admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-05-19 18:01:32 +00:00
parent bd880d05d9
commit cc6c05ff45
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
20 changed files with 1438 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

466
2020/14xxx/CVE-2020-14496.json
View File

@ -1,18 +1,472 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-14496",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Mitsubishi Electric Multiple Factory Automation Engineering Software Products (Update A) - Permission Issues"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CPU Module Logging Configuration Tool",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "All",
"version_value": "1.100E"
}
]
}
},
{
"product_name": "CW Configurator",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "All",
"version_value": "1.010L"
}
]
}
},
{
"product_name": "Data Transfer",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "All",
"version_value": "3.40S"
}
]
}
},
{
"product_name": "EZSocket",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "All",
"version_value": "4.5"
}
]
}
},
{
"product_name": "FR Configurator2",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "All",
"version_value": "1.22Y"
}
]
}
},
{
"product_name": "GT Designer3 Version1 (GOT2000)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "All",
"version_value": "1.235V"
}
]
}
},
{
"product_name": "GT SoftGOT1000 Version3",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "All",
"version_value": "3.200J"
}
]
}
},
{
"product_name": "GT SoftGOT1000 Version3",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "All"
}
]
}
},
{
"product_name": "GT SoftGOT2000 Version1",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "All",
"version_value": "1.235V"
}
]
}
},
{
"product_name": "GX LogViewer",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "All",
"version_value": "1.100E"
}
]
}
},
{
"product_name": "GX Works2",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "All",
"version_value": "1.592S"
}
]
}
},
{
"product_name": "GX Works3",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "All",
"version_value": "1.063R"
}
]
}
},
{
"product_name": "M_CommDTM-HART",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "1.00A"
}
]
}
},
{
"product_name": "M_CommDTM-IO-Link",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "All"
}
]
}
},
{
"product_name": "MELFA-Works",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "All",
"version_value": "4.3"
}
]
}
},
{
"product_name": "MELSEC WinCPU Setting Utility",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "All"
}
]
}
},
{
"product_name": "MELSOFT EM Software Development Kit (EM Configurator)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "All",
"version_value": "1.010L"
}
]
}
},
{
"product_name": "MELSOFT FieldDeviceConfigurator",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "All",
"version_value": "1.03D"
}
]
}
},
{
"product_name": "MELSOFT Navigator",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "All",
"version_value": "2.62Q"
}
]
}
},
{
"product_name": "MH11 SettingTool Version2",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "All",
"version_value": "2.002C"
}
]
}
},
{
"product_name": "MI Configurator",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "All"
}
]
}
},
{
"product_name": "Motorizer",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "All",
"version_value": "1.005F"
}
]
}
},
{
"product_name": "MR Configurator2",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "All",
"version_value": "1.105K"
}
]
}
},
{
"product_name": "MT Works2",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "All",
"version_value": "1.156N"
}
]
}
},
{
"product_name": "MX Component",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "All",
"version_value": "4.19V"
}
]
}
},
{
"product_name": "Network Interface Board CC IE Control utility",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "All"
}
]
}
},
{
"product_name": "Network Interface Board CC IE Field Utility",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "All"
}
]
}
},
{
"product_name": "Network Interface Board CC-Link Ver.2 Utility",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "All"
}
]
}
},
{
"product_name": "Network Interface Board MNETH utility",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "All"
}
]
}
},
{
"product_name": "PX Developer",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "All",
"version_value": "1.52E"
}
]
}
},
{
"product_name": "RT ToolBox2",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "All",
"version_value": "3.72A"
}
]
}
},
{
"product_name": "RT ToolBox3",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "All",
"version_value": "1.70Y"
}
]
}
},
{
"product_name": "Setting/monitoring tools for the C Controller module",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Successful exploitation of this vulnerability for multiple Mitsubishi Electric Factory Automation Engineering Software Products of various versions could allow an attacker to escalate privilege and execute malicious programs, which could cause a denial-of-service condition, and allow information to be disclosed, tampered with, and/or destroyed."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-275 Permission Issues"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-02",
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-212-02"
}
]
},
"source": {
"advisory": "ICSA-20-212-02",
"discovery": "UNKNOWN"
}
}

94
2020/16xxx/CVE-2020-16209.json
View File

@ -1,18 +1,100 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-16209",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Fieldcomm Group HART-IP and hipserver - Stack-based Buffer Overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HART-IP Developer Kit",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "1.0.0.0"
}
]
}
},
{
"product_name": "hipserver",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "3.6.1"
}
]
}
}
]
},
"vendor_name": "Fieldcomm Group"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A malicious attacker could exploit the interface of the Fieldcomm Group HART-IP (release 1.0.0.0) by constructing messages with sufficiently large payloads to overflow the internal buffer and crash the device, or obtain control of the device."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-287-04",
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-287-04"
}
]
},
"source": {
"advisory": "ICSA-20-287-04",
"discovery": "UNKNOWN"
}
}

