diff --git a/2020/5xxx/CVE-2020-5953.json b/2020/5xxx/CVE-2020-5953.json index 0297211ee45..93896161f86 100644 --- a/2020/5xxx/CVE-2020-5953.json +++ b/2020/5xxx/CVE-2020-5953.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20220222-0005/", + "url": "https://security.netapp.com/advisory/ntap-20220222-0005/" } ] } diff --git a/2021/33xxx/CVE-2021-33625.json b/2021/33xxx/CVE-2021-33625.json index 1f29a0c7158..c03c9309e5b 100644 --- a/2021/33xxx/CVE-2021-33625.json +++ b/2021/33xxx/CVE-2021-33625.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20220222-0004/", + "url": "https://security.netapp.com/advisory/ntap-20220222-0004/" } ] } diff --git a/2021/33xxx/CVE-2021-33627.json b/2021/33xxx/CVE-2021-33627.json index b770e786dbc..83127f8681c 100644 --- a/2021/33xxx/CVE-2021-33627.json +++ b/2021/33xxx/CVE-2021-33627.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20220222-0002/", + "url": "https://security.netapp.com/advisory/ntap-20220222-0002/" } ] } diff --git a/2021/39xxx/CVE-2021-39116.json b/2021/39xxx/CVE-2021-39116.json index 368c3884aeb..2c2134581ea 100644 --- a/2021/39xxx/CVE-2021-39116.json +++ b/2021/39xxx/CVE-2021-39116.json @@ -1,88 +1,91 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2021-08-30T00:00:00", - "ID": "CVE-2021-39116", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Jira Server", - "version": { - "version_data": [ - { - "version_value": "8.13.14", - "version_affected": "<" - }, - { - "version_value": "8.14.0", - "version_affected": ">=" - }, - { - "version_value": "8.19.0", - "version_affected": "<" - } - ] - } - },{ - "product_name": "Jira Data Center", - "version": { - "version_data": [ - { - "version_value": "8.13.14", - "version_affected": "<" - }, - { - "version_value": "8.14.0", - "version_affected": ">=" - }, - { - "version_value": "8.19.0", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the GIF Image Reader component. The affected versions are before version 8.13.14, and from version 8.14.0 before 8.19.0." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2021-08-30T00:00:00", + "ID": "CVE-2021-39116", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira Server", + "version": { + "version_data": [ + { + "version_value": "8.13.14", + "version_affected": "<" + }, + { + "version_value": "8.14.0", + "version_affected": ">=" + }, + { + "version_value": "8.19.0", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Jira Data Center", + "version": { + "version_data": [ + { + "version_value": "8.13.14", + "version_affected": "<" + }, + { + "version_value": "8.14.0", + "version_affected": ">=" + }, + { + "version_value": "8.19.0", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/JRASERVER-72738" - } - ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the GIF Image Reader component. The affected versions are before version 8.13.14, and from version 8.14.0 before 8.19.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JRASERVER-72738", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JRASERVER-72738" + } + ] + } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41307.json b/2021/41xxx/CVE-2021-41307.json index 7e0dff8d67d..7c477c0024c 100644 --- a/2021/41xxx/CVE-2021-41307.json +++ b/2021/41xxx/CVE-2021-41307.json @@ -1,88 +1,91 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2021-10-25T00:00:00", - "ID": "CVE-2021-41307", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Jira Server", - "version": { - "version_data": [ - { - "version_value": "8.13.12", - "version_affected": "<" - }, - { - "version_value": "8.14.0", - "version_affected": ">=" - }, - { - "version_value": "8.20.0", - "version_affected": "<" - } - ] - } - },{ - "product_name": "Jira Data Center", - "version": { - "version_data": [ - { - "version_value": "8.13.12", - "version_affected": "<" - }, - { - "version_value": "8.14.0", - "version_affected": ">=" - }, - { - "version_value": "8.20.0", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of private projects and private filters via an Insecure Direct Object References (IDOR) vulnerability in the Workload Pie Chart Gadget. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.0." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Insecure Direct Object References (IDOR)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2021-10-25T00:00:00", + "ID": "CVE-2021-41307", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira Server", + "version": { + "version_data": [ + { + "version_value": "8.13.12", + "version_affected": "<" + }, + { + "version_value": "8.14.0", + "version_affected": ">=" + }, + { + "version_value": "8.20.0", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Jira Data Center", + "version": { + "version_data": [ + { + "version_value": "8.13.12", + "version_affected": "<" + }, + { + "version_value": "8.14.0", + "version_affected": ">=" + }, + { + "version_value": "8.20.0", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/JRASERVER-72916" - } - ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of private projects and private filters via an Insecure Direct Object References (IDOR) vulnerability in the Workload Pie Chart Gadget. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure Direct Object References (IDOR)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JRASERVER-72916", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JRASERVER-72916" + } + ] + } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41837.json b/2021/41xxx/CVE-2021-41837.json index 003daf4e8bc..6e95eb0bd82 100644 --- a/2021/41xxx/CVE-2021-41837.json +++ b/2021/41xxx/CVE-2021-41837.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20220222-0003/", + "url": "https://security.netapp.com/advisory/ntap-20220222-0003/" } ] } diff --git a/2021/41xxx/CVE-2021-41838.json b/2021/41xxx/CVE-2021-41838.json index 78a31290ce1..8b07d204fa0 100644 --- a/2021/41xxx/CVE-2021-41838.json +++ b/2021/41xxx/CVE-2021-41838.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20220222-0001/", + "url": "https://security.netapp.com/advisory/ntap-20220222-0001/" } ] } diff --git a/2021/44xxx/CVE-2021-44730.json b/2021/44xxx/CVE-2021-44730.json index 7fdae6ede54..e0ad2a6a0d8 100644 --- a/2021/44xxx/CVE-2021-44730.json +++ b/2021/44xxx/CVE-2021-44730.json @@ -103,6 +103,11 @@ "refsource": "DEBIAN", "name": "DSA-5080", "url": "https://www.debian.org/security/2022/dsa-5080" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20220223 Re: CVE-2021-44731: Race condition in snap-confine's setup_private_mount()", + "url": "http://www.openwall.com/lists/oss-security/2022/02/23/1" } ] }, diff --git a/2021/44xxx/CVE-2021-44731.json b/2021/44xxx/CVE-2021-44731.json index 9b21595dac4..7f0a1d68072 100644 --- a/2021/44xxx/CVE-2021-44731.json +++ b/2021/44xxx/CVE-2021-44731.json @@ -103,6 +103,16 @@ "refsource": "DEBIAN", "name": "DSA-5080", "url": "https://www.debian.org/security/2022/dsa-5080" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20220223 Re: CVE-2021-44731: Race condition in snap-confine's setup_private_mount()", + "url": "http://www.openwall.com/lists/oss-security/2022/02/23/1" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20220223 Re: CVE-2021-44731: Race condition in snap-confine's setup_private_mount()", + "url": "http://www.openwall.com/lists/oss-security/2022/02/23/2" } ] }, diff --git a/2021/4xxx/CVE-2021-4223.json b/2021/4xxx/CVE-2021-4223.json new file mode 100644 index 00000000000..c2f898477b7 --- /dev/null +++ b/2021/4xxx/CVE-2021-4223.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4223", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0717.json b/2022/0xxx/CVE-2022-0717.json index de5bf515ec6..da3844ada71 100644 --- a/2022/0xxx/CVE-2022-0717.json +++ b/2022/0xxx/CVE-2022-0717.json @@ -1,18 +1,89 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-0717", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Out-of-bounds Read in mruby/mruby" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "mruby/mruby", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "3.2" + } + ] + } + } + ] + }, + "vendor_name": "mruby" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Out-of-bounds Read in GitHub repository mruby/mruby prior to 3.2." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125 Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/27a851a5-7ebf-409b-854f-b2614771e8f9", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/27a851a5-7ebf-409b-854f-b2614771e8f9" + }, + { + "name": "https://github.com/mruby/mruby/commit/f72315575f78a9a773adbce0ee7d3ec33434cb76", + "refsource": "MISC", + "url": "https://github.com/mruby/mruby/commit/f72315575f78a9a773adbce0ee7d3ec33434cb76" + } + ] + }, + "source": { + "advisory": "27a851a5-7ebf-409b-854f-b2614771e8f9", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0719.json b/2022/0xxx/CVE-2022-0719.json index 81194e0c13f..014c8ec1167 100644 --- a/2022/0xxx/CVE-2022-0719.json +++ b/2022/0xxx/CVE-2022-0719.json @@ -1,18 +1,89 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-0719", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cross-site Scripting (XSS) - Reflected in