product's communication by sending specially crafted packets."
"value": "Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later and versions prior to 1.270, Mitsubishi Electric Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179**** and prior and versions prior to 1.073, MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) with serial number 17X**** or later and versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) with serial number 179**** and prior and versions prior to 1.073, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS) versions prior to 1.030, Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/ES-A(x=24,40,60, y=T,R) versions prior to 1.031 and Mitsubishi Electric MELSEC iQ-F series FX5S-xMy/z(x=30,40,60,80, y=T,R, z=ES,ESS) version 1.000 allows a remote unauthenticated attacker to cause a temporary DoS condition for the product's communication by sending specially crafted packets."
}
]
}

61
2022/25xxx/CVE-2022-25163.json
View File

@ -4,14 +4,69 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-25163",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Mitsubishi Electric MELSEC-Q Series QJ71E71-100; Mitsubishi Electric MELSEC-L series LJ71E71-100; Mitsubishi Electric MELSEC iQ-R Series RD81MES96N",
"version": {
"version_data": [
{
"version_value": "Mitsubishi Electric MELSEC-Q Series QJ71E71-100 first 5 digits of serial number \"24061\" or prior"
},
{
"version_value": "Mitsubishi Electric MELSEC-L series LJ71E71-100 first 5 digits of serial number \"24061\" or prior"
},
{
"version_value": "Mitsubishi Electric MELSEC iQ-R Series RD81MES96N firmware version \"08\" or prior"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-006_en.pdf",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-006_en.pdf"
},
{
"refsource": "MISC",
"name": "https://jvn.jp/vu/JVNVU92561747/index.html",
"url": "https://jvn.jp/vu/JVNVU92561747/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Input Validation vulnerability in Mitsubishi Electric MELSEC-Q Series QJ71E71-100 first 5 digits of serial number \"24061\" or prior, Mitsubishi Electric MELSEC-L series LJ71E71-100 first 5 digits of serial number \"24061\" or prior and Mitsubishi Electric MELSEC iQ-R Series RD81MES96N firmware version \"08\" or prior allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on the target products by sending specially crafted packets."
}
]
}

61
2022/26xxx/CVE-2022-26497.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26497",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-26497",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "BigBlueButton Greenlight 2.11.1 allows XSS. A threat actor could have a username containing a JavaScript payload. The payload gets executed in the browser of the victim in the \"Share room access\" dialog if the victim has shared access to the particular room with the attacker previously."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/bigbluebutton/greenlight/blob/master/app/assets/javascripts/room.js#L352",
"refsource": "MISC",
"name": "https://github.com/bigbluebutton/greenlight/blob/master/app/assets/javascripts/room.js#L352"
},
{
"refsource": "MISC",
"name": "https://www.mgm-sp.com/en/cve-2022-26497-bigbluebutton-greenlight-xss/",
"url": "https://www.mgm-sp.com/en/cve-2022-26497-bigbluebutton-greenlight-xss/"
}
]
}

61
2022/26xxx/CVE-2022-26944.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26944",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-26944",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Percona XtraBackup 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at run time, this command line is also written to the PERCONA_SCHEMA.xtrabackup_history table. NOTE: this issue exists because of an incomplete fix for CVE-2020-10997."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jira.percona.com/browse/PXB-2722",
"refsource": "MISC",
"name": "https://jira.percona.com/browse/PXB-2722"
},
{
"refsource": "MISC",
"name": "https://docs.percona.com/percona-xtrabackup/2.4/release-notes/2.4/2.4.25.html",
"url": "https://docs.percona.com/percona-xtrabackup/2.4/release-notes/2.4/2.4.25.html"
}
]
}

61
2022/29xxx/CVE-2022-29597.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-29597",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-29597",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to Local File Inclusion (LFI). Any authenticated user has the ability to reference internal system files within requests made to the RRSWeb/maint/ShowDocument/ShowDocument.aspx page. The server will successfully respond with the file contents of the internal system file requested. This ability could allow for adversaries to extract sensitive data and/or files from the underlying file system, gain knowledge about the internal workings of the system, or access source code of the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://solutions-atlantic.com/rrs/",
"refsource": "MISC",
"name": "https://solutions-atlantic.com/rrs/"
},
{
"refsource": "MISC",
"name": "https://github.com/TheGetch/CVE-2022-29597",
"url": "https://github.com/TheGetch/CVE-2022-29597"
}
]
}

