From da30f9c70ff965cf30c19947e535dd2cee11503b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 28 Jun 2022 22:00:46 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/19xxx/CVE-2020-19896.json | 56 ++++++++++++++++++++++--- 2020/19xxx/CVE-2020-19897.json | 56 ++++++++++++++++++++++--- 2021/41xxx/CVE-2021-41559.json | 66 ++++++++++++++++++++++++++--- 2022/24xxx/CVE-2022-24444.json | 76 +++++++++++++++++++++++++++++++--- 2022/25xxx/CVE-2022-25238.json | 71 ++++++++++++++++++++++++++++--- 2022/29xxx/CVE-2022-29858.json | 71 ++++++++++++++++++++++++++++--- 2022/2xxx/CVE-2022-2247.json | 18 ++++++++ 2022/2xxx/CVE-2022-2248.json | 18 ++++++++ 2022/31xxx/CVE-2022-31884.json | 66 ++++++++++++++++++++++++++--- 2022/31xxx/CVE-2022-31887.json | 66 ++++++++++++++++++++++++++--- 10 files changed, 516 insertions(+), 48 deletions(-) create mode 100644 2022/2xxx/CVE-2022-2247.json create mode 100644 2022/2xxx/CVE-2022-2248.json diff --git a/2020/19xxx/CVE-2020-19896.json b/2020/19xxx/CVE-2020-19896.json index 94978f2605b..1cdf5d80bc0 100644 --- a/2020/19xxx/CVE-2020-19896.json +++ b/2020/19xxx/CVE-2020-19896.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-19896", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-19896", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code via post-edit.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/bg5sbk/MiniCMS/issues/36", + "refsource": "MISC", + "name": "https://github.com/bg5sbk/MiniCMS/issues/36" } ] } diff --git a/2020/19xxx/CVE-2020-19897.json b/2020/19xxx/CVE-2020-19897.json index 4e60f59f0cc..00445d24af3 100644 --- a/2020/19xxx/CVE-2020-19897.json +++ b/2020/19xxx/CVE-2020-19897.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-19897", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-19897", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/wuzhicms/wuzhicms/issues/183", + "refsource": "MISC", + "name": "https://github.com/wuzhicms/wuzhicms/issues/183" } ] } diff --git a/2021/41xxx/CVE-2021-41559.json b/2021/41xxx/CVE-2021-41559.json index ae9ee9804e2..9e592416248 100644 --- a/2021/41xxx/CVE-2021-41559.json +++ b/2021/41xxx/CVE-2021-41559.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-41559", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-41559", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.silverstripe.org/download/security-releases/", + "refsource": "MISC", + "name": "https://www.silverstripe.org/download/security-releases/" + }, + { + "url": "https://github.com/silverstripe/silverstripe-framework/releases", + "refsource": "MISC", + "name": "https://github.com/silverstripe/silverstripe-framework/releases" + }, + { + "refsource": "MISC", + "name": "https://www.silverstripe.org/download/security-releases/cve-2021-41559", + "url": "https://www.silverstripe.org/download/security-releases/cve-2021-41559" } ] } diff --git a/2022/24xxx/CVE-2022-24444.json b/2022/24xxx/CVE-2022-24444.json index bb32e0271f2..91a683b541f 100644 --- a/2022/24xxx/CVE-2022-24444.json +++ b/2022/24xxx/CVE-2022-24444.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-24444", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-24444", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Silverstripe silverstripe/framework through 4.10 allows Session Fixation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.silverstripe.org/download/security-releases/", + "refsource": "MISC", + "name": "https://www.silverstripe.org/download/security-releases/" + }, + { + "url": "https://www.silverstripe.org/blog/tag/release", + "refsource": "MISC", + "name": "https://www.silverstripe.org/blog/tag/release" + }, + { + "url": "https://forum.silverstripe.org/c/releases", + "refsource": "MISC", + "name": "https://forum.silverstripe.org/c/releases" + }, + { + "url": "https://docs.silverstripe.org/en/4/changelogs/4.10.1/", + "refsource": "MISC", + "name": "https://docs.silverstripe.org/en/4/changelogs/4.10.1/" + }, + { + "refsource": "MISC", + "name": "https://www.silverstripe.org/download/security-releases/cve-2022-24444", + "url": "https://www.silverstripe.org/download/security-releases/cve-2022-24444" } ] } diff --git a/2022/25xxx/CVE-2022-25238.json b/2022/25xxx/CVE-2022-25238.json index 4b5d772dbc0..85c6dd0816d 100644 --- a/2022/25xxx/CVE-2022-25238.json +++ b/2022/25xxx/CVE-2022-25238.