diff --git a/2021/36xxx/CVE-2021-36905.json b/2021/36xxx/CVE-2021-36905.json
index 919c92f6619..6e0563fa4d8 100644
--- a/2021/36xxx/CVE-2021-36905.json
+++ b/2021/36xxx/CVE-2021-36905.json
@@ -1,18 +1,105 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
+ "ASSIGNER": "audit@patchstack.com",
+ "DATE_PUBLIC": "2022-10-21T10:28:00.000Z",
"ID": "CVE-2021-36905",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "STATE": "PUBLIC",
+ "TITLE": "WordPress Quiz And Survey Master plugin <= 7.3.4 - Multiple Auth. Stored Cross-Site Scripting (XSS) vulnerabilities"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Quiz And Survey Master (WordPress plugin)",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "<= 7.3.4",
+ "version_value": "7.3.4"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "ExpressTech"
+ }
+ ]
+ }
+ },
+ "credit": [
+ {
+ "lang": "eng",
+ "value": "Vulnerability discovered by Vlad Vector (Patchstack)"
+ }
+ ],
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Multiple Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in Quiz And Survey Master plugin <= 7.3.4 on WordPress."
}
]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.0.9"
+ },
+ "impact": {
+ "cvss": {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "LOW",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "version": "3.1"
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Cross-site Scripting (XSS)"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://wordpress.org/plugins/quiz-master-next/#developers",
+ "refsource": "CONFIRM",
+ "url": "https://wordpress.org/plugins/quiz-master-next/#developers"
+ },
+ {
+ "name": "https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-7-3-4-multiple-auth-stored-cross-site-scripting-xss-vulnerabilities?_s_id=cve",
+ "refsource": "CONFIRM",
+ "url": "https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-7-3-4-multiple-auth-stored-cross-site-scripting-xss-vulnerabilities?_s_id=cve"
+ }
+ ]
+ },
+ "solution": [
+ {
+ "lang": "eng",
+ "value": "Update to 7.3.5 or higher version."
+ }
+ ],
+ "source": {
+ "discovery": "EXTERNAL"
}
}
\ No newline at end of file
diff --git a/2022/20xxx/CVE-2022-20427.json b/2022/20xxx/CVE-2022-20427.json
index a6267d1173e..c364682e1cf 100644
--- a/2022/20xxx/CVE-2022-20427.json
+++ b/2022/20xxx/CVE-2022-20427.json
@@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-20427",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@android.com",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "n/a",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Android",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "Android kernel"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Elevation of privilege"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "refsource": "MISC",
+ "name": "https://source.android.com/security/bulletin/pixel/2022-11-01",
+ "url": "https://source.android.com/security/bulletin/pixel/2022-11-01"
+ }
+ ]
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "In (TBD) of (TBD), there is a possible way to corrupt memory due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239555070References: N/A"
}
]
}
diff --git a/2022/20xxx/CVE-2022-20428.json b/2022/20xxx/CVE-2022-20428.json
index 668c638d396..ae754b1c1a4 100644
--- a/2022/20xxx/CVE-2022-20428.json
+++ b/2022/20xxx/CVE-2022-20428.json
@@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-20428",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@android.com",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "n/a",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Android",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "Android kernel"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Elevation of privilege"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "refsource": "MISC",
+ "name": "https://source.android.com/security/bulletin/pixel/2022-11-01",
+ "url": "https://source.android.com/security/bulletin/pixel/2022-11-01"
+ }
+ ]
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "In (TBD) of (TBD), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239555411References: N/A"
}
]
}
diff --git a/2022/20xxx/CVE-2022-20459.json b/2022/20xxx/CVE-2022-20459.json
index 30056c8e67d..050e138aa22 100644
--- a/2022/20xxx/CVE-2022-20459.json
+++ b/2022/20xxx/CVE-2022-20459.json
@@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-20459",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@android.com",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "n/a",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Android",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "Android kernel"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Elevation of privilege"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "refsource": "MISC",
+ "name": "https://source.android.com/security/bulletin/pixel/2022-11-01",
+ "url": "https://source.android.com/security/bulletin/pixel/2022-11-01"
+ }
+ ]
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "In (TBD) of (TBD), there is a possible way to redirect code execution due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239556260References: N/A"
}
]
}
diff --git a/2022/20xxx/CVE-2022-20460.json b/2022/20xxx/CVE-2022-20460.json
index 8c6e48600a5..1ebd1ece175 100644
--- a/2022/20xxx/CVE-2022-20460.json
+++ b/2022/20xxx/CVE-2022-20460.json
@@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-20460",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@android.com",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "n/a",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Android",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "Android kernel"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Elevation of privilege"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "refsource": "MISC",
+ "name": "https://source.android.com/security/bulletin/pixel/2022-11-01",
+ "url": "https://source.android.com/security/bulletin/pixel/2022-11-01"
+ }
+ ]
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "In (TBD) mprot_unmap? of (TBD), there is a possible way to corrupt the memory mapping due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239557547References: N/A"
}
]
}
diff --git a/2022/23xxx/CVE-2022-23748.json b/2022/23xxx/CVE-2022-23748.json
index 58024904ea0..17b6510b108 100644
--- a/2022/23xxx/CVE-2022-23748.json
+++ b/2022/23xxx/CVE-2022-23748.json
@@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-23748",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve@checkpoint.com",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "n/a",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Audinate Dante Discovery, Zoom Rooms",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "All versions prior to and including 1.3.0.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-114: Process Control"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "refsource": "MISC",
+ "name": "https://cpr-zero.checkpoint.com/vulns/cprid-2193/",
+ "url": "https://cpr-zero.checkpoint.com/vulns/cprid-2193/"
+ }
+ ]
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In these scenarios, a malicious attacker could be using the valid and legitimate executable to load malicious files."
}
]
}
diff --git a/2022/28xxx/CVE-2022-28766.json b/2022/28xxx/CVE-2022-28766.json
index 4b1fbf26fb0..68932149ef5 100644
--- a/2022/28xxx/CVE-2022-28766.json
+++ b/2022/28xxx/CVE-2022-28766.json
@@ -1,18 +1,109 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
+ "ASSIGNER": "security@zoom.us",
+ "DATE_PUBLIC": "2022-11-15",
"ID": "CVE-2022-28766",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "STATE": "PUBLIC",
+ "TITLE": "DLL injection in Zoom Windows Clients"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Zoom Client for Meetings for Windows (32-bit)",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_value": "5.12.6"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Zoom VDI Windows Meeting Client for Windows (32-bit)",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_value": "5.12.6"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Zoom Rooms for Conference Room for Windows (32-bit)",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_value": "5.12.6"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Zoom Video Communications Inc"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. A local low-privileged user could exploit this vulnerability to run arbitrary code in the context of the Zoom client."
