From da33adbdb3f48a17dbdff38873b96fd70948a7f2 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 20 Jan 2023 17:00:40 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/26xxx/CVE-2021-26642.json | 82 +++++++++++++++++++++++++++++++--- 2021/26xxx/CVE-2021-26644.json | 81 ++++++++++++++++++++++++++++++--- 2022/25xxx/CVE-2022-25631.json | 50 +++++++++++++++++++-- 2022/27xxx/CVE-2022-27915.json | 4 +- 2022/27xxx/CVE-2022-27916.json | 4 +- 2022/27xxx/CVE-2022-27917.json | 4 +- 2022/27xxx/CVE-2022-27918.json | 4 +- 2022/43xxx/CVE-2022-43704.json | 56 ++++++++++++++++++++--- 2022/47xxx/CVE-2022-47732.json | 61 ++++++++++++++++++++++--- 2022/47xxx/CVE-2022-47747.json | 56 ++++++++++++++++++++--- 2022/4xxx/CVE-2022-4894.json | 18 ++++++++ 2023/22xxx/CVE-2023-22306.json | 18 ++++++++ 2023/22xxx/CVE-2023-22659.json | 18 ++++++++ 2023/22xxx/CVE-2023-22964.json | 61 ++++++++++++++++++++++--- 14 files changed, 470 insertions(+), 47 deletions(-) create mode 100644 2022/4xxx/CVE-2022-4894.json create mode 100644 2023/22xxx/CVE-2023-22306.json create mode 100644 2023/22xxx/CVE-2023-22659.json diff --git a/2021/26xxx/CVE-2021-26642.json b/2021/26xxx/CVE-2021-26642.json index 7585db72763..afdba910e66 100644 --- a/2021/26xxx/CVE-2021-26642.json +++ b/2021/26xxx/CVE-2021-26642.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "vuln@krcert.or.kr", "ID": "CVE-2021-26642", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "XpressEngine file upload vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "XE3 XpresesEngine", + "version": { + "version_data": [ + { + "platform": "Windows", + "version_affected": "<=", + "version_name": "3.0.14", + "version_value": "3.0.14" + } + ] + } + } + ] + }, + "vendor_name": "XEHub" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When uploading an image file to a bulletin board developed with XpressEngine, a vulnerability in which an arbitrary file can be uploaded due to insufficient verification of the file. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is running." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=67125", + "name": "https://boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=67125" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26644.json b/2021/26xxx/CVE-2021-26644.json index fc3c9788687..cb742b34bcc 100644 --- a/2021/26xxx/CVE-2021-26644.json +++ b/2021/26xxx/CVE-2021-26644.json @@ -1,18 +1,87 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "vuln@krcert.or.kr", "ID": "CVE-2021-26644", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Mangboard WP BASIC", + "version": { + "version_data": [ + { + "platform": "Windows", + "version_affected": "<=", + "version_name": "2.0.3", + "version_value": "2.0.3" + } + ] + } + } + ] + }, + "vendor_name": "Hometory" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL-Injection vulnerability caused by the lack of verification of input values for the table name of DB used by the Mangboard bulletin board. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is running." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=67127", + "name": "https://boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=67127" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/25xxx/CVE-2022-25631.json b/2022/25xxx/CVE-2022-25631.json index ecc411ba78b..c81091c4402 100644 --- a/2022/25xxx/CVE-2022-25631.json +++ b/2022/25xxx/CVE-2022-25631.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-25631", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@symantec.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Symantec Endpoint Protection", + "version": { + "version_data": [ + { + "version_value": "14.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.broadcom.com/external/content/SecurityAdvisories/0/21165", + "url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/21165" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Symantec Endpoint Protection, prior to 14.3 RU6 (14.3.9210.6000), may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated" } ] } diff --git a/2022/27xxx/CVE-2022-27915.json b/2022/27xxx/CVE-2022-27915.json index 1b34cfde895..8cdb59d0b86 100644 --- a/2022/27xxx/CVE-2022-27915.json +++ b/2022/27xxx/CVE-2022-27915.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-27915", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none." } ] } diff --git a/2022/27xxx/CVE-2022-27916.json b/2022/27xxx/CVE-2022-27916.json index 03c3449c1bf..1576b247af3 100644 --- a/2022/27xxx/CVE-2022-27916.json +++ b/2022/27xxx/CVE-2022-27916.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-27916", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none." } ] } diff --git a/2022/27xxx/CVE-2022-27917.json b/2022/27xxx/CVE-2022-27917.json index 2910b98b51d..0138d206980 100644 --- a/2022/27xxx/CVE-2022-27917.json +++ b/2022/27xxx/CVE-2022-27917.