From d54a1f5bed8c66a62fa57cf6810234f9be024b93 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 25 Aug 2022 19:00:38 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/20xxx/CVE-2022-20823.json | 4 +-- 2022/20xxx/CVE-2022-20824.json | 4 +-- 2022/20xxx/CVE-2022-20865.json | 4 +-- 2022/20xxx/CVE-2022-20921.json | 4 +-- 2022/2xxx/CVE-2022-2994.json | 18 +++++++++++ 2022/2xxx/CVE-2022-2995.json | 18 +++++++++++ 2022/34xxx/CVE-2022-34007.json | 5 +++ 2022/36xxx/CVE-2022-36527.json | 56 ++++++++++++++++++++++++++++++---- 2022/38xxx/CVE-2022-38753.json | 18 +++++++++++ 2022/38xxx/CVE-2022-38754.json | 18 +++++++++++ 2022/38xxx/CVE-2022-38755.json | 18 +++++++++++ 2022/38xxx/CVE-2022-38756.json | 18 +++++++++++ 2022/38xxx/CVE-2022-38757.json | 18 +++++++++++ 2022/38xxx/CVE-2022-38758.json | 18 +++++++++++ 2022/38xxx/CVE-2022-38759.json | 18 +++++++++++ 2022/38xxx/CVE-2022-38760.json | 18 +++++++++++ 2022/38xxx/CVE-2022-38761.json | 18 +++++++++++ 2022/38xxx/CVE-2022-38762.json | 18 +++++++++++ 18 files changed, 279 insertions(+), 14 deletions(-) create mode 100644 2022/2xxx/CVE-2022-2994.json create mode 100644 2022/2xxx/CVE-2022-2995.json create mode 100644 2022/38xxx/CVE-2022-38753.json create mode 100644 2022/38xxx/CVE-2022-38754.json create mode 100644 2022/38xxx/CVE-2022-38755.json create mode 100644 2022/38xxx/CVE-2022-38756.json create mode 100644 2022/38xxx/CVE-2022-38757.json create mode 100644 2022/38xxx/CVE-2022-38758.json create mode 100644 2022/38xxx/CVE-2022-38759.json create mode 100644 2022/38xxx/CVE-2022-38760.json create mode 100644 2022/38xxx/CVE-2022-38761.json create mode 100644 2022/38xxx/CVE-2022-38762.json diff --git a/2022/20xxx/CVE-2022-20823.json b/2022/20xxx/CVE-2022-20823.json index 87a4d4c0b2f..5eefd77d78a 100644 --- a/2022/20xxx/CVE-2022-20823.json +++ b/2022/20xxx/CVE-2022-20823.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "\r A vulnerability in the OSPF version 3 (OSPFv3) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r This vulnerability is due to incomplete input validation of specific OSPFv3 packets. An attacker could exploit this vulnerability by sending a malicious OSPFv3 link-state advertisement (LSA) to an affected device. A successful exploit could allow the attacker to cause the OSPFv3 process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition.\r Note: The OSPFv3 feature is disabled by default. To exploit this vulnerability, an attacker must be able to establish a full OSPFv3 neighbor state with an affected device. For more information about exploitation conditions, see the Details section of this advisory.\r " + "value": "A vulnerability in the OSPF version 3 (OSPFv3) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incomplete input validation of specific OSPFv3 packets. An attacker could exploit this vulnerability by sending a malicious OSPFv3 link-state advertisement (LSA) to an affected device. A successful exploit could allow the attacker to cause the OSPFv3 process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition. Note: The OSPFv3 feature is disabled by default. To exploit this vulnerability, an attacker must be able to establish a full OSPFv3 neighbor state with an affected device. For more information about exploitation conditions, see the Details section of this advisory." } ] }, @@ -86,4 +86,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20824.json b/2022/20xxx/CVE-2022-20824.json index 3f8a9cf4dbf..4fe0d096975 100644 --- a/2022/20xxx/CVE-2022-20824.json +++ b/2022/20xxx/CVE-2022-20824.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "\r A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device.\r This vulnerability is due to improper input validation of specific values that are within a Cisco Discovery Protocol message. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to execute arbitrary code with root privileges or cause the Cisco Discovery Protocol process to crash and restart multiple times, which would cause the affected device to reload, resulting in a DoS condition.\r Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).\r " + "value": "A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation of specific values that are within a Cisco Discovery Protocol message. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to execute arbitrary code with root privileges or cause the Cisco Discovery Protocol process to crash and restart multiple times, which would cause the affected device to reload, resulting in a DoS condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)." } ] }, @@ -90,4 +90,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20865.json b/2022/20xxx/CVE-2022-20865.json index 0d9eb142b87..aac7c1949ba 100644 --- a/2022/20xxx/CVE-2022-20865.json +++ b/2022/20xxx/CVE-2022-20865.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "\r A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The attacker would need to have Administrator privileges on the device.\r This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.\r " + "value": "A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The attacker would need to have Administrator privileges on the device. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges." } ] }, @@ -83,4 +83,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20921.json b/2022/20xxx/CVE-2022-20921.json index 3eacf2136aa..1d38cccf954 100644 --- a/2022/20xxx/CVE-2022-20921.json +++ b/2022/20xxx/CVE-2022-20921.