310
2020/16xxx/CVE-2020-16231.json
View File

@ -1,18 +1,316 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-16231",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "All Bachmann M1 System Processor Modules - Use of Password Hash with Insufficient Computational Effort"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "M1 Hardware Controller MX207",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "All",
"version_value": "MSYS v1.06.14"
}
]
}
},
{
"product_name": "M1 Hardware Controller MX213",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "All",
"version_value": "MSYS v1.06.14"
}
]
}
},
{
"product_name": "M1 Hardware Controller MX220",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "All",
"version_value": "MSYS v1.06.14"
}
]
}
},
{
"product_name": "M1 Hardware Controller MC206",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "All",
"version_value": "MSYS v1.06.14"
}
]
}
},
{
"product_name": "M1 Hardware Controller MC212",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "All",
"version_value": "MSYS v1.06.14"
}
]
}
},
{
"product_name": "M1 Hardware Controller MC220",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "All",
"version_value": "MSYS v1.06.14"
}
]
}
},
{
"product_name": "M1 Hardware Controller MH230",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "All",
"version_value": "MSYS v1.06.14"
}
]
}
},
{
"product_name": "M1 Hardware Controller MC205",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "All",
"version_value": "MSYS v1.06.14"
}
]
}
},
{
"product_name": "M1 Hardware Controller MC210",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "All",
"version_value": "MSYS v1.06.14"
}
]
}
},
{
"product_name": "M1 Hardware Controller MH212",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "All",
"version_value": "MSYS v1.06.14"
}
]
}
},
{
"product_name": "M1 Hardware Controller ME203",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "All",
"version_value": "MSYS v1.06.14"
}
]
}
},
{
"product_name": "M1 Hardware Controller CS200",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "All",
"version_value": "MSYS v1.06.14"
}
]
}
},
{
"product_name": "M1 Hardware Controller MP213",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "All",
"version_value": "MSYS v1.06.14"
}
]
}
},
{
"product_name": "M1 Hardware Controller MP226",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "All",
"version_value": "MSYS v1.06.14"
}
]
}
},
{
"product_name": "M1 Hardware Controller MPC240",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "All",
"version_value": "MSYS v1.06.14"
}
]
}
},
{
"product_name": "M1 Hardware Controller MPC265",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "All",
"version_value": "MSYS v1.06.14"
}
]
}
},
{
"product_name": "M1 Hardware Controller MPC270",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "All",
"version_value": "MSYS v1.06.14"
}
]
}
},
{
"product_name": "M1 Hardware Controller MPC293",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "All",
"version_value": "MSYS v1.06.14"
}
]
}
},
{
"product_name": "M1 Hardware Controller MPE270",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "All",
"version_value": "MSYS v1.06.14"
}
]
}
},
{
"product_name": "M1 Hardware Controller CPC210",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "All",
"version_value": "MSYS v1.06.14"
}
]
}
}
]
},
"vendor_name": "Bachmann Electronic, GmbH"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The affected Bachmann Electronic M-Base Controllers of version MSYS v1.06.14 and later use weak cryptography to protect device passwords. Affected controllers that are actively supported include MX207, MX213, MX220, MC206, MC212, MC220, and MH230 hardware controllers, and affected end-of-life controller include MC205, MC210, MH212, ME203, CS200, MP213, MP226, MPC240, MPC265, MPC270, MPC293, MPE270, and CPC210 hardware controllers. Security Level 0 is set at default from the manufacturer, which could allow an unauthenticated remote attacker to gain access to the password hashes. Security Level 4 is susceptible if an authenticated remote attacker or an unauthenticated person with physical access to the device reads and decrypts the password to conduct further attacks."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-916 Use of Password Hash With Insufficient Computational Effort"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-026-02",
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-026-02"
}
]
},
"source": {
"advisory": "ICSA-21-026-02",
"discovery": "UNKNOWN"
}
}

88
2020/16xxx/CVE-2020-16235.json
View File

@ -1,18 +1,94 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-16235",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Emerson OpenEnterprise - Inadequate Encryption Strength"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Open Enterprise",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "All",
"version_value": "3.3.5"
}
]
}
}
]
},
"vendor_name": "Emerson"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Roman Lozko of Kaspersky reported this vulnerability to Emerson."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Inadequate encryption may allow the credentials used by Emerson OpenEnterprise, up through version 3.3.5, to access field devices and external systems to be obtained."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-326 Inadequate Encryption Strength"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-238-02",
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-238-02"
}
]
},
"source": {
"advisory": "ICSA-20-238-02",
"discovery": "UNKNOWN"
}
}

