From ede8cc469d6db5341d9bcf8e4ea76976986cb671 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 28 Mar 2022 01:01:18 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/26xxx/CVE-2021-26598.json | 71 +++++++++++++++++++++++++++++++--- 2021/26xxx/CVE-2021-26599.json | 71 +++++++++++++++++++++++++++++++--- 2021/26xxx/CVE-2021-26600.json | 71 +++++++++++++++++++++++++++++++--- 2021/26xxx/CVE-2021-26601.json | 71 +++++++++++++++++++++++++++++++--- 2021/44xxx/CVE-2021-44208.json | 61 ++++++++++++++++++++++++++--- 2021/44xxx/CVE-2021-44209.json | 61 ++++++++++++++++++++++++++--- 2021/44xxx/CVE-2021-44210.json | 61 ++++++++++++++++++++++++++--- 2021/44xxx/CVE-2021-44211.json | 61 ++++++++++++++++++++++++++--- 2022/26xxx/CVE-2022-26259.json | 61 ++++++++++++++++++++++++++--- 2022/26xxx/CVE-2022-26268.json | 56 ++++++++++++++++++++++++--- 2022/26xxx/CVE-2022-26271.json | 56 ++++++++++++++++++++++++--- 11 files changed, 635 insertions(+), 66 deletions(-) diff --git a/2021/26xxx/CVE-2021-26598.json b/2021/26xxx/CVE-2021-26598.json index e449a7d8877..32f0d33457c 100644 --- a/2021/26xxx/CVE-2021-26598.json +++ b/2021/26xxx/CVE-2021-26598.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-26598", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-26598", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ImpressCMS before 1.4.3 has Incorrect Access Control because include/findusers.php allows access by unauthenticated attackers (who are, by design, able to have a security token)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://hackerone.com/reports/1081137", + "refsource": "MISC", + "name": "https://hackerone.com/reports/1081137" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/166403/ImpressCMS-1.4.2-Incorrect-Access-Control.html", + "url": "https://packetstormsecurity.com/files/166403/ImpressCMS-1.4.2-Incorrect-Access-Control.html" + }, + { + "refsource": "MISC", + "name": "http://karmainsecurity.com/KIS-2022-03", + "url": "http://karmainsecurity.com/KIS-2022-03" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2022/Mar/45", + "url": "http://seclists.org/fulldisclosure/2022/Mar/45" } ] } diff --git a/2021/26xxx/CVE-2021-26599.json b/2021/26xxx/CVE-2021-26599.json index 06f121c0a49..b08551ca6d6 100644 --- a/2021/26xxx/CVE-2021-26599.json +++ b/2021/26xxx/CVE-2021-26599.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-26599", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-26599", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ImpressCMS before 1.4.3 allows include/findusers.php groups SQL Injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://hackerone.com/reports/1081145", + "refsource": "MISC", + "name": "https://hackerone.com/reports/1081145" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/166404/ImpressCMS-1.4.2-SQL-Injection.html", + "url": "http://packetstormsecurity.com/files/166404/ImpressCMS-1.4.2-SQL-Injection.html" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2022/Mar/46", + "url": "http://seclists.org/fulldisclosure/2022/Mar/46" + }, + { + "refsource": "MISC", + "name": "http://karmainsecurity.com/KIS-2022-04", + "url": "http://karmainsecurity.com/KIS-2022-04" } ] } diff --git a/2021/26xxx/CVE-2021-26600.json b/2021/26xxx/CVE-2021-26600.json index b60b7f0bdd4..41e7c622e7c 100644 --- a/2021/26xxx/CVE-2021-26600.json +++ b/2021/26xxx/CVE-2021-26600.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-26600", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-26600", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ImpressCMS before 1.4.3 has plugins/preloads/autologin.php type confusion with resultant Authentication Bypass (!= instead of !==)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://hackerone.com/reports/1081986", + "refsource": "MISC", + "name": "https://hackerone.com/reports/1081986" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/166393/ImpressCMS-1.4.2-Authentication-Bypass.html", + "url": "http://packetstormsecurity.com/files/166393/ImpressCMS-1.4.2-Authentication-Bypass.html" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2022/Mar/43", + "url": "http://seclists.org/fulldisclosure/2022/Mar/43" + }, + { + "refsource": "MISC", + "name": "http://karmainsecurity.com/KIS-2022-01", + "url": "http://karmainsecurity.com/KIS-2022-01" } ] } diff --git a/2021/26xxx/CVE-2021-26601.json b/2021/26xxx/CVE-2021-26601.json index fa184dc664e..00cbcc56874 100644 --- a/2021/26xxx/CVE-2021-26601.json +++ b/2021/26xxx/CVE-2021-26601.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-26601", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-26601", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ImpressCMS before 1.4.3 allows libraries/image-editor/image-edit.php image_temp Directory Traversal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://hackerone.com/reports/1081878", + "refsource": "MISC", + "name": "https://hackerone.com/reports/1081878" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/166402/ImpressCMS-1.4.2-Path-Traversal.html", + "url": "http://packetstormsecurity.com/files/166402/ImpressCMS-1.4.2-Path-Traversal.html" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2022/Mar/44", + "url": "http://seclists.org/fulldisclosure/2022/Mar/44" + }, + { + "refsource": "MISC", + "name": "http://karmainsecurity.com/KIS-2022-02", + "url": "http://karmainsecurity.com/KIS-2022-02" } ] } diff --git a/2021/44xxx/CVE-2021-44208.json b/2021/44xxx/CVE-2021-44208.json index 8e78941fd07..d75eca3e545 100644 --- a/2021/44xxx/CVE-2021-44208.json +++ b/2021/44xxx/CVE-2021-44208.