microweber/microweber" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "microweber/microweber", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "1.3" + } + ] + } + } + ] + }, + "vendor_name": "microweber" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/bcdce15b-7f40-4971-a061-c25c6053c312", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/bcdce15b-7f40-4971-a061-c25c6053c312" + }, + { + "name": "https://github.com/microweber/microweber/commit/a5925f74d39775771d4c37c8d4c1acbb762fda0a", + "refsource": "MISC", + "url": "https://github.com/microweber/microweber/commit/a5925f74d39775771d4c37c8d4c1acbb762fda0a" + } + ] + }, + "source": { + "advisory": "bcdce15b-7f40-4971-a061-c25c6053c312", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0721.json b/2022/0xxx/CVE-2022-0721.json index 13259e4b832..dacbc64d6d3 100644 --- a/2022/0xxx/CVE-2022-0721.json +++ b/2022/0xxx/CVE-2022-0721.json @@ -1,18 +1,89 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-0721", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Insertion of Sensitive Information Into Debugging Code in microweber/microweber" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "microweber/microweber", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "1.3" + } + ] + } + } + ] + }, + "vendor_name": "microweber" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insertion of Sensitive Information Into Debugging Code in GitHub repository microweber/microweber prior to 1.3." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-215 Insertion of Sensitive Information Into Debugging Code" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/ae267d39-9750-4c69-be8b-4f915da089fb", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/ae267d39-9750-4c69-be8b-4f915da089fb" + }, + { + "name": "https://github.com/microweber/microweber/commit/b12e1a490c79460bff019f34b2e17112249b16ec", + "refsource": "MISC", + "url": "https://github.com/microweber/microweber/commit/b12e1a490c79460bff019f34b2e17112249b16ec" + } + ] + }, + "source": { + "advisory": "ae267d39-9750-4c69-be8b-4f915da089fb", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0724.json b/2022/0xxx/CVE-2022-0724.json index f33d70e5163..ca441dc23a6 100644 --- a/2022/0xxx/CVE-2022-0724.json +++ b/2022/0xxx/CVE-2022-0724.json @@ -1,18 +1,89 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-0724", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Insecure Storage of Sensitive Information in microweber/microweber" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "microweber/microweber", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "1.3" + } + ] + } + } + ] + }, + "vendor_name": "microweber" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-922 Insecure Storage of Sensitive Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/0cdc4a29-dada-4264-b326-8b65b4f11062", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/0cdc4a29-dada-4264-b326-8b65b4f11062" + }, + { + "name": "https://github.com/microweber/microweber/commit/b592c86d2b927c0cae5b73b87fb541f25e777aa3", + "refsource": "MISC", + "url": "https://github.com/microweber/microweber/commit/b592c86d2b927c0cae5b73b87fb541f25e777aa3" + } + ] + }, + "source": { + "advisory": "0cdc4a29-dada-4264-b326-8b65b4f11062", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0726.json b/2022/0xxx/CVE-2022-0726.json index 764b7fdbc6a..d8a02eef3a1 100644 --- a/2022/0xxx/CVE-2022-0726.json +++ b/2022/0xxx/CVE-2022-0726.json @@ -1,18 +1,89 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-0726", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Improper Authorization in chocobozzz/peertube" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "chocobozzz/peertube", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "4.1.0" + } + ] + } + } + ] + }, + "vendor_name": "chocobozzz" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285 Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/chocobozzz/peertube/commit/6ea9295b8f5dd7cc254202a79aad61c666cc4259", + "refsource": "MISC", + "url": "https://github.com/chocobozzz/peertube/commit/6ea9295b8f5dd7cc254202a79aad61c666cc4259" + }, + { + "name": "https://huntr.dev/bounties/8928ab08-7fcb-475e-8da7-18e8412c1ac3", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/8928ab08-7fcb-475e-8da7-18e8412c1ac3" + } + ] + }, + "source": { + "advisory": "8928ab08-7fcb-475e-8da7-18e8412c1ac3", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0727.json b/2022/0xxx/CVE-2022-0727.json index 349dd71a30b..2608deeb937 100644 --- a/2022/0xxx/CVE-2022-0727.json +++ b/2022/0xxx/CVE-2022-0727.json @@ -1,18 +1,89 