}
]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.0.9"
+ },
+ "impact": {
+ "cvss": {
+ "attackComplexity": "LOW",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "LOW",
+ "baseScore": 3.3,
+ "baseSeverity": "LOW",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+ "version": "3.1"
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-94: Improper Control of Generation of Code ('Code Injection')"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "refsource": "MISC",
+ "url": "https://explore.zoom.us/en/trust/security/security-bulletin/",
+ "name": "https://explore.zoom.us/en/trust/security/security-bulletin/"
+ }
+ ]
+ },
+ "source": {
+ "discovery": "EXTERNAL"
}
}
\ No newline at end of file
diff --git a/2022/28xxx/CVE-2022-28768.json b/2022/28xxx/CVE-2022-28768.json
index c8cbaa1fbdf..3ef1dd7d289 100644
--- a/2022/28xxx/CVE-2022-28768.json
+++ b/2022/28xxx/CVE-2022-28768.json
@@ -1,18 +1,87 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
+ "ASSIGNER": "security@zoom.us",
+ "DATE_PUBLIC": "2022-11-15",
"ID": "CVE-2022-28768",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "STATE": "PUBLIC",
+ "TITLE": "Local Privilege Escalation in Zoom Client Installer for macOS"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Zoom Client for Meetings Installer for macOS (Standard and for IT Admin)",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_value": "5.12.6"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Zoom Video Communications Inc"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The Zoom Client for Meetings Installer for macOS (Standard and for IT Admin) before version 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to root."
}
]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.0.9"
+ },
+ "impact": {
+ "cvss": {
+ "attackComplexity": "LOW",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "LOW",
+ "scope": "CHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
+ "version": "3.1"
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-689: Permission Race Condition During Resource Copy"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "refsource": "MISC",
+ "url": "https://explore.zoom.us/en/trust/security/security-bulletin/",
+ "name": "https://explore.zoom.us/en/trust/security/security-bulletin/"
+ }
+ ]
+ },
+ "source": {
+ "discovery": "EXTERNAL"
}
}
\ No newline at end of file
diff --git a/2022/36xxx/CVE-2022-36357.json b/2022/36xxx/CVE-2022-36357.json
index 34ac6bcd49a..ee99781b49d 100644
--- a/2022/36xxx/CVE-2022-36357.json
+++ b/2022/36xxx/CVE-2022-36357.json
@@ -1,18 +1,94 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
+ "ASSIGNER": "audit@patchstack.com",
+ "DATE_PUBLIC": "2022-11-17T14:44:00.000Z",
"ID": "CVE-2022-36357",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "STATE": "PUBLIC",
+ "TITLE": "WordPress ULTIMATE TABLES plugin <= 1.6.5 - Unauth. Reflected Cross-Site Scripting (XSS) vulnerability"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "ULTIMATE TABLES (WordPress plugin)",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "<= 1.6.5",
+ "version_value": "1.6.5"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Webpsilon"
+ }
+ ]
+ }
+ },
+ "credit": [
+ {
+ "lang": "eng",
+ "value": "Vulnerability discovered by Tien Nguyen Anh (Patchstack Alliance)"
+ }
+ ],
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ULTIMATE TABLES plugin <= 1.6.5 on WordPress."
}
]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.0.9"
+ },
+ "impact": {
+ "cvss": {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "NONE",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "version": "3.1"
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Cross-site Scripting (XSS)"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://patchstack.com/database/vulnerability/ultimate-tables/wordpress-ultimate-tables-plugin-1-6-5-unauth-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
+ "refsource": "CONFIRM",
+ "url": "https://patchstack.com/database/vulnerability/ultimate-tables/wordpress-ultimate-tables-plugin-1-6-5-unauth-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
+ }
+ ]
+ },
+ "source": {
+ "discovery": "EXTERNAL"
}
}
\ No newline at end of file
diff --git a/2022/36xxx/CVE-2022-36784.json b/2022/36xxx/CVE-2022-36784.json
index 70578a90f3e..e518dbc0d36 100644
--- a/2022/36xxx/CVE-2022-36784.json
+++ b/2022/36xxx/CVE-2022-36784.json
@@ -1,17 +1,106 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-36784",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@cyber.gov.il",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Elsight \u2013 Elsight Halo Remote Code Execution (RCE) Elsight Halo web panel allows us to perform connection validation. through the POST request : /api/v1/nics/wifi/wlan0/ping we can abuse DESTINATION parameter and leverage it to remote code execution."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Remote Code Execution (RCE)"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Elsight",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Elsight Halo ",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "10.6.0",
+ "version_affected": "="
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.gov.il/en/Departments/faq/cve_advisories",
+ "refsource": "MISC",
+ "name": "https://www.gov.il/en/Departments/faq/cve_advisories"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "ILVN-2022-0055",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "\n\nUpdate to version 10.6.1\n\n
"
+ }
+ ],
+ "value": "\nUpdate to version 10.6.1\n\n\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Dudu Moyal ,Moriel Harush"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "HIGH",
+ "attackVector": "ADJACENT_NETWORK",
+ "availabilityImpact": "LOW",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "LOW",
+ "scope": "CHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
+ "version": "3.1"
}
]
}
diff --git a/2022/36xxx/CVE-2022-36785.json b/2022/36xxx/CVE-2022-36785.json
index 6b320877d8b..ea7c2dbec7b 100644
--- a/2022/36xxx/CVE-2022-36785.json
+++ b/2022/36xxx/CVE-2022-36785.json
@@ -1,17 +1,93 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-36785",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@cyber.gov.il",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "D-Link \u2013 G integrated Access Device4 Information Disclosure & Authorization Bypass. *Information Disclosure \u2013 file contains a URL with private IP at line 15 \"login.asp\" A. The window.location.href = http://192.168.1.1/setupWizard.asp\" http://192.168.1.1/setupWizard.asp\" ; \"admin\" \u2013 contains default username value \"login.asp\" B. While accessing the web interface, the login form at *Authorization Bypass \u2013 URL by \"setupWizard.asp' while it blocks direct access to \u2013 the web interface does not properly validate user identity variables values located at the client side, it is available to access it without a \"login_glag\" and \"login_status\" checking browser and to read the admin user credentials for the web interface."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Information Disclosure & Authorization Bypass"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "D-Link",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "G integrated Access Device4",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "1.0",
+ "version_affected": "="
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.gov.il/en/Departments/faq/cve_advisories",
+ "refsource": "MISC",
+ "name": "https://www.gov.il/en/Departments/faq/cve_advisories"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "ILVN-2022-0056",
+ "discovery": "EXTERNAL"
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "MetaData"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "HIGH",
+ "attackVector": "ADJACENT_NETWORK",
+ "availabilityImpact": "LOW",
+ "baseScore": 4.6,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "version": "3.1"
}
]
}
diff --git a/2022/36xxx/CVE-2022-36786.json b/2022/36xxx/CVE-2022-36786.json
index 522130288ba..01e58458c52 100644
--- a/2022/36xxx/CVE-2022-36786.json
+++ b/2022/36xxx/CVE-2022-36786.json
@@ -1,17 +1,93 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-36786",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@cyber.gov.il",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "DLINK - DSL-224 Post-auth PCE. DLINK router has an interface where you can configure NTP servers (Network Time Protocol) via jsonrpc API. It is possible to inject a command through this interface that will run with ROOT permissions on the router."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Post-auth PCE"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "D-Link",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "DSL-224",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "1.0",
+ "version_affected": "="
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.gov.il/en/Departments/faq/cve_advisories",
+ "refsource": "MISC",
+ "name": "https://www.gov.il/en/Departments/faq/cve_advisories"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "ILVN-2022-0057",
+ "discovery": "EXTERNAL"
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Nerya Zadkani"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "HIGH",
+ "attackVector": "ADJACENT_NETWORK",
+ "availabilityImpact": "LOW",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "LOW",
+ "scope": "CHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
+ "version": "3.1"
}
]
}
diff --git a/2022/36xxx/CVE-2022-36787.json b/2022/36xxx/CVE-2022-36787.json
index c906cbe0121..9371b527456 100644
--- a/2022/36xxx/CVE-2022-36787.json
+++ b/2022/36xxx/CVE-2022-36787.json
@@ -1,17 +1,107 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-36787",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@cyber.gov.il",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Webvendome - Webvendome SQL Injection. SQL Injection in the Parameter \" DocNumber\" Request : Get Request : /webvendome/showfiles.aspx?jobnumber=nullDoc Number=HERE."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
+ "cweId": "CWE-89"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Webvendome",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Webvendome",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "1.0",
+ "version_affected": "="