61
2022/29xxx/CVE-2022-29704.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-29704",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-29704",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "BrowsBox CMS v4.0 was discovered to contain a SQL injection vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://browsbox.com",
"refsource": "MISC",
"name": "http://browsbox.com"
},
{
"url": "https://www.youtube.com/watch?v=ECTu2QVAl1c",
"refsource": "MISC",
"name": "https://www.youtube.com/watch?v=ECTu2QVAl1c"
}
]
}

66
2022/30xxx/CVE-2022-30429.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-30429",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-30429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Neos CMS allow attackers with the editor role or higher to inject arbitrary script or HTML code using the editor function, the deletion of assets, or a workspace title. The vulnerabilities were found in versions 3.3.29 and 8.0.1 and could also be present in all intermediate versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://cms.com",
"refsource": "MISC",
"name": "http://cms.com"
},
{
"url": "http://neos.com",
"refsource": "MISC",
"name": "http://neos.com"
},
{
"refsource": "MISC",
"name": "https://www.neos.io/blog/xss-in-various-backend-modules.html",
"url": "https://www.neos.io/blog/xss-in-various-backend-modules.html"
}
]
}

126
2022/30xxx/CVE-2022-30687.json
View File

@ -1,63 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@trendmicro.com",
"ID" : "CVE-2022-30687",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Trend Micro Maximum Security",
"version" : {
"version_data" : [
{
"version_value" : "2022 (17.7)"
}
]
}
}
]
},
"vendor_name" : "Trend Micro"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product's secure erase feature to delete arbitrary files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Link Following Arbitrary File Deletion"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://helpcenter.trendmicro.com/en-us/article/tmka-11017"
},
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-22-789/"
}
]
}
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2022-30687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Maximum Security",
"version": {
"version_data": [
{
"version_value": "2022 (17.7)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product's secure erase feature to delete arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Link Following Arbitrary File Deletion"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-11017",
"refsource": "MISC",
"name": "https://helpcenter.trendmicro.com/en-us/article/tmka-11017"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-789/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-789/"
}
]
}
}

2
2022/31xxx/CVE-2022-31018.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "Play Framework is a web framework for Java and Scala. A denial of service vulnerability has been discovered in verions 2.8.3 through 2.8.15 of Play's forms library, in both the Scala and Java APIs. This can occur when using either the `Form#bindFromRequest` method on a JSON request body or the `Form#bind` method directly on a JSON value. If the JSON data being bound to the form contains a deeply-nested JSON object or array, the form binding implementation may consume all available heap space and cause an `OutOfMemoryError`. If executing on the default dispatcher and `akka.jvm-exit-on-fatal-error` is enabled—as it is by default—then this can crash the application process. `Form.bindFromRequest` is vulnerable when using any body parser that produces a type of `AnyContent` or `JsValue` in Scala, or one that can produce a `JsonNode` in Java. This includes Play's default body parser. This vulnerability been patched in version 2.8.16. There is now a global limit on the depth of a JSON object that can be parsed, which can be configured by the user if necessary. As a workaround, applications that do not need to parse a request body of type `application/json` can switch from the default body parser to another body parser that supports only the specific type of body they expect.\n\n"
"value": "Play Framework is a web framework for Java and Scala. A denial of service vulnerability has been discovered in verions 2.8.3 through 2.8.15 of Play's forms library, in both the Scala and Java APIs. This can occur when using either the `Form#bindFromRequest` method on a JSON request body or the `Form#bind` method directly on a JSON value. If the JSON data being bound to the form contains a deeply-nested JSON object or array, the form binding implementation may consume all available heap space and cause an `OutOfMemoryError`. If executing on the default dispatcher and `akka.jvm-exit-on-fatal-error` is enabled\u2014as it is by default\u2014then this can crash the application process. `Form.bindFromRequest` is vulnerable when using any body parser that produces a type of `AnyContent` or `JsValue` in Scala, or one that can produce a `JsonNode` in Java. This includes Play's default body parser. This vulnerability been patched in version 2.8.16. There is now a global limit on the depth of a JSON object that can be parsed, which can be configured by the user if necessary. As a workaround, applications that do not need to parse a request body of type `application/json` can switch from the default body parser to another body parser that supports only the specific type of body they expect."
}
]
},

56
2022/32xxx/CVE-2022-32019.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-32019",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-32019",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via car-rental-management-system/admin/ajax.php?action=save_car."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/car-rental-management-system/RCE-1.md",
"url": "https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/car-rental-management-system/RCE-1.md"
}
]
}