From f666a164a53d3f7d97b71a0d0ac2475bdfbbb24e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 26 Dec 2022 05:00:55 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/44xxx/CVE-2021-44854.json | 56 +++++++++++++++++++++++++++---- 2021/44xxx/CVE-2021-44855.json | 56 +++++++++++++++++++++++++++---- 2021/45xxx/CVE-2021-45467.json | 61 ++++++++++++++++++++++++++++++---- 2022/24xxx/CVE-2022-24116.json | 56 +++++++++++++++++++++++++++---- 2022/24xxx/CVE-2022-24117.json | 56 +++++++++++++++++++++++++++---- 5 files changed, 255 insertions(+), 30 deletions(-) diff --git a/2021/44xxx/CVE-2021-44854.json b/2021/44xxx/CVE-2021-44854.json index 967069d1657..0998edfed77 100644 --- a/2021/44xxx/CVE-2021-44854.json +++ b/2021/44xxx/CVE-2021-44854.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-44854", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-44854", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://phabricator.wikimedia.org/T292763", + "url": "https://phabricator.wikimedia.org/T292763" } ] } diff --git a/2021/44xxx/CVE-2021-44855.json b/2021/44xxx/CVE-2021-44855.json index 9a34db11cf6..cc43e59c058 100644 --- a/2021/44xxx/CVE-2021-44855.json +++ b/2021/44xxx/CVE-2021-44855.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-44855", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-44855", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. There is Blind Stored XSS via a URL to the Upload Image feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://phabricator.wikimedia.org/T293589", + "url": "https://phabricator.wikimedia.org/T293589" } ] } diff --git a/2021/45xxx/CVE-2021-45467.json b/2021/45xxx/CVE-2021-45467.json index bd6a49b7431..a5cc401310f 100644 --- a/2021/45xxx/CVE-2021-45467.json +++ b/2021/45xxx/CVE-2021-45467.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-45467", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-45467", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, an unauthenticated attacker can use %00 bytes to cause /user/loader.php to register an arbitrary API key, as demonstrated by a /user/loader.php?api=1&scripts= .%00./.%00./api/account_new_create&acc=guadaapi URI. Any number of %00 instances can be used, e.g., .%00%00%00./.%00%00%00./api/account_new_create could also be used for the scripts parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://control-webpanel.com/changelog", + "refsource": "MISC", + "name": "https://control-webpanel.com/changelog" + }, + { + "refsource": "MISC", + "name": "https://octagon.net/blog/2022/01/22/cve-2021-45467-cwp-centos-web-panel-preauth-rce/", + "url": "https://octagon.net/blog/2022/01/22/cve-2021-45467-cwp-centos-web-panel-preauth-rce/" } ] } diff --git a/2022/24xxx/CVE-2022-24116.json b/2022/24xxx/CVE-2022-24116.json index 6acb2f30c47..061b3567511 100644 --- a/2022/24xxx/CVE-2022-24116.json +++ b/2022/24xxx/CVE-2022-24116.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-24116", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-24116", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain General Electric Renewable Energy products have inadequate encryption strength. This affects iNET and iNET II before 8.3.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06" } ] } diff --git a/2022/24xxx/CVE-2022-24117.json b/2022/24xxx/CVE-2022-24117.json index d1ac867aa57..a08c0d52dc4 100644 --- a/2022/24xxx/CVE-2022-24117.json +++ b/2022/24xxx/CVE-2022-24117.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-24117", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-24117", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06" } ] }