From e46f1ea5915eeaa464d9d565d25fc5b7079367a6 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 17 Feb 2022 16:01:22 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/28xxx/CVE-2020-28885.json | 2 +- 2021/44xxx/CVE-2021-44868.json | 56 ++++++++++++++++++++++++++++++---- 2022/0xxx/CVE-2022-0667.json | 18 +++++++++++ 2022/0xxx/CVE-2022-0668.json | 18 +++++++++++ 2022/20xxx/CVE-2022-20653.json | 4 +-- 2022/20xxx/CVE-2022-20659.json | 4 +-- 2022/20xxx/CVE-2022-20750.json | 4 +-- 2022/25xxx/CVE-2022-25308.json | 18 +++++++++++ 2022/25xxx/CVE-2022-25309.json | 18 +++++++++++ 2022/25xxx/CVE-2022-25310.json | 18 +++++++++++ 10 files changed, 147 insertions(+), 13 deletions(-) create mode 100644 2022/0xxx/CVE-2022-0667.json create mode 100644 2022/0xxx/CVE-2022-0668.json create mode 100644 2022/25xxx/CVE-2022-25308.json create mode 100644 2022/25xxx/CVE-2022-25309.json create mode 100644 2022/25xxx/CVE-2022-25310.json diff --git a/2020/28xxx/CVE-2020-28885.json b/2020/28xxx/CVE-2020-28885.json index 90f79e23c79..82ba530d64f 100644 --- a/2020/28xxx/CVE-2020-28885.json +++ b/2020/28xxx/CVE-2020-28885.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject commands through the Gogo Shell module to execute any OS command on the Liferay Portal Sever." + "value": "** DISPUTED ** Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject commands through the Gogo Shell module to execute any OS command on the Liferay Portal Sever. NOTE: The developer disputes this as a vulnerability since it is a feature for administrators to access and execute commands in Gogo Shell and therefore not a design flaw" } ] }, diff --git a/2021/44xxx/CVE-2021-44868.json b/2021/44xxx/CVE-2021-44868.json index 1653a76a16a..4895535e37b 100644 --- a/2021/44xxx/CVE-2021-44868.json +++ b/2021/44xxx/CVE-2021-44868.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-44868", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-44868", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A problem was found in ming-soft MCMS v5.1. There is a sql injection vulnerability in /ms/cms/content/list.do" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ming-soft/MCMS/issues/58", + "refsource": "MISC", + "name": "https://github.com/ming-soft/MCMS/issues/58" } ] } diff --git a/2022/0xxx/CVE-2022-0667.json b/2022/0xxx/CVE-2022-0667.json new file mode 100644 index 00000000000..70a345aa4ba --- /dev/null +++ b/2022/0xxx/CVE-2022-0667.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-0667", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0668.json b/2022/0xxx/CVE-2022-0668.json new file mode 100644 index 00000000000..c099d2b493e --- /dev/null +++ b/2022/0xxx/CVE-2022-0668.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-0668", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20653.json b/2022/20xxx/CVE-2022-20653.json index 5fc147c376e..2ed808e98f1 100644 --- a/2022/20xxx/CVE-2022-20653.json +++ b/2022/20xxx/CVE-2022-20653.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "\r A vulnerability in the DNS-based Authentication of Named Entities (DANE) email verification component of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r This vulnerability is due to insufficient error handling in DNS name resolution by the affected software. An attacker could exploit this vulnerability by sending specially formatted email messages that are processed by an affected device. A successful exploit could allow the attacker to cause the device to become unreachable from management interfaces or to process additional email messages for a period of time until the device recovers, resulting in a DoS condition. Continued attacks could cause the device to become completely unavailable, resulting in a persistent DoS condition.\r " + "value": "A vulnerability in the DNS-based Authentication of Named Entities (DANE) email verification component of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient error handling in DNS name resolution by the affected software. An attacker could exploit this vulnerability by sending specially formatted email messages that are processed by an affected device. A successful exploit could allow the attacker to cause the device to become unreachable from management interfaces or to process additional email messages for a period of time until the device recovers, resulting in a DoS condition. Continued attacks could cause the device to become completely unavailable, resulting in a persistent DoS condition." } ] }, @@ -83,4 +83,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20659.json b/2022/20xxx/CVE-2022-20659.json index 2aba918b61f..b88a40991f0 100644 --- a/2022/20xxx/CVE-2022-20659.json +++ b/2022/20xxx/CVE-2022-20659.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "\r A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device.\r This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.\r " + "value": "A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information." } ] }, @@ -84,4 +84,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20750.json b/2022/20xxx/CVE-2022-20750.json index 38dd1f1f979..ed932f51835 100644 --- a/2022/20xxx/CVE-2022-20750.json +++ b/2022/20xxx/CVE-2022-20750.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "\r A vulnerability in the checkpoint manager implementation of Cisco Redundancy Configuration Manager (RCM) for Cisco StarOS Software could allow an unauthenticated, remote attacker to cause the checkpoint manager process to restart upon receipt of malformed TCP data.\r This vulnerability is due to improper input validation of an ingress TCP packet. An attacker could exploit this vulnerability by sending crafted TCP data to the affected application. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to the checkpoint manager process restarting.\r " + "value": "A vulnerability in the checkpoint manager implementation of Cisco Redundancy Configuration Manager (RCM) for Cisco StarOS Software could allow an unauthenticated, remote attacker to cause the checkpoint manager process to restart upon receipt of malformed TCP data. This vulnerability is due to improper input validation of an ingress TCP packet. An attacker could exploit this vulnerability by sending crafted TCP data to the affected application. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to the checkpoint manager process restarting." } ] }, @@ -83,4 +83,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/25xxx/CVE-2022-25308.json b/2022/25xxx/CVE-2022-25308.json new file mode 100644 index 00000000000..189e739ca33 --- /dev/null +++ b/2022/25xxx/CVE-2022-25308.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-25308", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/25xxx/CVE-2022-25309.json b/2022/25xxx/CVE-2022-25309.json new file mode 100644 index 00000000000..5dc47a17bbc --- /dev/null +++ b/2022/25xxx/CVE-2022-25309.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-25309", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/25xxx/CVE-2022-25310.json b/2022/25xxx/CVE-2022-25310.json new file mode 100644 index 00000000000..87498b08f5a --- /dev/null +++ b/2022/25xxx/CVE-2022-25310.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-25310", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file