5
2020/26xxx/CVE-2020-26808.json
View File

@ -129,6 +129,11 @@
"refsource": "FULLDISC",
"name": "20220518 SEC Consult SA-20220518-0 :: Multiple Critical Vulnerabilities in SAP Application Server, ABAP and ABAP Platform (Different Software Components)",
"url": "http://seclists.org/fulldisclosure/2022/May/42"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html",
"url": "http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html"
}
]
}

5
2020/26xxx/CVE-2020-26832.json
View File

@ -129,6 +129,11 @@
"refsource": "FULLDISC",
"name": "20220518 SEC Consult SA-20220518-0 :: Multiple Critical Vulnerabilities in SAP Application Server, ABAP and ABAP Platform (Different Software Components)",
"url": "http://seclists.org/fulldisclosure/2022/May/42"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html",
"url": "http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html"
}
]
}

5
2020/6xxx/CVE-2020-6318.json
View File

@ -126,6 +126,11 @@
"refsource": "FULLDISC",
"name": "20220518 SEC Consult SA-20220518-0 :: Multiple Critical Vulnerabilities in SAP Application Server, ABAP and ABAP Platform (Different Software Components)",
"url": "http://seclists.org/fulldisclosure/2022/May/42"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html",
"url": "http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html"
}
]
}

5
2021/21xxx/CVE-2021-21465.json
View File

@ -118,6 +118,11 @@
"refsource": "FULLDISC",
"name": "20220518 SEC Consult SA-20220518-0 :: Multiple Critical Vulnerabilities in SAP Application Server, ABAP and ABAP Platform (Different Software Components)",
"url": "http://seclists.org/fulldisclosure/2022/May/42"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html",
"url": "http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html"
}
]
}

5
2021/21xxx/CVE-2021-21466.json
View File

@ -121,6 +121,11 @@
"refsource": "FULLDISC",
"name": "20220518 SEC Consult SA-20220518-0 :: Multiple Critical Vulnerabilities in SAP Application Server, ABAP and ABAP Platform (Different Software Components)",
"url": "http://seclists.org/fulldisclosure/2022/May/42"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html",
"url": "http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html"
}
]
}

5
2021/21xxx/CVE-2021-21468.json
View File

@ -118,6 +118,11 @@
"refsource": "FULLDISC",
"name": "20220518 SEC Consult SA-20220518-0 :: Multiple Critical Vulnerabilities in SAP Application Server, ABAP and ABAP Platform (Different Software Components)",
"url": "http://seclists.org/fulldisclosure/2022/May/42"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html",
"url": "http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html"
}
]
}

5
2021/21xxx/CVE-2021-21473.json
View File

@ -122,6 +122,11 @@
"refsource": "FULLDISC",
"name": "20220518 SEC Consult SA-20220518-0 :: Multiple Critical Vulnerabilities in SAP Application Server, ABAP and ABAP Platform (Different Software Components)",
"url": "http://seclists.org/fulldisclosure/2022/May/42"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html",
"url": "http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html"
}
]
}

5
2021/30xxx/CVE-2021-30140.json
View File

@ -71,6 +71,11 @@
"refsource": "FULLDISC",
"name": "20220518 LiquidFiles - 3.4.15 - Stored XSS - CVE-2021-30140",
"url": "http://seclists.org/fulldisclosure/2022/May/41"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/167228/LiquidFiles-3.4.15-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/167228/LiquidFiles-3.4.15-Cross-Site-Scripting.html"
}
]
},

104
2021/32xxx/CVE-2021-32934.json
View File

@ -1,18 +1,110 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-32934",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "ThroughTek P2P SDK - Cleartext Transmission of Sensitive Information"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "P2P SDK",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "All",
"version_value": "3.1.5"
},
{
"version_affected": "=",
"version_value": "all with nossl tag"
},
{
"version_affected": "!",
"version_value": "firmware using AuthKey for IOTC connection"
},
{
"version_affected": "=",
"version_value": "firmware using AVAPI module without enabling DTLS mechanism"
},
{
"version_affected": "=",
"version_value": "firmware using P2PTunnel or RDT module"
}
]
}
}
]
},
"vendor_name": "ThroughTek"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Nozomi Networks reported this vulnerability to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The affected ThroughTek P2P products (SDKs using versions before 3.1.5, any versions with nossl tag, device firmware not using AuthKey for IOTC conneciton, firmware using AVAPI module without enabling DTLS mechanism, and firmware using P2PTunnel or RDT module) do not sufficiently protect data transferred between the local device and ThroughTek servers. This can allow an attacker to access sensitive information, such as camera feeds."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319 Cleartext Transmission of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-01",
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-01"
}
]
},
"source": {
"advisory": "ICSA-21-166-01",
"discovery": "UNKNOWN"
}
}