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.gov.il/en/departments/faq/cve_advisories",
+ "refsource": "MISC",
+ "name": "https://www.gov.il/en/departments/faq/cve_advisories"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "ILVN-2022-0058",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "\n\nUpdate to the latest version.\n\n"
+ }
+ ],
+ "value": "\nUpdate to the latest version.\n\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Dudu Moyal , Moriel Harush , Gad Abuhatziera - Sophtix Security LTD."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "ADJACENT_NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.3,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2022/36xxx/CVE-2022-36924.json b/2022/36xxx/CVE-2022-36924.json
index 8ad696d345d..36883692da3 100644
--- a/2022/36xxx/CVE-2022-36924.json
+++ b/2022/36xxx/CVE-2022-36924.json
@@ -1,18 +1,87 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
+ "ASSIGNER": "security@zoom.us",
+ "DATE_PUBLIC": "2022-11-15",
"ID": "CVE-2022-36924",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "STATE": "PUBLIC",
+ "TITLE": "Local Privilege Escalation in Zoom Rooms Installer for Windows"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Zoom Rooms Installer for Windows",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_value": "5.12.6"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Zoom Video Communications Inc"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to the SYSTEM user."
}
]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.0.9"
+ },
+ "impact": {
+ "cvss": {
+ "attackComplexity": "LOW",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "LOW",
+ "scope": "CHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
+ "version": "3.1"
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-427: Uncontrolled Search Path Element"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "refsource": "MISC",
+ "url": "https://explore.zoom.us/en/trust/security/security-bulletin/",
+ "name": "https://explore.zoom.us/en/trust/security/security-bulletin/"
+ }
+ ]
+ },
+ "source": {
+ "discovery": "EXTERNAL"
}
}
\ No newline at end of file
diff --git a/2022/38xxx/CVE-2022-38165.json b/2022/38xxx/CVE-2022-38165.json
index 3a15c43d11a..9e61f2e3175 100644
--- a/2022/38xxx/CVE-2022-38165.json
+++ b/2022/38xxx/CVE-2022-38165.json
@@ -1,17 +1,61 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2022-38165",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2022-38165",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "WithSecure through 2022-08-10 allows attackers to cause a denial of service (issue 4 of 5)."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "refsource": "MISC",
+ "name": "https://www.withsecure.com/en/support/security-advisories/cve-2022-38165",
+ "url": "https://www.withsecure.com/en/support/security-advisories/cve-2022-38165"
}
]
}
diff --git a/2022/39xxx/CVE-2022-39178.json b/2022/39xxx/CVE-2022-39178.json
index 76b5c7e6f0b..b624a430cb3 100644
--- a/2022/39xxx/CVE-2022-39178.json
+++ b/2022/39xxx/CVE-2022-39178.json
@@ -1,17 +1,106 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-39178",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@cyber.gov.il",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Webvendome - Webvendome Internal Server IP Disclosure. Send GET Request to the request which is shown in the picture. Internal Server IP and Full path disclosure."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Internal Server IP Disclosure"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Webvendome",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Webvendome",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "1.0",
+ "version_affected": "="
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.gov.il/en/departments/faq/cve_advisories",
+ "refsource": "MISC",
+ "name": "https://www.gov.il/en/departments/faq/cve_advisories"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "ILVN-2022-0059",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "\n\nUpdate to the latest version.\n\n"
+ }
+ ],
+ "value": "\nUpdate to the latest version.\n\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Dudu Moyal , Moriel Harush , Gad Abuhatziera - Sophtix Security LTD."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "ADJACENT_NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.1,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2022/39xxx/CVE-2022-39179.json b/2022/39xxx/CVE-2022-39179.json
index 61286ef2401..963abbdcba7 100644
--- a/2022/39xxx/CVE-2022-39179.json
+++ b/2022/39xxx/CVE-2022-39179.json
@@ -1,17 +1,93 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-39179",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@cyber.gov.il",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "College Management System v1.0 - Authenticated remote code execution. An admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload .php file that contains malicious code via student.php file."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Authenticated remote code execution."
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "College Management System v1.0",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "College Management System v1.0",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "1.0",
+ "version_affected": "="
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.gov.il/en/departments/faq/cve_advisories",
+ "refsource": "MISC",
+ "name": "https://www.gov.il/en/departments/faq/cve_advisories"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "ILVN-2022-0060",
+ "discovery": "EXTERNAL"
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Liav Gutman"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "ADJACENT_NETWORK",
+ "availabilityImpact": "LOW",
+ "baseScore": 4.9,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
+ "version": "3.1"
}
]
}
diff --git a/2022/39xxx/CVE-2022-39180.json b/2022/39xxx/CVE-2022-39180.json
index af231895d95..c7e7175505f 100644
--- a/2022/39xxx/CVE-2022-39180.json
+++ b/2022/39xxx/CVE-2022-39180.json
@@ -1,17 +1,94 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-39180",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@cyber.gov.il",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "College Management System v1.0 - SQL Injection (SQLi). By inserting SQL commands to the username and password fields in the login.php page."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
+ "cweId": "CWE-89"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "College Management System v1.0",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "College Management System v1.0",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "1.0",
+ "version_affected": "="
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.gov.il/en/departments/faq/cve_advisories",
+ "refsource": "MISC",
+ "name": "https://www.gov.il/en/departments/faq/cve_advisories"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "ILVN-2022-0061",
+ "discovery": "EXTERNAL"
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Liav Gutman"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "ADJACENT_NETWORK",
+ "availabilityImpact": "LOW",
+ "baseScore": 4.9,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
+ "version": "3.1"
}
]
}
diff --git a/2022/39xxx/CVE-2022-39181.json b/2022/39xxx/CVE-2022-39181.json
index e17b70a7fd6..338134c8fd6 100644
--- a/2022/39xxx/CVE-2022-39181.json
+++ b/2022/39xxx/CVE-2022-39181.json
@@ -1,17 +1,94 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-39181",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@cyber.gov.il",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "GLPI - Reports plugin for GLPI Reflected Cross-Site-Scripting (RXSS). Type 1: Reflected XSS (or Non-Persistent) - The server reads data directly from the HTTP request and reflects it back in the HTTP response. Reflected XSS exploits occur when an attacker causes a victim to supply dangerous content to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or emailed directly to the victim. URLs constructed in this manner constitute the core of many phishing schemes, whereby an attacker convinces a victim to visit a URL that refers to a vulnerable site. After the site reflects the attacker's content back to the victim, the content is executed by the victim's browser."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
+ "cweId": "CWE-79"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "GLPI",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Reports plugin for GLPI",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "1.0",
+ "version_affected": "="
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.gov.il/en/departments/faq/cve_advisories",
+ "refsource": "MISC",
+ "name": "https://www.gov.il/en/departments/faq/cve_advisories"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "ILVN-2022-0062",
+ "discovery": "EXTERNAL"
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Moriel Harush, Dudu Moyal - EY \u2013 Hacktics."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "ADJACENT_NETWORK",
+ "availabilityImpact": "LOW",
+ "baseScore": 4.9,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
+ "version": "3.1"
}
]
}
diff --git a/2022/40xxx/CVE-2022-40192.json b/2022/40xxx/CVE-2022-40192.json
index 120cb36a071..e3f314a6cdd 100644
--- a/2022/40xxx/CVE-2022-40192.json
+++ b/2022/40xxx/CVE-2022-40192.json
@@ -1,18 +1,100 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
+ "ASSIGNER": "audit@patchstack.com",
+ "DATE_PUBLIC": "2022-11-17T11:30:00.000Z",
"ID": "CVE-2022-40192",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "STATE": "PUBLIC",
+ "TITLE": "WordPress wpForo Forum plugin <= 2.0.9 - Cross-Site Request Forgery (CSRF) vulnerability"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "wpForo Forum (WordPress plugin)",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "<= 2.0.9",
+ "version_value": "2.0.9"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "gVectors Team"
+ }
+ ]
+ }
+ },
+ "credit": [
+ {
+ "lang": "eng",
+ "value": "Vulnerability discovered by dhakal_ananda (Patchstack Alliance)"
+ }
+ ],
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Cross-Site Request Forgery (CSRF) vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress."