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-27917", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none." } ] } diff --git a/2022/27xxx/CVE-2022-27918.json b/2022/27xxx/CVE-2022-27918.json index cfd999ab465..9bc857d236d 100644 --- a/2022/27xxx/CVE-2022-27918.json +++ b/2022/27xxx/CVE-2022-27918.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-27918", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none." } ] } diff --git a/2022/43xxx/CVE-2022-43704.json b/2022/43xxx/CVE-2022-43704.json index 9ee86edcd42..552d4a78667 100644 --- a/2022/43xxx/CVE-2022-43704.json +++ b/2022/43xxx/CVE-2022-43704.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-43704", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-43704", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Sinilink XY-WFT1 WiFi Remote Thermostat, running firmware 1.3.6, allows an attacker to bypass the intended requirement to communicate using MQTT. It is possible to replay Sinilink aka SINILINK521 protocol (udp/1024) commands interfacing directly with the target device. This, in turn, allows for an attack to control the onboard relay without requiring authentication via the mobile application. This might result in an unacceptable temperature within the target device's physical environment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2022-43704-capture-replay-vulnerability-in-sinilink-xy-wft1-thermostat/", + "url": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2022-43704-capture-replay-vulnerability-in-sinilink-xy-wft1-thermostat/" } ] } diff --git a/2022/47xxx/CVE-2022-47732.json b/2022/47xxx/CVE-2022-47732.json index 17972714838..c84b9e5250f 100644 --- a/2022/47xxx/CVE-2022-47732.json +++ b/2022/47xxx/CVE-2022-47732.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-47732", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-47732", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can create backup file and download it, revealing admin hash, allowing, once cracked, to login inside the Configuration Panel, otherwise, replacing the hash in the archive and restoring it on the device which will change admin password granting access to the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.yeastar.com/n-series-analog-phone-system/", + "refsource": "MISC", + "name": "https://www.yeastar.com/n-series-analog-phone-system/" + }, + { + "refsource": "MISC", + "name": "https://www.swascan.com/security-advisory-yeastar-n412-and-n824-configuration-panel/", + "url": "https://www.swascan.com/security-advisory-yeastar-n412-and-n824-configuration-panel/" } ] } diff --git a/2022/47xxx/CVE-2022-47747.json b/2022/47xxx/CVE-2022-47747.json index f7c215db5de..2e06bc6c37d 100644 --- a/2022/47xxx/CVE-2022-47747.json +++ b/2022/47xxx/CVE-2022-47747.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-47747", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-47747", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "kraken <= 0.1.4 has an arbitrary file read vulnerability via the component testfs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/uber/kraken/issues/333", + "refsource": "MISC", + "name": "https://github.com/uber/kraken/issues/333" } ] } diff --git a/2022/4xxx/CVE-2022-4894.json b/2022/4xxx/CVE-2022-4894.json new file mode 100644 index 00000000000..8e312f0b296 --- /dev/null +++ b/2022/4xxx/CVE-2022-4894.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4894", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22306.json b/2023/22xxx/CVE-2023-22306.json new file mode 100644 index 00000000000..4b6c90ab976 --- /dev/null +++ b/2023/22xxx/CVE-2023-22306.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22306", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22659.json b/2023/22xxx/CVE-2023-22659.json new file mode 100644 index 00000000000..c223611983d --- /dev/null +++ b/2023/22xxx/CVE-2023-22659.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22659", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22964.json b/2023/22xxx/CVE-2023-22964.json index 56ca1536208..d9d72a113b1 100644 --- a/2023/22xxx/CVE-2023-22964.json +++ b/2023/22xxx/CVE-2023-22964.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-22964", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-22964", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zoho ManageEngine ServiceDesk Plus MSP through 13003 is vulnerable to authentication bypass due to the unsafe LDAP configuration (issue 1 of 2)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://manageengine.com", + "refsource": "MISC", + "name": "https://manageengine.com" + }, + { + "refsource": "MISC", + "name": "https://www.manageengine.com/products/service-desk-msp/cve-2023-22964.html", + "url": "https://www.manageengine.com/products/service-desk-msp/cve-2023-22964.html" } ] }