5
2021/33xxx/CVE-2021-33678.json
View File

@ -142,6 +142,11 @@
"refsource": "FULLDISC",
"name": "20220518 SEC Consult SA-20220518-0 :: Multiple Critical Vulnerabilities in SAP Application Server, ABAP and ABAP Platform (Different Software Components)",
"url": "http://seclists.org/fulldisclosure/2022/May/42"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html",
"url": "http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html"
}
]
}

5
2021/46xxx/CVE-2021-46426.json
View File

@ -71,6 +71,11 @@
"refsource": "FULLDISC",
"name": "20220518 PHPIPAM 1.4.4 - CVE-2021-46426",
"url": "http://seclists.org/fulldisclosure/2022/May/43"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/167227/PHPIPAM-1.4.4-Cross-Site-Request-Forgery-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/167227/PHPIPAM-1.4.4-Cross-Site-Request-Forgery-Cross-Site-Scripting.html"
}
]
}

85
2022/1xxx/CVE-2022-1413.json
View File

@ -4,15 +4,92 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1413",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=1.0.2, <14.8.6"
},
{
"version_value": ">=14.9.0, <14.9.4"
},
{
"version_value": ">=14.10.0, <14.10.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing password field masking in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/353720",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/353720",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1413.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1413.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing input masking in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 causes potentially sensitive integration properties to be disclosed in the web interface"
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N",
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"version": "3.1",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
},
"credit": [
{
"lang": "eng",
"value": "This vulnerability has been discovered internally by the GitLab team"
}
]
}

90
2022/1xxx/CVE-2022-1416.json
View File

@ -4,15 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1416",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=1.0.2, <14.8.6"
},
{
"version_value": ">=14.9.0, <14.9.4"
},
{
"version_value": ">=14.10.0, <14.10.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper neutralization of input during web page generation ('cross-site scripting') in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/342988",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/342988",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/1362405",
"url": "https://hackerone.com/reports/1362405",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1416.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1416.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing sanitization of data in Pipeline error messages in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows for rendering of attacker controlled HTML tags and CSS styling"
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 4.2,
"baseSeverity": "MEDIUM"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks [joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program"
}
]
}

90
2022/1xxx/CVE-2022-1423.json
View File

@ -4,15 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1423",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=1.0.2, <14.8.6"
},
{
"version_value": ">=14.9.0, <14.9.4"
},
{
"version_value": ">=14.10.0, <14.10.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper access control in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/330047",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/330047",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/1182375",
"url": "https://hackerone.com/reports/1182375",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1423.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1423.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper access control in the CI/CD cache mechanism in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows a malicious actor with Developer privileges to perform cache poisoning leading to arbitrary code execution in protected branches"
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N",
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 7.0,
"baseSeverity": "HIGH"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks [wapiflapi](https://hackerone.com/wapiflapi) for reporting this vulnerability through our HackerOne bug bounty program"
}
]
}

56
2022/30xxx/CVE-2022-30617.json
View File

@ -4,14 +4,64 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-30617",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosure@synopsys.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Strapi",
"product": {
"product_data": [
{
"product_name": "Strapi",
"version": {
"version_data": [
{
"version_value": "< 3.6.9"
},
{
"version_value": "! 4.0.0"
},
{
"version_value": "< 4.0.0-beta.16"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-strapi",
"refsource": "MISC",
"name": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-strapi"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for other admin panel users that have a relationship (e.g., created by, updated by) with content accessible to the authenticated user. For example, a low-privileged \u201cauthor\u201d role account can view these details in the JSON response for an \u201ceditor\u201d or \u201csuper admin\u201d that has updated one of the author\u2019s blog posts. There are also many other scenarios where such details from other users can leak in the JSON response, either through a direct or indirect relationship. Access to this information enables a user to compromise other users\u2019 accounts by successfully invoking the password reset workflow. In a worst-case scenario, a low-privileged user could get access to a \u201csuper admin\u201d account with full control over the Strapi instance, and could read and modify any data as well as block access to both the admin panel and API by revoking privileges for all other users."
}
]
}

53
2022/30xxx/CVE-2022-30618.json
View File

@ -4,14 +4,61 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-30618",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosure@synopsys.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Strapi",
"product": {
"product_data": [
{
"product_name": "Strapi",
"version": {
"version_data": [
{
"version_value": "< 3.6.10"
},
{
"version_value": "< 4.1.10"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-strapi",
"refsource": "MISC",
"name": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-strapi"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for API users if content types accessible to the authenticated user contain relationships to API users (from:users-permissions). There are many scenarios in which such details from API users can leak in the JSON response within the admin panel, either through a direct or indirect relationship. Access to this information enables a user to compromise these users\u2019 accounts if the password reset API endpoints have been enabled. In a worst-case scenario, a low-privileged user could get access to a high-privileged API account, and could read and modify any data as well as block access to both the admin panel and API by revoking privileges for all other users."
}
]
}