}
]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.0.9"
+ },
+ "impact": {
+ "cvss": {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.1,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
+ "version": "3.1"
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://patchstack.com/database/vulnerability/wpforo/wordpress-wpforo-forum-plugin-2-0-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
+ "refsource": "CONFIRM",
+ "url": "https://patchstack.com/database/vulnerability/wpforo/wordpress-wpforo-forum-plugin-2-0-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
+ }
+ ]
+ },
+ "solution": [
+ {
+ "lang": "eng",
+ "value": "Update to 2.1.0 or higher version."
+ }
+ ],
+ "source": {
+ "discovery": "EXTERNAL"
}
}
\ No newline at end of file
diff --git a/2022/40xxx/CVE-2022-40200.json b/2022/40xxx/CVE-2022-40200.json
index bdda980c097..240c31ffc85 100644
--- a/2022/40xxx/CVE-2022-40200.json
+++ b/2022/40xxx/CVE-2022-40200.json
@@ -1,18 +1,105 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
+ "ASSIGNER": "audit@patchstack.com",
+ "DATE_PUBLIC": "2022-11-09T11:22:00.000Z",
"ID": "CVE-2022-40200",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "STATE": "PUBLIC",
+ "TITLE": "WordPress wpForo Forum plugin <= 2.0.9 - Auth. Arbitrary File Upload vulnerability"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "wpForo Forum (WordPress plugin)",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "<= 2.0.9",
+ "version_value": "2.0.9"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "gVectors Team"
+ }
+ ]
+ }
+ },
+ "credit": [
+ {
+ "lang": "eng",
+ "value": "Vulnerability discovered by Rafie Muhammad aka Yeraisci (Patchstack Alliance)"
+ }
+ ],
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Auth. (subscriber+) Arbitrary File Upload vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress."
}
]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.0.9"
+ },
+ "impact": {
+ "cvss": {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.9,
+ "baseSeverity": "CRITICAL",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "LOW",
+ "scope": "CHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
+ "version": "3.1"
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Arbitrary File Upload"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://wordpress.org/plugins/wpforo/#developers",
+ "refsource": "CONFIRM",
+ "url": "https://wordpress.org/plugins/wpforo/#developers"
+ },
+ {
+ "name": "https://patchstack.com/database/vulnerability/wpforo/wordpress-wpforo-forum-plugin-2-0-9-arbitrary-file-upload-vulnerability?_s_id=cve",
+ "refsource": "CONFIRM",
+ "url": "https://patchstack.com/database/vulnerability/wpforo/wordpress-wpforo-forum-plugin-2-0-9-arbitrary-file-upload-vulnerability?_s_id=cve"
+ }
+ ]
+ },
+ "solution": [
+ {
+ "lang": "eng",
+ "value": "Update to 2.1.0 or higher version."
+ }
+ ],
+ "source": {
+ "discovery": "EXTERNAL"
}
}
\ No newline at end of file
diff --git a/2022/40xxx/CVE-2022-40694.json b/2022/40xxx/CVE-2022-40694.json
index 45b2e6e72c8..12c66d76b9a 100644
--- a/2022/40xxx/CVE-2022-40694.json
+++ b/2022/40xxx/CVE-2022-40694.json
@@ -1,18 +1,100 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
+ "ASSIGNER": "audit@patchstack.com",
+ "DATE_PUBLIC": "2022-11-17T10:31:00.000Z",
"ID": "CVE-2022-40694",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "STATE": "PUBLIC",
+ "TITLE": "WordPress News Announcement Scroll plugin <= 8.8.8 - Auth. Stored Cross-Site Scripting (XSS) vulnerability"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "News Announcement Scroll (WordPress plugin)",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "<= 8.8.8",
+ "version_value": "8.8.8"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "StoreApps"
+ }
+ ]
+ }
+ },
+ "credit": [
+ {
+ "lang": "eng",
+ "value": "Vulnerability discovered by Mika (Patchstack Alliance)"
+ }
+ ],
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in News Announcement Scroll plugin <= 8.8.8 on WordPress."
}
]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.0.9"
+ },
+ "impact": {
+ "cvss": {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.8,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "HIGH",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
+ "version": "3.1"
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Cross-site Scripting (XSS)"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://patchstack.com/database/vulnerability/news-announcement-scroll/wordpress-news-announcement-scroll-plugin-8-8-8-auth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve",
+ "refsource": "CONFIRM",
+ "url": "https://patchstack.com/database/vulnerability/news-announcement-scroll/wordpress-news-announcement-scroll-plugin-8-8-8-auth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve"
+ }
+ ]
+ },
+ "solution": [
+ {
+ "lang": "eng",
+ "value": "Update to 9.0.0 or higher version."