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "\r A vulnerability in the API implementation of Cisco ACI Multi-Site Orchestrator (MSO) could allow an authenticated, remote attacker to elevate privileges on an affected device.\r This vulnerability is due to improper authorization on specific APIs. An attacker could exploit this vulnerability by sending crafted HTTP requests. A successful exploit could allow an attacker who is authenticated with non-Administrator privileges to elevate to Administrator privileges on an affected device.\r " + "value": "A vulnerability in the API implementation of Cisco ACI Multi-Site Orchestrator (MSO) could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is due to improper authorization on specific APIs. An attacker could exploit this vulnerability by sending crafted HTTP requests. A successful exploit could allow an attacker who is authenticated with non-Administrator privileges to elevate to Administrator privileges on an affected device." } ] }, @@ -83,4 +83,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2994.json b/2022/2xxx/CVE-2022-2994.json new file mode 100644 index 00000000000..055c0b57d92 --- /dev/null +++ b/2022/2xxx/CVE-2022-2994.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2994", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2995.json b/2022/2xxx/CVE-2022-2995.json new file mode 100644 index 00000000000..e9e3c497200 --- /dev/null +++ b/2022/2xxx/CVE-2022-2995.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2995", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/34xxx/CVE-2022-34007.json b/2022/34xxx/CVE-2022-34007.json index eac5ae14dfa..29073d8870b 100644 --- a/2022/34xxx/CVE-2022-34007.json +++ b/2022/34xxx/CVE-2022-34007.json @@ -76,6 +76,11 @@ "refsource": "MISC", "name": "https://packetstormsecurity.com/files/167706/EQS-Integrity-Line-Cross-Site-Scripting-Information-Disclosure.html", "url": "https://packetstormsecurity.com/files/167706/EQS-Integrity-Line-Cross-Site-Scripting-Information-Disclosure.html" + }, + { + "refsource": "MISC", + "name": "https://whistleblowingnetwork.org/Our-Work/Spotlight/Stories/The-Pitfalls-of-Closed-Source-Whistleblowing-Softw", + "url": "https://whistleblowingnetwork.org/Our-Work/Spotlight/Stories/The-Pitfalls-of-Closed-Source-Whistleblowing-Softw" } ] } diff --git a/2022/36xxx/CVE-2022-36527.json b/2022/36xxx/CVE-2022-36527.json index 8d5b7978ede..a3362f5ee18 100644 --- a/2022/36xxx/CVE-2022-36527.json +++ b/2022/36xxx/CVE-2022-36527.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-36527", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-36527", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/jflyfox/jfinal_cms/issues/45", + "refsource": "MISC", + "name": "https://github.com/jflyfox/jfinal_cms/issues/45" } ] } diff --git a/2022/38xxx/CVE-2022-38753.json b/2022/38xxx/CVE-2022-38753.json new file mode 100644 index 00000000000..2e200857931 --- /dev/null +++ b/2022/38xxx/CVE-2022-38753.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-38753", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38754.json b/2022/38xxx/CVE-2022-38754.json new file mode 100644 index 00000000000..7b38fa3248d --- /dev/null +++ b/2022/38xxx/CVE-2022-38754.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-38754", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38755.json b/2022/38xxx/CVE-2022-38755.json new file mode 100644 index 00000000000..1191882a23b --- /dev/null +++ b/2022/38xxx/CVE-2022-38755.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-38755", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38756.json b/2022/38xxx/CVE-2022-38756.json new file mode 100644 index 00000000000..2bcaa3ecae2 --- /dev/null +++ b/2022/38xxx/CVE-2022-38756.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-38756", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38757.json b/2022/38xxx/CVE-2022-38757.json new file mode 100644 index 00000000000..feca1b0b006 --- /dev/null +++ b/2022/38xxx/CVE-2022-38757.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-38757", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38758.json b/2022/38xxx/CVE-2022-38758.json new file mode 100644 index 00000000000..01be82c9dca --- /dev/null +++ b/2022/38xxx/CVE-2022-38758.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-38758", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38759.json b/2022/38xxx/CVE-2022-38759.json new file mode 100644 index 00000000000..65dc4cdc2eb --- /dev/null +++ b/2022/38xxx/CVE-2022-38759.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-38759", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38760.json b/2022/38xxx/CVE-2022-38760.json new file mode 100644 index 00000000000..ee5581018ce --- /dev/null +++ b/2022/38xxx/CVE-2022-38760.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-38760", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38761.json b/2022/38xxx/CVE-2022-38761.json new file mode 100644 index 00000000000..188716362c7 --- /dev/null +++ b/2022/38xxx/CVE-2022-38761.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-38761", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38762.json b/2022/38xxx/CVE-2022-38762.json new file mode 100644 index 00000000000..2b925946d17 --- /dev/null +++ b/2022/38xxx/CVE-2022-38762.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-38762", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file