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-0727", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Improper Access Control in chocobozzz/peertube" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "chocobozzz/peertube", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "4.1.0" + } + ] + } + } + ] + }, + "vendor_name": "chocobozzz" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/d1faa10f-0640-480c-bb52-089adb351e6e", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/d1faa10f-0640-480c-bb52-089adb351e6e" + }, + { + "name": "https://github.com/chocobozzz/peertube/commit/6ea9295b8f5dd7cc254202a79aad61c666cc4259", + "refsource": "MISC", + "url": "https://github.com/chocobozzz/peertube/commit/6ea9295b8f5dd7cc254202a79aad61c666cc4259" + } + ] + }, + "source": { + "advisory": "d1faa10f-0640-480c-bb52-089adb351e6e", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0729.json b/2022/0xxx/CVE-2022-0729.json index 17da1de16a1..466a43564ab 100644 --- a/2022/0xxx/CVE-2022-0729.json +++ b/2022/0xxx/CVE-2022-0729.json @@ -1,18 +1,89 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-0729", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Use of Out-of-range Pointer Offset in vim/vim" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "vim/vim", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.2.4440" + } + ] + } + } + ] + }, + "vendor_name": "vim" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-823 Use of Out-of-range Pointer Offset" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/f3f3d992-7bd6-4ee5-a502-ae0e5f8016ea", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/f3f3d992-7bd6-4ee5-a502-ae0e5f8016ea" + }, + { + "name": "https://github.com/vim/vim/commit/6456fae9ba8e72c74b2c0c499eaf09974604ff30", + "refsource": "MISC", + "url": "https://github.com/vim/vim/commit/6456fae9ba8e72c74b2c0c499eaf09974604ff30" + } + ] + }, + "source": { + "advisory": "f3f3d992-7bd6-4ee5-a502-ae0e5f8016ea", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0734.json b/2022/0xxx/CVE-2022-0734.json new file mode 100644 index 00000000000..198a94627e7 --- /dev/null +++ b/2022/0xxx/CVE-2022-0734.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-0734", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0735.json b/2022/0xxx/CVE-2022-0735.json new file mode 100644 index 00000000000..bb128598929 --- /dev/null +++ b/2022/0xxx/CVE-2022-0735.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-0735", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0736.json b/2022/0xxx/CVE-2022-0736.json index c59b9b1de9c..44040334ce4 100644 --- a/2022/0xxx/CVE-2022-0736.json +++ b/2022/0xxx/CVE-2022-0736.json @@ -1,89 +1,89 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2022-0736", - "STATE": "PUBLIC", - "TITLE": "Insecure Temporary File in mlflow/mlflow" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "mlflow/mlflow", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "1.23.1" - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2022-0736", + "STATE": "PUBLIC", + "TITLE": "Insecure Temporary File in mlflow/mlflow" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "mlflow/mlflow", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "1.23.1" + } + ] + } + } + ] + }, + "vendor_name": "mlflow" } - } ] - }, - "vendor_name": "mlflow" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 8.2, - "baseSeverity": "HIGH", - "confidentialityImpact": "NONE", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-377 Insecure Temporary File" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/e5384764-c583-4dec-a1d8-4697f4e12f75", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/e5384764-c583-4dec-a1d8-4697f4e12f75" - }, - { - "name": "https://github.com/mlflow/mlflow/commit/61984e6843d2e59235d82a580c529920cd8f3711", - "refsource": "MISC", - "url": "https://github.com/mlflow/mlflow/commit/61984e6843d2e59235d82a580c529920cd8f3711" - } - ] - }, - "source": { - "advisory": "e5384764-c583-4dec-a1d8-4697f4e12f75", - "discovery": "EXTERNAL" - } + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-377 Insecure Temporary File" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/e5384764-c583-4dec-a1d8-4697f4e12f75", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/e5384764-c583-4dec-a1d8-4697f4e12f75" + }, + { + "name": "https://github.com/mlflow/mlflow/commit/61984e6843d2e59235d82a580c529920cd8f3711", + "refsource": "MISC", + "url": "https://github.com/mlflow/mlflow/commit/61984e6843d2e59235d82a580c529920cd8f3711" + } + ] + }, + "source": { + "advisory": "e5384764-c583-4dec-a1d8-4697f4e12f75", + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0737.json b/2022/0xxx/CVE-2022-0737.json new file mode 100644 index 00000000000..cbbdfcd36ea --- /dev/null +++ b/2022/0xxx/CVE-2022-0737.