+ }
+ ],
+ "source": {
+ "discovery": "EXTERNAL"
}
}
\ No newline at end of file
diff --git a/2022/41xxx/CVE-2022-41132.json b/2022/41xxx/CVE-2022-41132.json
index 76d1f46c4a1..7988a7c0e48 100644
--- a/2022/41xxx/CVE-2022-41132.json
+++ b/2022/41xxx/CVE-2022-41132.json
@@ -1,18 +1,108 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
+ "ASSIGNER": "audit@patchstack.com",
+ "DATE_PUBLIC": "2022-11-17T12:43:00.000Z",
"ID": "CVE-2022-41132",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "STATE": "PUBLIC",
+ "TITLE": "WordPress Ezoic plugin <= 2.8.8 - Unauthenticated Plugin Settings Change Leading To Stored XSS Vulnerability"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Ezoic (WordPress plugin)",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "<= 2.8.8",
+ "version_value": "2.8.8"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Ezoic Inc."
+ }
+ ]
+ }
+ },
+ "credit": [
+ {
+ "lang": "eng",
+ "value": "Vulnerability discovered by Jos\u00e9 Aguilera (Patchstack Alliance)"
+ }
+ ],
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Unauthenticated Plugin Settings Change Leading To Stored XSS Vulnerability in Ezoic plugin <= 2.8.8 on WordPress."
}
]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.0.9"
+ },
+ "impact": {
+ "cvss": {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "NONE",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "version": "3.1"
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-264 Permissions, Privileges, and Access Controls"
+ }
+ ]
+ },
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Cross-site Scripting (XSS)"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://patchstack.com/database/vulnerability/ezoic-integration/wordpress-ezoic-plugin-2-8-8-unauthenticated-plugin-settings-change-leading-to-stored-xss-vulnerability?_s_id=cve",
+ "refsource": "CONFIRM",
+ "url": "https://patchstack.com/database/vulnerability/ezoic-integration/wordpress-ezoic-plugin-2-8-8-unauthenticated-plugin-settings-change-leading-to-stored-xss-vulnerability?_s_id=cve"
+ }
+ ]
+ },
+ "solution": [
+ {
+ "lang": "eng",
+ "value": "Update to 2.8.9 or higher version."
+ }
+ ],
+ "source": {
+ "discovery": "EXTERNAL"
}
}
\ No newline at end of file
diff --git a/2022/41xxx/CVE-2022-41315.json b/2022/41xxx/CVE-2022-41315.json
index 742c78dff50..8417696874d 100644
--- a/2022/41xxx/CVE-2022-41315.json
+++ b/2022/41xxx/CVE-2022-41315.json
@@ -1,18 +1,100 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
+ "ASSIGNER": "audit@patchstack.com",
+ "DATE_PUBLIC": "2022-11-17T12:33:00.000Z",
"ID": "CVE-2022-41315",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "STATE": "PUBLIC",
+ "TITLE": "WordPress Ezoic plugin <= 2.8.8 - Auth. Stored Cross-Site Scripting (XSS) vulnerability"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Ezoic (WordPress plugin)",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "<= 2.8.8",
+ "version_value": "2.8.8"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Ezoic Inc."
+ }
+ ]
+ }
+ },
+ "credit": [
+ {
+ "lang": "eng",
+ "value": "Vulnerability discovered by Jos\u00e9 Aguilera (Patchstack Alliance)"
+ }
+ ],
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Auth. Stored Cross-Site Scripting (XSS) vulnerability in Ezoic plugin <= 2.8.8 on WordPress."
}
]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.0.9"
+ },
+ "impact": {
+ "cvss": {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.8,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "HIGH",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
+ "version": "3.1"
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Cross-site Scripting (XSS)"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://patchstack.com/database/vulnerability/ezoic-integration/wordpress-ezoic-plugin-2-8-8-auth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve",
+ "refsource": "CONFIRM",
+ "url": "https://patchstack.com/database/vulnerability/ezoic-integration/wordpress-ezoic-plugin-2-8-8-auth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve"
+ }
+ ]
+ },
+ "solution": [
+ {
+ "lang": "eng",
+ "value": "Update to 2.8.9 or higher version."
+ }
+ ],
+ "source": {
+ "discovery": "EXTERNAL"
}
}
\ No newline at end of file
diff --git a/2022/41xxx/CVE-2022-41775.json b/2022/41xxx/CVE-2022-41775.json
index 5027dc0aa1a..edbebd95dc8 100644
--- a/2022/41xxx/CVE-2022-41775.json
+++ b/2022/41xxx/CVE-2022-41775.json
@@ -1,17 +1,107 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-41775",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "ics-cert@hq.dhs.gov",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
+ "cweId": "CWE-89"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Delta Electronics",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "DIAEnergie",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "All",
+ "version_affected": "="
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-06",
+ "refsource": "MISC",
+ "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-06"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "ICSA-22-298-06",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "\n\nDelta did not publicly release v1.9.01.002 or v1.9.02.001, which addresses these vulnerabilities. Users are encouraged to contact Delta to receive these updates.\n\n
"
+ }
+ ],
+ "value": "\nDelta did not publicly release v1.9.01.002 or v1.9.02.001, which addresses these vulnerabilities. Users are encouraged to contact Delta to receive these updates.\n\n\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Michael Heinzl reported these vulnerabilities to CISA."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2022/41xxx/CVE-2022-41791.json b/2022/41xxx/CVE-2022-41791.json
index c42c3bb7558..f0ad532fd51 100644
--- a/2022/41xxx/CVE-2022-41791.json
+++ b/2022/41xxx/CVE-2022-41791.json
@@ -1,18 +1,94 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
+ "ASSIGNER": "audit@patchstack.com",
+ "DATE_PUBLIC": "2022-11-17T13:16:00.000Z",
"ID": "CVE-2022-41791",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "STATE": "PUBLIC",
+ "TITLE": "WordPress ProfileGrid plugin <= 5.1.6 - Auth. CSV Injection vulnerability"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "ProfileGrid (WordPress plugin)",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "<= 5.1.6",
+ "version_value": "5.1.6"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Profilegrid"
+ }
+ ]
+ }
+ },
+ "credit": [
+ {
+ "lang": "eng",
+ "value": "Vulnerability discovered by Mika (Patchstack Alliance)"
+ }
+ ],
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin <= 5.1.6 on WordPress."
}
]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.0.9"
+ },
+ "impact": {
+ "cvss": {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "LOW",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
+ "version": "3.1"
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CSV Injection"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-plugin-5-1-6-csv-injection-vulnerability?_s_id=cve",
+ "refsource": "CONFIRM",
+ "url": "https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-plugin-5-1-6-csv-injection-vulnerability?_s_id=cve"
+ }
+ ]
+ },
+ "source": {
+ "discovery": "EXTERNAL"
}
}
\ No newline at end of file
diff --git a/2022/42xxx/CVE-2022-42533.json b/2022/42xxx/CVE-2022-42533.json
index 57556504c49..18f3bb1e77e 100644
--- a/2022/42xxx/CVE-2022-42533.json
+++ b/2022/42xxx/CVE-2022-42533.json
@@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42533",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@android.com",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "n/a",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Android",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "Android kernel"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Elevation of privilege"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "refsource": "MISC",
+ "name": "https://source.android.com/security/bulletin/pixel/2022-11-01",
+ "url": "https://source.android.com/security/bulletin/pixel/2022-11-01"
+ }
+ ]
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "In shared_metadata_init of SharedMetadata.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239415718References: N/A"
}
]
}
diff --git a/2022/43xxx/CVE-2022-43096.json b/2022/43xxx/CVE-2022-43096.json
index 5bdf4f6100e..c40ede44d0a 100644
--- a/2022/43xxx/CVE-2022-43096.json
+++ b/2022/43xxx/CVE-2022-43096.json
@@ -1,18 +1,80 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2022-43096",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2022-43096",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Mediatrix 4102 before v48.5.2718 allows local attackers to gain root access via the UART port."