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-25238", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-25238", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not installed on the sanitise_server_side contig is not set to true in project code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.silverstripe.org/download/security-releases/", + "refsource": "MISC", + "name": "https://www.silverstripe.org/download/security-releases/" + }, + { + "url": "https://www.silverstripe.org/blog/tag/release", + "refsource": "MISC", + "name": "https://www.silverstripe.org/blog/tag/release" + }, + { + "url": "https://forum.silverstripe.org/c/releases", + "refsource": "MISC", + "name": "https://forum.silverstripe.org/c/releases" + }, + { + "url": "https://docs.silverstripe.org/en/4/changelogs/4.10.1/", + "refsource": "MISC", + "name": "https://docs.silverstripe.org/en/4/changelogs/4.10.1/" } ] } diff --git a/2022/29xxx/CVE-2022-29858.json b/2022/29xxx/CVE-2022-29858.json index 44b4592679e..aaeec01ca8e 100644 --- a/2022/29xxx/CVE-2022-29858.json +++ b/2022/29xxx/CVE-2022-29858.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-29858", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-29858", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Silverstripe silverstripe/assets through 1.10 allows XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.silverstripe.org/download/security-releases/", + "refsource": "MISC", + "name": "https://www.silverstripe.org/download/security-releases/" + }, + { + "url": "https://www.silverstripe.org/blog/tag/release", + "refsource": "MISC", + "name": "https://www.silverstripe.org/blog/tag/release" + }, + { + "url": "https://forum.silverstripe.org/c/releases", + "refsource": "MISC", + "name": "https://forum.silverstripe.org/c/releases" + }, + { + "refsource": "MISC", + "name": "https://www.silverstripe.org/download/security-releases/cve-2022-29858", + "url": "https://www.silverstripe.org/download/security-releases/cve-2022-29858" } ] } diff --git a/2022/2xxx/CVE-2022-2247.json b/2022/2xxx/CVE-2022-2247.json new file mode 100644 index 00000000000..182dbb71dd5 --- /dev/null +++ b/2022/2xxx/CVE-2022-2247.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2247", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2248.json b/2022/2xxx/CVE-2022-2248.json new file mode 100644 index 00000000000..6d8b302567e --- /dev/null +++ b/2022/2xxx/CVE-2022-2248.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2248", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/31xxx/CVE-2022-31884.json b/2022/31xxx/CVE-2022-31884.json index 42a90b84110..3f3b175fda0 100644 --- a/2022/31xxx/CVE-2022-31884.json +++ b/2022/31xxx/CVE-2022-31884.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-31884", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-31884", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other users API Keys including high privilege and the Administrator users API Keys." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://marvalglobal.com/", + "refsource": "MISC", + "name": "https://marvalglobal.com/" + }, + { + "url": "https://drive.google.com/drive/folders/1lFM9cVUqTlKyDI2azmI1rIF4HoZBt_4i?usp=sharing", + "refsource": "MISC", + "name": "https://drive.google.com/drive/folders/1lFM9cVUqTlKyDI2azmI1rIF4HoZBt_4i?usp=sharing" + }, + { + "refsource": "MISC", + "name": "https://cyber-guy.gitbook.io/cyber-guy/pocs/marval-msm/unauthorized-delete-add-api-users-api-keys", + "url": "https://cyber-guy.gitbook.io/cyber-guy/pocs/marval-msm/unauthorized-delete-add-api-users-api-keys" } ] } diff --git a/2022/31xxx/CVE-2022-31887.json b/2022/31xxx/CVE-2022-31887.json index b18d7cce04d..c8d43ba688a 100644 --- a/2022/31xxx/CVE-2022-31887.json +++ b/2022/31xxx/CVE-2022-31887.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-31887", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-31887", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user's password in the organization, this means that the user can also escalate achieve Privilege Escalation by changing the administrator password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://marvalglobal.com/", + "refsource": "MISC", + "name": "https://marvalglobal.com/" + }, + { + "url": "https://drive.google.com/drive/folders/12nb9KvckzhUNv4RtjlaeZi8QeFqwvkMX?usp=sharing", + "refsource": "MISC", + "name": "https://drive.google.com/drive/folders/12nb9KvckzhUNv4RtjlaeZi8QeFqwvkMX?usp=sharing" + }, + { + "refsource": "MISC", + "name": "https://cyber-guy.gitbook.io/cyber-guy/pocs/marval-msm/0-click-account-takeover", + "url": "https://cyber-guy.gitbook.io/cyber-guy/pocs/marval-msm/0-click-account-takeover" } ] }