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-0737", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0738.json b/2022/0xxx/CVE-2022-0738.json new file mode 100644 index 00000000000..b505c8ce9b4 --- /dev/null +++ b/2022/0xxx/CVE-2022-0738.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-0738", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0739.json b/2022/0xxx/CVE-2022-0739.json new file mode 100644 index 00000000000..bcd2a03ac1b --- /dev/null +++ b/2022/0xxx/CVE-2022-0739.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-0739", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0740.json b/2022/0xxx/CVE-2022-0740.json new file mode 100644 index 00000000000..7f7587658c3 --- /dev/null +++ b/2022/0xxx/CVE-2022-0740.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-0740", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0741.json b/2022/0xxx/CVE-2022-0741.json new file mode 100644 index 00000000000..a15ac000b34 --- /dev/null +++ b/2022/0xxx/CVE-2022-0741.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-0741", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0742.json b/2022/0xxx/CVE-2022-0742.json new file mode 100644 index 00000000000..d8b56e21c3e --- /dev/null +++ b/2022/0xxx/CVE-2022-0742.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-0742", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21654.json b/2022/21xxx/CVE-2022-21654.json index 105caa91ffa..270b5923872 100644 --- a/2022/21xxx/CVE-2022-21654.json +++ b/2022/21xxx/CVE-2022-21654.json @@ -44,7 +44,7 @@ "description_data": [ { "lang": "eng", - "value": "Envoy is an open source edge and service proxy, designed for cloud-native applications. Envoy's tls allows re-use when some cert validation settings have changed from their default configuration. The only workaround for this issue is to ensure that default tls settings are used. Users are advised to upgrade.\n" + "value": "Envoy is an open source edge and service proxy, designed for cloud-native applications. Envoy's tls allows re-use when some cert validation settings have changed from their default configuration. The only workaround for this issue is to ensure that default tls settings are used. Users are advised to upgrade." } ] }, diff --git a/2022/24xxx/CVE-2022-24407.json b/2022/24xxx/CVE-2022-24407.json index 6f030ed52c7..7d46c90dc90 100644 --- a/2022/24xxx/CVE-2022-24407.json +++ b/2022/24xxx/CVE-2022-24407.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-24407", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-24407", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28", + "refsource": "MISC", + "name": "https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst", + "url": "https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst" } ] } diff --git a/2022/24xxx/CVE-2022-24566.json b/2022/24xxx/CVE-2022-24566.json index 46e4ac09660..fc8148f599f 100644 --- a/2022/24xxx/CVE-2022-24566.json +++ b/2022/24xxx/CVE-2022-24566.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-24566", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-24566", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Checkmk <=2.0.0p19 fixed in 2.0.0p20 and Checkmk <=1.6.0p27 fixed in 1.6.0p28, the title of a Predefined condition is not properly escaped when shown as condition, which can result in Cross Site Scripting (XSS)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://checkmk.com/werk/13717", + "refsource": "MISC", + "name": "https://checkmk.com/werk/13717" } ] } diff --git a/2022/24xxx/CVE-2022-24620.json b/2022/24xxx/CVE-2022-24620.json index 6afff02f0d1..8b5801e49e9 100644 --- a/2022/24xxx/CVE-2022-24620.json +++ b/2022/24xxx/CVE-2022-24620.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-24620", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-24620", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Piwigo version 12.2.0 is vulnerable to stored cross-site scripting (XSS), which can lead to privilege escalation. In this way, admin can steal webmaster's cookies to get the webmaster's access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Piwigo/Piwigo/issues/1605", + "refsource": "MISC", + "name": "https://github.com/Piwigo/Piwigo/issues/1605" } ] } diff --git a/2022/25xxx/CVE-2022-25072.json b/2022/25xxx/CVE-2022-25072.json index e8a45c4cbe2..9c9ea165862 100644 --- a/2022/25xxx/CVE-2022-25072.json +++ b/2022/25xxx/CVE-2022-25072.