}
]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://documentation.media5corp.com/display/MP/DGW+Security+Improvement+Notes+v48.5.2718",
+ "refsource": "MISC",
+ "name": "https://documentation.media5corp.com/display/MP/DGW+Security+Improvement+Notes+v48.5.2718"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://github.com/ProxyStaffy/Mediatrix-CVE-2022-43096",
+ "url": "https://github.com/ProxyStaffy/Mediatrix-CVE-2022-43096"
+ }
+ ]
+ },
+ "impact": {
+ "cvss": {
+ "attackComplexity": "LOW",
+ "availabilityImpact": "NONE",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "CHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AC:L/A:N/C:H/I:H/PR:N/S:C/UI:N",
+ "version": "3.1"
+ }
}
}
\ No newline at end of file
diff --git a/2022/43xxx/CVE-2022-43171.json b/2022/43xxx/CVE-2022-43171.json
index 3c1285b91d2..ca7741e71e7 100644
--- a/2022/43xxx/CVE-2022-43171.json
+++ b/2022/43xxx/CVE-2022-43171.json
@@ -1,17 +1,61 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2022-43171",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2022-43171",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A heap buffer overflow in the LIEF::MachO::BinaryParser::parse_dyldinfo_generic_bind function of LIEF v0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted MachO file."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/lief-project/LIEF/issues/782",
+ "refsource": "MISC",
+ "name": "https://github.com/lief-project/LIEF/issues/782"
}
]
}
diff --git a/2022/43xxx/CVE-2022-43332.json b/2022/43xxx/CVE-2022-43332.json
index 2d7cf8cb90e..3b49f04d113 100644
--- a/2022/43xxx/CVE-2022-43332.json
+++ b/2022/43xxx/CVE-2022-43332.json
@@ -1,17 +1,61 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2022-43332",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2022-43332",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A cross-site scripting (XSS) vulnerability in Wondercms v3.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Site title field of the Configuration Panel."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "refsource": "MISC",
+ "name": "https://github.com/maikroservice/CVE-2022-43332",
+ "url": "https://github.com/maikroservice/CVE-2022-43332"
}
]
}
diff --git a/2022/43xxx/CVE-2022-43447.json b/2022/43xxx/CVE-2022-43447.json
index f55d0423a23..5bdbb440fed 100644
--- a/2022/43xxx/CVE-2022-43447.json
+++ b/2022/43xxx/CVE-2022-43447.json
@@ -1,17 +1,107 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-43447",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "ics-cert@hq.dhs.gov",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
+ "cweId": "CWE-89"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Delta Electronics",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "DIAEnergie",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "All",
+ "version_affected": "="
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-06",
+ "refsource": "MISC",
+ "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-06"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "ICSA-22-298-06",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "\n\nDelta did not publicly release v1.9.01.002 or v1.9.02.001, which addresses these vulnerabilities. Users are encouraged to contact Delta to receive these updates.\n\n
"
+ }
+ ],
+ "value": "\nDelta did not publicly release v1.9.01.002 or v1.9.02.001, which addresses these vulnerabilities. Users are encouraged to contact Delta to receive these updates.\n\n\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Michael Heinzl reported these vulnerabilities to CISA."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2022/43xxx/CVE-2022-43452.json b/2022/43xxx/CVE-2022-43452.json
index 2077a63e98c..f4d27382876 100644
--- a/2022/43xxx/CVE-2022-43452.json
+++ b/2022/43xxx/CVE-2022-43452.json
@@ -1,17 +1,107 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-43452",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "ics-cert@hq.dhs.gov",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "SQL Injection in FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
+ "cweId": "CWE-89"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Delta Electronics",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "DIAEnergie",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "All",
+ "version_affected": "="
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-06",
+ "refsource": "MISC",
+ "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-06"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "ICSA-22-298-06",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "\n\nDelta did not publicly release v1.9.01.002 or v1.9.02.001, which addresses these vulnerabilities. Users are encouraged to contact Delta to receive these updates.\n\n
"
+ }
+ ],
+ "value": "\nDelta did not publicly release v1.9.01.002 or v1.9.02.001, which addresses these vulnerabilities. Users are encouraged to contact Delta to receive these updates.\n\n\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Michael Heinzl reported these vulnerabilities to CISA."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2022/43xxx/CVE-2022-43457.json b/2022/43xxx/CVE-2022-43457.json
index 3e04170e6aa..b1e2192f789 100644
--- a/2022/43xxx/CVE-2022-43457.json
+++ b/2022/43xxx/CVE-2022-43457.json
@@ -1,17 +1,107 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-43457",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "ics-cert@hq.dhs.gov",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
+ "cweId": "CWE-89"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Delta Electronics",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "DIAEnergie",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "All",
+ "version_affected": "="
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-06",
+ "refsource": "MISC",
+ "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-06"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "ICSA-22-298-06",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "\n\nDelta did not publicly release v1.9.01.002 or v1.9.02.001, which addresses these vulnerabilities. Users are encouraged to contact Delta to receive these updates.\n\n
"
+ }
+ ],
+ "value": "\nDelta did not publicly release v1.9.01.002 or v1.9.02.001, which addresses these vulnerabilities. Users are encouraged to contact Delta to receive these updates.\n\n\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Michael Heinzl reported these vulnerabilities to CISA."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2022/43xxx/CVE-2022-43506.json b/2022/43xxx/CVE-2022-43506.json
index ab2271b1b07..271afa7f9b6 100644
--- a/2022/43xxx/CVE-2022-43506.json
+++ b/2022/43xxx/CVE-2022-43506.json
@@ -1,17 +1,107 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-43506",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "ics-cert@hq.dhs.gov",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
+ "cweId": "CWE-89"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Delta Electronics",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "DIAEnergie",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "All",
+ "version_affected": "="
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-06",
+ "refsource": "MISC",
+ "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-06"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "ICSA-22-298-06",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "\n\nDelta did not publicly release v1.9.01.002 or v1.9.02.001, which addresses these vulnerabilities. Users are encouraged to contact Delta to receive these updates.\n\n
"
+ }
+ ],
+ "value": "\nDelta did not publicly release v1.9.01.002 or v1.9.02.001, which addresses these vulnerabilities. Users are encouraged to contact Delta to receive these updates.\n\n\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Michael Heinzl reported these vulnerabilities to CISA."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2022/44xxx/CVE-2022-44577.json b/2022/44xxx/CVE-2022-44577.json
index 771246bfd66..e8bd8686eb0 100644
--- a/2022/44xxx/CVE-2022-44577.json
+++ b/2022/44xxx/CVE-2022-44577.json
@@ -1,18 +1,94 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
+ "ASSIGNER": "audit@patchstack.com",
+ "DATE_PUBLIC": "2022-11-17T11:50:00.000Z",
"ID": "CVE-2022-44577",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "STATE": "PUBLIC",
+ "TITLE": "WordPress Export Users With Meta plugin <= 0.6.8 - Auth. CSV Injection vulnerability"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Export Users With Meta (WordPress plugin)",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "<= 0.6.8",
+ "version_value": "0.6.8"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Daniel Loureiro"
+ }
+ ]
+ }
+ },
+ "credit": [
+ {
+ "lang": "eng",
+ "value": "Vulnerability discovered by Mika (Patchstack Alliance)"
+ }
+ ],
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Auth. CSV Injection vulnerability in Export Users With Meta plugin <= 0.6.8 on WordPress."