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-44208", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-44208", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OX App Suite through 7.10.5 allows XSS via an unknown system message in Chat." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://open-xchange.com", + "refsource": "MISC", + "name": "https://open-xchange.com" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/166389/OX-App-Suite-7.10.5-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/166389/OX-App-Suite-7.10.5-Cross-Site-Scripting.html" } ] } diff --git a/2021/44xxx/CVE-2021-44209.json b/2021/44xxx/CVE-2021-44209.json index a511f2bae02..4aa5cb8652d 100644 --- a/2021/44xxx/CVE-2021-44209.json +++ b/2021/44xxx/CVE-2021-44209.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-44209", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-44209", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OX App Suite through 7.10.5 allows XSS via an HTML 5 element such as AUDIO." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://open-xchange.com", + "refsource": "MISC", + "name": "https://open-xchange.com" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/166389/OX-App-Suite-7.10.5-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/166389/OX-App-Suite-7.10.5-Cross-Site-Scripting.html" } ] } diff --git a/2021/44xxx/CVE-2021-44210.json b/2021/44xxx/CVE-2021-44210.json index 0009bcb0de4..095456b0f1f 100644 --- a/2021/44xxx/CVE-2021-44210.json +++ b/2021/44xxx/CVE-2021-44210.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-44210", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-44210", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OX App Suite through 7.10.5 allows XSS via NIFF (Notation Interchange File Format) data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://open-xchange.com", + "refsource": "MISC", + "name": "https://open-xchange.com" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/166389/OX-App-Suite-7.10.5-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/166389/OX-App-Suite-7.10.5-Cross-Site-Scripting.html" } ] } diff --git a/2021/44xxx/CVE-2021-44211.json b/2021/44xxx/CVE-2021-44211.json index 54be4ea4092..0361f6f2f8a 100644 --- a/2021/44xxx/CVE-2021-44211.json +++ b/2021/44xxx/CVE-2021-44211.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-44211", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-44211", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OX App Suite through 7.10.5 allows XSS via the class attribute of an element in an HTML e-mail signature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://open-xchange.com", + "refsource": "MISC", + "name": "https://open-xchange.com" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/166389/OX-App-Suite-7.10.5-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/166389/OX-App-Suite-7.10.5-Cross-Site-Scripting.html" } ] } diff --git a/2022/26xxx/CVE-2022-26259.json b/2022/26xxx/CVE-2022-26259.json index 806d1651ae2..6df29183fe8 100644 --- a/2022/26xxx/CVE-2022-26259.json +++ b/2022/26xxx/CVE-2022-26259.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-26259", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-26259", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A buffer over flow in Xiongmai DVR devices NBD80X16S-KL, NBD80X09S-KL, NBD80X08S-KL, NBD80X09RA-KL, AHB80X04R-MH, AHB80X04R-MH-V2, AHB80X04-R-MH-V3, AHB80N16T-GS, AHB80N32F4-LME, and NBD90S0VT-QW allows attackers to cause a Denial of Service (DoS) via a crafted RSTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.xiongmaitech.com/en/index.php/service/notice_info/51/2", + "refsource": "MISC", + "name": "https://www.xiongmaitech.com/en/index.php/service/notice_info/51/2" + }, + { + "url": "https://blog.ret2.me/post/2022-01-26-exploiting-xiongmai-dvrs/", + "refsource": "MISC", + "name": "https://blog.ret2.me/post/2022-01-26-exploiting-xiongmai-dvrs/" } ] } diff --git a/2022/26xxx/CVE-2022-26268.json b/2022/26xxx/CVE-2022-26268.json index f695c2fdab3..6bad5930d7e 100644 --- a/2022/26xxx/CVE-2022-26268.json +++ b/2022/26xxx/CVE-2022-26268.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-26268", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-26268", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Xiaohuanxiong v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /app/controller/Books.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/hiliqi/xiaohuanxiong/issues/33", + "refsource": "MISC", + "name": "https://github.com/hiliqi/xiaohuanxiong/issues/33" } ] } diff --git a/2022/26xxx/CVE-2022-26271.json b/2022/26xxx/CVE-2022-26271.json index 58cd596d460..26e2b51f68d 100644 --- a/2022/26xxx/CVE-2022-26271.json +++ b/2022/26xxx/CVE-2022-26271.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-26271", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-26271", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url parameter at \\index\\controller\\Download.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/N1ce759/74cmsSE-Arbitrary-File-Reading/issues/1", + "refsource": "MISC", + "name": "https://github.com/N1ce759/74cmsSE-Arbitrary-File-Reading/issues/1" } ] }