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-25072", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-25072", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TP-Link Archer A54 Archer A54(US)_V1_210111 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/EPhaha/IOT_vuln/tree/main/TP-Link/Archer%20A54", + "refsource": "MISC", + "name": "https://github.com/EPhaha/IOT_vuln/tree/main/TP-Link/Archer%20A54" } ] } diff --git a/2022/25xxx/CVE-2022-25235.json b/2022/25xxx/CVE-2022-25235.json index 3e033530889..35682ab9318 100644 --- a/2022/25xxx/CVE-2022-25235.json +++ b/2022/25xxx/CVE-2022-25235.json @@ -61,6 +61,11 @@ "refsource": "MLIST", "name": "[oss-security] 20220219 Expat 2.4.5 released, includes 5 security fixes", "url": "http://www.openwall.com/lists/oss-security/2022/02/19/1" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5085", + "url": "https://www.debian.org/security/2022/dsa-5085" } ] } diff --git a/2022/25xxx/CVE-2022-25236.json b/2022/25xxx/CVE-2022-25236.json index 92b6b1b0dc1..8b1e81691aa 100644 --- a/2022/25xxx/CVE-2022-25236.json +++ b/2022/25xxx/CVE-2022-25236.json @@ -61,6 +61,11 @@ "refsource": "MLIST", "name": "[oss-security] 20220219 Expat 2.4.5 released, includes 5 security fixes", "url": "http://www.openwall.com/lists/oss-security/2022/02/19/1" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5085", + "url": "https://www.debian.org/security/2022/dsa-5085" } ] } diff --git a/2022/25xxx/CVE-2022-25313.json b/2022/25xxx/CVE-2022-25313.json index 7c28fb21bd6..401a2ad39c3 100644 --- a/2022/25xxx/CVE-2022-25313.json +++ b/2022/25xxx/CVE-2022-25313.json @@ -61,6 +61,11 @@ "refsource": "MLIST", "name": "[oss-security] 20220219 Expat 2.4.5 released, includes 5 security fixes", "url": "http://www.openwall.com/lists/oss-security/2022/02/19/1" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5085", + "url": "https://www.debian.org/security/2022/dsa-5085" } ] } diff --git a/2022/25xxx/CVE-2022-25314.json b/2022/25xxx/CVE-2022-25314.json index 3a25aae7673..41489c37d5f 100644 --- a/2022/25xxx/CVE-2022-25314.json +++ b/2022/25xxx/CVE-2022-25314.json @@ -61,6 +61,11 @@ "refsource": "MLIST", "name": "[oss-security] 20220219 Expat 2.4.5 released, includes 5 security fixes", "url": "http://www.openwall.com/lists/oss-security/2022/02/19/1" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5085", + "url": "https://www.debian.org/security/2022/dsa-5085" } ] } diff --git a/2022/25xxx/CVE-2022-25315.json b/2022/25xxx/CVE-2022-25315.json index acb7a565511..e09e125dada 100644 --- a/2022/25xxx/CVE-2022-25315.json +++ b/2022/25xxx/CVE-2022-25315.json @@ -61,6 +61,11 @@ "refsource": "MLIST", "name": "[oss-security] 20220219 Expat 2.4.5 released, includes 5 security fixes", "url": "http://www.openwall.com/lists/oss-security/2022/02/19/1" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5085", + "url": "https://www.debian.org/security/2022/dsa-5085" } ] } diff --git a/2022/25xxx/CVE-2022-25643.json b/2022/25xxx/CVE-2022-25643.json index 835e8f04b99..5974716181b 100644 --- a/2022/25xxx/CVE-2022-25643.json +++ b/2022/25xxx/CVE-2022-25643.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-25643", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-25643", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket pathname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/kennylevinsen/seatd/tags", + "refsource": "MISC", + "name": "https://github.com/kennylevinsen/seatd/tags" + }, + { + "url": "https://github.com/kennylevinsen/seatd/compare/0.6.3...0.6.4", + "refsource": "MISC", + "name": "https://github.com/kennylevinsen/seatd/compare/0.6.3...0.6.4" + }, + { + "refsource": "MISC", + "name": "https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CETEO7R.QG8B1KGD531R1%40kl.wtf%3E", + "url": "https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CETEO7R.QG8B1KGD531R1%40kl.wtf%3E" } ] } diff --git a/2022/25xxx/CVE-2022-25657.json b/2022/25xxx/CVE-2022-25657.json new file mode 100644 index 00000000000..94c983da5ee --- /dev/null +++ b/2022/25xxx/CVE-2022-25657.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-25657", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/25xxx/CVE-2022-25675.json b/2022/25xxx/CVE-2022-25675.json new file mode 100644 index 00000000000..931933b7c76 --- /dev/null +++ b/2022/25xxx/CVE-2022-25675.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-25675", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/25xxx/CVE-2022-25709.json b/2022/25xxx/CVE-2022-25709.json new file mode 100644 index 00000000000..f91f0abeabd --- /dev/null +++ b/2022/25xxx/CVE-2022-25709.