}
]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.0.9"
+ },
+ "impact": {
+ "cvss": {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.8,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "LOW",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
+ "version": "3.1"
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CSV Injection"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://patchstack.com/database/vulnerability/user-export-with-their-meta-data/wordpress-export-users-with-meta-plugin-0-6-8-auth-csv-injection-vulnerability?_s_id=cve",
+ "refsource": "CONFIRM",
+ "url": "https://patchstack.com/database/vulnerability/user-export-with-their-meta-data/wordpress-export-users-with-meta-plugin-0-6-8-auth-csv-injection-vulnerability?_s_id=cve"
+ }
+ ]
+ },
+ "source": {
+ "discovery": "EXTERNAL"
}
}
\ No newline at end of file
diff --git a/2022/44xxx/CVE-2022-44591.json b/2022/44xxx/CVE-2022-44591.json
index 7fb508b4a3f..8352038aa7f 100644
--- a/2022/44xxx/CVE-2022-44591.json
+++ b/2022/44xxx/CVE-2022-44591.json
@@ -1,18 +1,100 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
+ "ASSIGNER": "audit@patchstack.com",
+ "DATE_PUBLIC": "2022-11-17T12:53:00.000Z",
"ID": "CVE-2022-44591",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "STATE": "PUBLIC",
+ "TITLE": "WordPress Anthologize plugin <= 0.8.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Anthologize (WordPress plugin)",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "<= 0.8.0",
+ "version_value": "0.8.0"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "One Week | One Tool"
+ }
+ ]
+ }
+ },
+ "credit": [
+ {
+ "lang": "eng",
+ "value": "Vulnerability discovered by Hoang Van Hiep aka sk4rl1ghT (Patchstack Alliance)"
+ }
+ ],
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anthologize plugin <= 0.8.0 on WordPress."
}
]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.0.9"
+ },
+ "impact": {
+ "cvss": {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.8,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "HIGH",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
+ "version": "3.1"
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Cross-site Scripting (XSS)"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://patchstack.com/database/vulnerability/anthologize/wordpress-anthologize-plugin-0-8-0-auth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve",
+ "refsource": "CONFIRM",
+ "url": "https://patchstack.com/database/vulnerability/anthologize/wordpress-anthologize-plugin-0-8-0-auth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve"
+ }
+ ]
+ },
+ "solution": [
+ {
+ "lang": "eng",
+ "value": "Update to 0.8.1 or higher version."
+ }
+ ],
+ "source": {
+ "discovery": "EXTERNAL"
}
}
\ No newline at end of file
diff --git a/2022/44xxx/CVE-2022-44736.json b/2022/44xxx/CVE-2022-44736.json
index c02099cee5a..32064a2ef71 100644
--- a/2022/44xxx/CVE-2022-44736.json
+++ b/2022/44xxx/CVE-2022-44736.json
@@ -1,18 +1,100 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
+ "ASSIGNER": "audit@patchstack.com",
+ "DATE_PUBLIC": "2022-11-17T10:49:00.000Z",
"ID": "CVE-2022-44736",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "STATE": "PUBLIC",
+ "TITLE": "WordPress Chameleon plugin <= 1.4.3 - Auth. Stored Cross-Site Scripting (XSS) vulnerability"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Chameleon (WordPress plugin)",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "<= 1.4.3",
+ "version_value": "1.4.3"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Fahad Mahmood"
+ }
+ ]
+ }
+ },
+ "credit": [
+ {
+ "lang": "eng",
+ "value": "Vulnerability discovered by Hoang Van Hiep aka sk4rl1ghT (Patchstack Alliance)"
+ }
+ ],
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Chameleon plugin <= 1.4.3 on WordPress."
}
]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.0.9"
+ },
+ "impact": {
+ "cvss": {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.8,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "HIGH",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
+ "version": "3.1"
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Cross-site Scripting (XSS)"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://patchstack.com/database/vulnerability/chameleon/wordpress-chameleon-plugin-1-4-3-auth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve",
+ "refsource": "CONFIRM",
+ "url": "https://patchstack.com/database/vulnerability/chameleon/wordpress-chameleon-plugin-1-4-3-auth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve"
+ }
+ ]
+ },
+ "solution": [
+ {
+ "lang": "eng",
+ "value": "Update to 1.4.4 or higher version."
+ }
+ ],
+ "source": {
+ "discovery": "EXTERNAL"
}
}
\ No newline at end of file
diff --git a/2022/45xxx/CVE-2022-45066.json b/2022/45xxx/CVE-2022-45066.json
index e4526c1b4ca..48abf239ae8 100644
--- a/2022/45xxx/CVE-2022-45066.json
+++ b/2022/45xxx/CVE-2022-45066.json
@@ -1,18 +1,94 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
+ "ASSIGNER": "audit@patchstack.com",
+ "DATE_PUBLIC": "2022-11-17T15:35:00.000Z",
"ID": "CVE-2022-45066",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "STATE": "PUBLIC",
+ "TITLE": "WordPress WooSwipe WooCommerce Gallery plugin <= 2.0.1 - Auth. Broken Access Control vulnerability"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "WooSwipe WooCommerce Gallery (WordPress plugin)",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "<= 2.0.1",
+ "version_value": "2.0.1"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Thrive Website Design"
+ }
+ ]
+ }
+ },
+ "credit": [
+ {
+ "lang": "eng",
+ "value": "Vulnerability discovered by Tien Nguyen Anh (Patchstack Alliance)"
+ }
+ ],
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Auth. (subscriber+) Broken Access Control vulnerability in WooSwipe WooCommerce Gallery plugin <= 2.0.1 on WordPress."
}
]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.0.9"
+ },
+ "impact": {
+ "cvss": {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
+ "version": "3.1"
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-264 Permissions, Privileges, and Access Controls"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://patchstack.com/database/vulnerability/wooswipe/wordpress-wooswipe-woocommerce-gallery-plugin-2-0-1-auth-broken-access-control-vulnerability?_s_id=cve",
+ "refsource": "CONFIRM",
+ "url": "https://patchstack.com/database/vulnerability/wooswipe/wordpress-wooswipe-woocommerce-gallery-plugin-2-0-1-auth-broken-access-control-vulnerability?_s_id=cve"
+ }
+ ]
+ },
+ "source": {
+ "discovery": "EXTERNAL"
}
}
\ No newline at end of file
diff --git a/2022/45xxx/CVE-2022-45069.json b/2022/45xxx/CVE-2022-45069.json
index 9b48398ea64..0e01a0877e8 100644
--- a/2022/45xxx/CVE-2022-45069.json
+++ b/2022/45xxx/CVE-2022-45069.json
@@ -1,18 +1,100 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
+ "ASSIGNER": "audit@patchstack.com",
+ "DATE_PUBLIC": "2022-11-17T10:12:00.000Z",
"ID": "CVE-2022-45069",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "STATE": "PUBLIC",
+ "TITLE": "WordPress Crowdsignal Dashboard plugin <= 3.0.9 - Privilege Escalation vulnerability"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Crowdsignal Dashboard \u2013 Polls, Surveys & more (WordPress plugin)",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "<= 3.0.9",
+ "version_value": "3.0.9"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Automattic, Inc."
