diff --git a/2021/30xxx/CVE-2021-30860.json b/2021/30xxx/CVE-2021-30860.json index 67973a002b6..9c2eca5ed4e 100644 --- a/2021/30xxx/CVE-2021-30860.json +++ b/2021/30xxx/CVE-2021-30860.json @@ -142,6 +142,11 @@ "refsource": "FULLDISC", "name": "20210924 APPLE-SA-2021-09-23-1 iOS 12.5.5", "url": "http://seclists.org/fulldisclosure/2021/Sep/50" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20220902 JBIG2 integer overflow fixed in Xpdf 4.04, Poppler 22.09.0", + "url": "http://www.openwall.com/lists/oss-security/2022/09/02/11" } ] }, diff --git a/2022/31xxx/CVE-2022-31152.json b/2022/31xxx/CVE-2022-31152.json index b6df5721aa8..017e71754a0 100644 --- a/2022/31xxx/CVE-2022-31152.json +++ b/2022/31xxx/CVE-2022-31152.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of [event authorization rules](https://spec.matrix.org/v1.2/rooms/v9/#authorization-rules) which must be checked when determining if an event should be accepted into a room.\n\nIn versions of Synapse up to and including version 1.61.0, some of these rules are not correctly applied. An attacker could craft events which would be accepted by Synapse but not a spec-conformant server, potentially causing divergence in the room state between servers. Administrators of homeservers with federation enabled are advised to upgrade to version 1.62.0 or higher. Federation can be disabled by setting [`federation_domain_whitelist`](https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#federation_domain_whitelist) to an empty list (`[]`) as a workaround." + "value": "Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of [event authorization rules](https://spec.matrix.org/v1.2/rooms/v9/#authorization-rules) which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including version 1.61.0, some of these rules are not correctly applied. An attacker could craft events which would be accepted by Synapse but not a spec-conformant server, potentially causing divergence in the room state between servers. Administrators of homeservers with federation enabled are advised to upgrade to version 1.62.0 or higher. Federation can be disabled by setting [`federation_domain_whitelist`](https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#federation_domain_whitelist) to an empty list (`[]`) as a workaround." } ] }, diff --git a/2022/36xxx/CVE-2022-36638.json b/2022/36xxx/CVE-2022-36638.json index 10751aac3cc..1e6f63ed645 100644 --- a/2022/36xxx/CVE-2022-36638.json +++ b/2022/36xxx/CVE-2022-36638.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-36638", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-36638", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An access control issue in the component print.php of Garage Management System v1.0 allows unauthenticated attackers to access data for all existing orders." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://senzee.net/index.php/2022/07/21/vulnerability-of-garage-management-system-1-0/", + "refsource": "MISC", + "name": "https://senzee.net/index.php/2022/07/21/vulnerability-of-garage-management-system-1-0/" + }, + { + "url": "https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html" } ] } diff --git a/2022/36xxx/CVE-2022-36639.json b/2022/36xxx/CVE-2022-36639.json index 5c1493ed5a4..35309de56d3 100644 --- a/2022/36xxx/CVE-2022-36639.json +++ b/2022/36xxx/CVE-2022-36639.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-36639", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-36639", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross-site scripting (XSS) vulnerability in /client.php of Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://senzee.net/index.php/2022/07/21/vulnerability-of-garage-management-system-1-0/", + "refsource": "MISC", + "name": "https://senzee.net/index.php/2022/07/21/vulnerability-of-garage-management-system-1-0/" + }, + { + "url": "https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html" } ] } diff --git a/2022/36xxx/CVE-2022-36640.json b/2022/36xxx/CVE-2022-36640.json index bf08bacc0e6..cf0bb559d90 100644 --- a/2022/36xxx/CVE-2022-36640.json +++ b/2022/36xxx/CVE-2022-36640.json @@ -1,17 +1,86 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-36640", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-36640", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://influxdata.com", + "refsource": "MISC", + "name": "http://influxdata.com" + }, + { + "url": "http://influxdb.com", + "refsource": "MISC", + "name": "http://influxdb.com" + }, + { + "url": "http://www.krsecu.com/CVE/409b5310045bd6b9a984a5fb63bd8786d5c5681a8ad5b1c815c84b2b90002ad7.docx", + "refsource": "MISC", + "name": "http://www.krsecu.com/CVE/409b5310045bd6b9a984a5fb63bd8786d5c5681a8ad5b1c815c84b2b90002ad7.docx" + }, + { + "url": "https://dl.influxdata.com/influxdb/releases/influxdb_1.8.10_amd64.deb", + "refsource": "MISC", + "name": "https://dl.influxdata.com/influxdb/releases/influxdb_1.8.10_amd64.deb" + }, + { + "url": "https://portal.influxdata.com/downloads/", + "refsource": "MISC", + "name": "https://portal.influxdata.com/downloads/" + }, + { + "url": "https://www.influxdata.com/", + "refsource": "MISC", + "name": "https://www.influxdata.com/" } ] } diff --git a/2022/38xxx/CVE-2022-38171.json b/2022/38xxx/CVE-2022-38171.json index 71c3d803dc3..5f6e596736a 100644 --- a/2022/38xxx/CVE-2022-38171.json +++ b/2022/38xxx/CVE-2022-38171.json @@ -90,6 +90,11 @@ "refsource": "MISC", "name": "https://gist.github.com/zmanion/b2ed0d1a0cec163ecd07d5e3d9740dc6", "url": "https://gist.github.com/zmanion/b2ed0d1a0cec163ecd07d5e3d9740dc6" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20220902 JBIG2 integer overflow fixed in Xpdf 4.04, Poppler 22.09.0", + "url": "http://www.openwall.com/lists/oss-security/2022/09/02/11" } ] }, diff --git a/2022/38xxx/CVE-2022-38784.json b/2022/38xxx/CVE-2022-38784.json index 906b7cb01d4..445ce9bdb56 100644 --- a/2022/38xxx/CVE-2022-38784.json +++ b/2022/38xxx/CVE-2022-38784.json @@ -80,6 +80,11 @@ "name": "https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1261/diffs?commit_id=27354e9d9696ee2bc063910a6c9a6b27c5184a52", "refsource": "CONFIRM", "url": "https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1261/diffs?commit_id=27354e9d9696ee2bc063910a6c9a6b27c5184a52" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20220902 JBIG2 integer overflow fixed in Xpdf 4.04, Poppler 22.09.0", + "url": "http://www.openwall.com/lists/oss-security/2022/09/02/11" } ] }, diff --git a/2022/3xxx/CVE-2022-3101.json b/2022/3xxx/CVE-2022-3101.json new file mode 100644 index 00000000000..a42f5f04751 --- /dev/null +++ b/2022/3xxx/CVE-2022-3101.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3101", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file