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-25709", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/25xxx/CVE-2022-25800.json b/2022/25xxx/CVE-2022-25800.json new file mode 100644 index 00000000000..10591a2b61f --- /dev/null +++ b/2022/25xxx/CVE-2022-25800.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-25800", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/25xxx/CVE-2022-25801.json b/2022/25xxx/CVE-2022-25801.json new file mode 100644 index 00000000000..b45ef8c2ce1 --- /dev/null +++ b/2022/25xxx/CVE-2022-25801.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-25801", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/25xxx/CVE-2022-25802.json b/2022/25xxx/CVE-2022-25802.json new file mode 100644 index 00000000000..6a09b8265c2 --- /dev/null +++ b/2022/25xxx/CVE-2022-25802.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-25802", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/25xxx/CVE-2022-25803.json b/2022/25xxx/CVE-2022-25803.json new file mode 100644 index 00000000000..fcd9c5d6f82 --- /dev/null +++ b/2022/25xxx/CVE-2022-25803.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-25803", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/25xxx/CVE-2022-25804.json b/2022/25xxx/CVE-2022-25804.json new file mode 100644 index 00000000000..c9bde4c9561 --- /dev/null +++ b/2022/25xxx/CVE-2022-25804.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-25804", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/25xxx/CVE-2022-25805.json b/2022/25xxx/CVE-2022-25805.json new file mode 100644 index 00000000000..7f99e10954f --- /dev/null +++ b/2022/25xxx/CVE-2022-25805.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-25805", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/25xxx/CVE-2022-25806.json b/2022/25xxx/CVE-2022-25806.json new file mode 100644 index 00000000000..cdbeb173b8c --- /dev/null +++ b/2022/25xxx/CVE-2022-25806.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-25806", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/25xxx/CVE-2022-25807.json b/2022/25xxx/CVE-2022-25807.json new file mode 100644 index 00000000000..843eb16b31c --- /dev/null +++ b/2022/25xxx/CVE-2022-25807.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-25807", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/25xxx/CVE-2022-25808.json b/2022/25xxx/CVE-2022-25808.json new file mode 100644 index 00000000000..a642e652625 --- /dev/null +++ b/2022/25xxx/CVE-2022-25808.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-25808", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/25xxx/CVE-2022-25809.json b/2022/25xxx/CVE-2022-25809.json new file mode 100644 index 00000000000..dd5a8cee360 --- /dev/null +++ b/2022/25xxx/CVE-2022-25809.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2022-25809", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper Neutralization of audio output from 3rd and 4th Generation Amazon Echo Dot devices allows arbitrary voice command execution on these devices via a malicious skill (in the case of remote attackers) or by pairing a malicious Bluetooth device (in the case of physically proximate attackers), aka an \"Alexa versus Alexa (AvA)\" attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://arxiv.org/abs/2202.08619", + "refsource": "MISC", + "name": "https://arxiv.org/abs/2202.08619" + } + ] + } +} \ No newline at end of file diff --git a/2022/25xxx/CVE-2022-25810.json b/2022/25xxx/CVE-2022-25810.json new file mode 100644 index 00000000000..0889f68c325 --- /dev/null +++ b/2022/25xxx/CVE-2022-25810.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-25810", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/25xxx/CVE-2022-25811.json b/2022/25xxx/CVE-2022-25811.json new file mode 100644 index 00000000000..6c3a58c30d6 --- /dev/null +++ b/2022/25xxx/CVE-2022-25811.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-25811", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/25xxx/CVE-2022-25812.json b/2022/25xxx/CVE-2022-25812.json new file mode 100644 index 00000000000..0773733e67e --- /dev/null +++ b/2022/25xxx/CVE-2022-25812.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-25812", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/25xxx/CVE-2022-25813.json b/2022/25xxx/CVE-2022-25813.json new file mode 100644 index 00000000000..6e24aef3dd3 --- /dev/null +++ b/2022/25xxx/CVE-2022-25813.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-25813", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file