+ }
+ ]
+ }
+ },
+ "credit": [
+ {
+ "lang": "eng",
+ "value": "Vulnerability discovered by Nosa \"apapedulimu\" Shandy (Patchstack Alliance)"
+ }
+ ],
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Auth. (contributor+) Privilege Escalation vulnerability in Crowdsignal Dashboard plugin <= 3.0.9 on WordPress."
}
]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.0.9"
+ },
+ "impact": {
+ "cvss": {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.3,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "version": "3.1"
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-264 Permissions, Privileges, and Access Controls"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://patchstack.com/database/vulnerability/polldaddy/wordpress-crowdsignal-dashboard-plugin-3-0-9-privilege-escalation-vulnerability?_s_id=cve",
+ "refsource": "CONFIRM",
+ "url": "https://patchstack.com/database/vulnerability/polldaddy/wordpress-crowdsignal-dashboard-plugin-3-0-9-privilege-escalation-vulnerability?_s_id=cve"
+ }
+ ]
+ },
+ "solution": [
+ {
+ "lang": "eng",
+ "value": "Update to 3.0.10 or higher version."
+ }
+ ],
+ "source": {
+ "discovery": "EXTERNAL"
}
}
\ No newline at end of file
diff --git a/2022/45xxx/CVE-2022-45077.json b/2022/45xxx/CVE-2022-45077.json
index 7dbeff490c1..e81d02c9f3b 100644
--- a/2022/45xxx/CVE-2022-45077.json
+++ b/2022/45xxx/CVE-2022-45077.json
@@ -1,18 +1,105 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
+ "ASSIGNER": "audit@patchstack.com",
+ "DATE_PUBLIC": "2022-11-17T13:37:00.000Z",
"ID": "CVE-2022-45077",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "STATE": "PUBLIC",
+ "TITLE": "WordPress Betheme theme <= 26.5.1.4 - Auth. PHP Object Injection vulnerability"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Betheme (WordPress theme)",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "<= 26.5.1.4",
+ "version_value": "26.5.1.4"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Muffingroup"
+ }
+ ]
+ }
+ },
+ "credit": [
+ {
+ "lang": "eng",
+ "value": "Vulnerability discovered by Dave Jong (Patchstack)"
+ }
+ ],
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Auth. (subscriber+) PHP Object Injection vulnerability in Betheme theme <= 26.5.1.4 on WordPress."
}
]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.0.9"
+ },
+ "impact": {
+ "cvss": {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.3,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "version": "3.1"
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "PHP Object Injection"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://patchstack.com/database/vulnerability/betheme/wordpress-betheme-theme-26-5-1-4-auth-php-object-injection-vulnerability?_s_id=cve",
+ "refsource": "CONFIRM",
+ "url": "https://patchstack.com/database/vulnerability/betheme/wordpress-betheme-theme-26-5-1-4-auth-php-object-injection-vulnerability?_s_id=cve"
+ },
+ {
+ "name": "https://themeforest.net/item/betheme-responsive-multipurpose-wordpress-theme/7758048",
+ "refsource": "CONFIRM",
+ "url": "https://themeforest.net/item/betheme-responsive-multipurpose-wordpress-theme/7758048"
+ }
+ ]
+ },
+ "solution": [
+ {
+ "lang": "eng",
+ "value": "Update to 26.6 or higher version."
+ }
+ ],
+ "source": {
+ "discovery": "EXTERNAL"
}
}
\ No newline at end of file
diff --git a/2022/45xxx/CVE-2022-45375.json b/2022/45xxx/CVE-2022-45375.json
index 8486fd56beb..8137bbc2570 100644
--- a/2022/45xxx/CVE-2022-45375.json
+++ b/2022/45xxx/CVE-2022-45375.json
@@ -1,18 +1,94 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
+ "ASSIGNER": "audit@patchstack.com",
+ "DATE_PUBLIC": "2022-11-17T16:35:00.000Z",
"ID": "CVE-2022-45375",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "STATE": "PUBLIC",
+ "TITLE": "WordPress iFeature Slider plugin <= 1.2 - Auth. Stored Cross-Site Scripting (XSS) vulnerability"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "iFeature Slider (WordPress plugin)",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "<= 1.2",
+ "version_value": "1.2"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "CyberChimps inc."
+ }
+ ]
+ }
+ },
+ "credit": [
+ {
+ "lang": "eng",
+ "value": "Vulnerability discovered by Ngo Van Thien (Patchstack Alliance)"
+ }
+ ],
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Auth. Stored Cross-Site Scripting (XSS) vulnerability in iFeature Slider plugin <= 1.2 on WordPress."
}
]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.0.9"
+ },
+ "impact": {
+ "cvss": {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "LOW",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "version": "3.1"
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Cross-site Scripting (XSS)"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://patchstack.com/database/vulnerability/ifeature-slider/wordpress-ifeature-slider-plugin-1-2-auth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve",
+ "refsource": "CONFIRM",
+ "url": "https://patchstack.com/database/vulnerability/ifeature-slider/wordpress-ifeature-slider-plugin-1-2-auth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve"
+ }
+ ]
+ },
+ "source": {
+ "discovery": "EXTERNAL"
}
}
\ No newline at end of file
diff --git a/2023/21xxx/CVE-2023-21519.json b/2023/21xxx/CVE-2023-21519.json
new file mode 100644
index 00000000000..70c70be343e
--- /dev/null
+++ b/2023/21xxx/CVE-2023-21519.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-21519",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/21xxx/CVE-2023-21520.json b/2023/21xxx/CVE-2023-21520.json
new file mode 100644
index 00000000000..75147b9767e
--- /dev/null
+++ b/2023/21xxx/CVE-2023-21520.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-21520",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/21xxx/CVE-2023-21521.json b/2023/21xxx/CVE-2023-21521.json
new file mode 100644
index 00000000000..b6e4a5278c6
--- /dev/null
+++ b/2023/21xxx/CVE-2023-21521.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-21521",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/21xxx/CVE-2023-21522.json b/2023/21xxx/CVE-2023-21522.json
new file mode 100644
index 00000000000..8adf721e651
--- /dev/null
+++ b/2023/21xxx/CVE-2023-21522.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-21522",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/21xxx/CVE-2023-21523.json b/2023/21xxx/CVE-2023-21523.json
new file mode 100644
index 00000000000..bdc32f1acd3
--- /dev/null
+++ b/2023/21xxx/CVE-2023-21523.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-21523",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file