diff --git a/2021/41xxx/CVE-2021-41924.json b/2021/41xxx/CVE-2021-41924.json index 131fcfc6c74..e266b5504dd 100644 --- a/2021/41xxx/CVE-2021-41924.json +++ b/2021/41xxx/CVE-2021-41924.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-41924", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-41924", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Webkul krayin crm before 1.2.2 is vulnerable to Cross Site Scripting (XSS)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/krayin/laravel-crm/pull/195/commits/882dc2e7e7e9149b96cf1ccacf34900960b92fb7", + "url": "https://github.com/krayin/laravel-crm/pull/195/commits/882dc2e7e7e9149b96cf1ccacf34900960b92fb7" } ] } diff --git a/2022/1xxx/CVE-2022-1596.json b/2022/1xxx/CVE-2022-1596.json index 3395afe6cec..07fa4bd87c0 100644 --- a/2022/1xxx/CVE-2022-1596.json +++ b/2022/1xxx/CVE-2022-1596.json @@ -1,18 +1,121 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cybersecurity@ch.abb.com", + "DATE_PUBLIC": "2022-06-21T12:22:00.000Z", "ID": "CVE-2022-1596", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "ABB Relion REX640 Insufficient file access control" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "REX640 PCL1", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "1.0.7" + } + ] + } + }, + { + "product_name": "REX640 PCL2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "1.1.4" + } + ] + } + }, + { + "product_name": "REX640 PCL3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "1.2.1" + } + ] + } + } + ] + }, + "vendor_name": "ABB" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "ABB thanks Paul Mader and Gianluca Raberger of VERBUND AG's OT Cyber Security Lab for helping to identify the vulnerabilities and protecting our customers." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file and try to take control of an affected system node." } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-732 Incorrect Permission Assignment for Critical Resource" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001421", + "name": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001421" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + }, + "work_around": [ + { + "lang": "eng", + "value": "Although these workarounds will not correct the underlying vulnerability, they can help blocking known \nattack vectors. \n\u2022 Limit the HTTP(s) and FTP(S) to a local network by a firewall\n\u2022 Use a next generation (OSI layer 7) firewall for blocking the traffic to the userdb.xml file\n\u2022 Disable remote WHMI and FTP(S) and use local HMI only" + } + ] } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1665.json b/2022/1xxx/CVE-2022-1665.json index 890b25a2709..70c639d6f0c 100644 --- a/2022/1xxx/CVE-2022-1665.json +++ b/2022/1xxx/CVE-2022-1665.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-1665", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux", + "version": { + "version_data": [ + { + "version_value": "8.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1291" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2089529", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089529" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A set of pre-production kernel packages of Red Hat Enterprise Linux for IBM Power architecture can be booted by the grub in Secure Boot mode even though it shouldn't. These kernel builds don't have the secure boot lockdown patches applied to it and can bypass the secure boot validations, allowing the attacker to load another non-trusted code." } ] } diff --git a/2022/1xxx/CVE-2022-1833.json b/2022/1xxx/CVE-2022-1833.json index 0eeafe0e69c..41468ca9ddb 100644 --- a/2022/1xxx/CVE-2022-1833.json +++ b/2022/1xxx/CVE-2022-1833.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-1833", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "AMQ Broker Operator", + "version": { + "version_data": [ + { + "version_value": "AMQ Broker Operator 7.9.4 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-276" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2089406#c4", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089406#c4" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in AMQ Broker Operator 7.9.4 installed via UI using OperatorHub where a low-privilege user that has access to the namespace where the AMQ Operator is deployed has access to clusterwide edit rights by checking the secrets. The service account used for building the Operator gives more permission than expected and an attacker could benefit from it. This requires at least an already compromised low-privilege account or insider attack." } ] } diff --git a/2022/22xxx/CVE-2022-22979.json b/2022/22xxx/CVE-2022-22979.json index 471385b47a3..33601cac13a 100644 --- a/2022/22xxx/CVE-2022-22979.json +++ b/2022/22xxx/CVE-2022-22979.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22979", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Spring Cloud Function", + "version": { + "version_data": [ + { + "version_value": "Spring Cloud Function (prior to 3.2.6)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial-of-service vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://tanzu.vmware.com/security/cve-2022-22979", + "url": "https://tanzu.vmware.com/security/cve-2022-22979" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework." } ] } diff --git a/2022/23xxx/CVE-2022-23171.json b/2022/23xxx/CVE-2022-23171.json index 0bab1a70729..73b0314d47c 100644 --- a/2022/23xxx/CVE-2022-23171.json +++ b/2022/23xxx/CVE-2022-23171.json @@ -1,18 +1,103 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cna@cyber.gov.il", + "DATE_PUBLIC": "2022-06-20T05:56:00.000Z", "ID": "CVE-2022-23171", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "AtlasVPN - Privilege Escalation" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AtlasVPN", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "2.4.0", + "version_value": "2.4.2" + } + ] + } + } + ] + }, + "vendor_name": "AtlasVPN" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Alex Katziv" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "AtlasVPN - Privilege Escalation Lack of proper security controls on named pipe messages can allow an attacker with low privileges to send a malicious payload and gain SYSTEM permissions on a windows computer where the AtlasVPN client is installed." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.gov.il/en/departments/faq/cve_advisories", + "name": "https://www.gov.il/en/departments/faq/cve_advisories" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update version 2.4.2 of the Windows app." + } + ], + "source": { + "defect": [ + "ILVN-2022-0026" + ], + "discovery": "USER" } } \ No newline at end of file diff --git a/2022/24xxx/CVE-2022-24946.json b/2022/24xxx/CVE-2022-24946.json index 585c6076212..f78b022b6ce 100644 --- a/2022/24xxx/CVE-2022-24946.json +++ b/2022/24xxx/CVE-2022-24946.json @@ -66,8 +66,8 @@ }, { "refsource": "MISC", - "name": "https://jvn.jp/vu/JVNVU#90895626/index.html", - "url": "https://jvn.jp/vu/JVNVU#90895626/index.html" + "name": "https://jvn.jp/vu/JVNVU90895626/index.html", + "url": "https://jvn.jp/vu/JVNVU90895626/index.html" } ] }, diff --git a/2022/25xxx/CVE-2022-25788.json b/2022/25xxx/CVE-2022-25788.json index 7baf6b7beab..e77768940d9 100644 --- a/2022/25xxx/CVE-2022-25788.json +++ b/2022/25xxx/CVE-2022-25788.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_value": "2022, 2021, 2020, 2019" + "version_value": "2022.1.1" } ] } @@ -36,7 +36,7 @@ "description": [ { "lang": "eng", - "value": "BufferOverflow Write" + "value": "Out-of-bound Write" } ] } diff --git a/2022/26xxx/CVE-2022-26147.json b/2022/26xxx/CVE-2022-26147.json index 7a72c4748f8..0c061f70cce 100644 --- a/2022/26xxx/CVE-2022-26147.json +++ b/2022/26xxx/CVE-2022-26147.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-26147", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-26147", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Quectel RG502Q-EA modem before 2022-02-23 allow OS Command Injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://nns.ee/blog/2022/06/21/modem-rce2.html", + "url": "https://nns.ee/blog/2022/06/21/modem-rce2.html" } ] } diff --git a/2022/27xxx/CVE-2022-27867.json b/2022/27xxx/CVE-2022-27867.json index 918a87a8edd..ef69c2f6e40 100644 --- a/2022/27xxx/CVE-2022-27867.json +++ b/2022/27xxx/CVE-2022-27867.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-27867", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Autodesk Inventor, Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D", + "version": { + "version_data": [ + { + "version_value": "2022, 2021, 2020, 2019" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A maliciously crafted JT file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution." } ] } diff --git a/2022/27xxx/CVE-2022-27868.json b/2022/27xxx/CVE-2022-27868.json index 58754f1c10d..6897f301155 100644 --- a/2022/27xxx/CVE-2022-27868.json +++ b/2022/27xxx/CVE-2022-27868.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-27868", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D", + "version": { + "version_data": [ + { + "version_value": "2023" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A maliciously crafted CAT file in Autodesk AutoCAD 2023 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution." } ] } diff --git a/2022/27xxx/CVE-2022-27869.json b/2022/27xxx/CVE-2022-27869.json index a5e490e8ded..6f08123fa29 100644 --- a/2022/27xxx/CVE-2022-27869.json +++ b/2022/27xxx/CVE-2022-27869.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-27869", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D", + "version": { + "version_data": [ + { + "version_value": "2023" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bound Read Vulnerability " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A maliciously crafted TIFF file in Autodesk AutoCAD 2023 can be forced to read and write beyond allocated boundaries when parsing the TIFF file. This vulnerability can be exploited to execute arbitrary code." } ] } diff --git a/2022/27xxx/CVE-2022-27870.json b/2022/27xxx/CVE-2022-27870.json index 2ba09f8d4d2..d4aec5ca893 100644 --- a/2022/27xxx/CVE-2022-27870.json +++ b/2022/27xxx/CVE-2022-27870.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-27870", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D", + "version": { + "version_data": [ + { + "version_value": "2023" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bound Write Vulnerability " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A maliciously crafted TGA file in Autodesk AutoCAD 2023 may be used to write beyond the allocated buffer while parsing TGA file. This vulnerability may be exploited to execute arbitrary code." } ] } diff --git a/2022/27xxx/CVE-2022-27871.json b/2022/27xxx/CVE-2022-27871.json index 832ec979b4c..2950dc95836 100644 --- a/2022/27xxx/CVE-2022-27871.json +++ b/2022/27xxx/CVE-2022-27871.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-27871", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Autodesk AutoCAD product suite, Revit, Design Review and Navisworks", + "version": { + "version_data": [ + { + "version_value": "2022, 2021, 2020,2019" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap-based Buffer Overflow vul" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0011", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0011" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write beyond the allocated buffer while parsing PDF files. This vulnerability may be exploited to execute arbitrary code." } ] } diff --git a/2022/27xxx/CVE-2022-27872.json b/2022/27xxx/CVE-2022-27872.json index ae6755765e3..8db5d49e3aa 100644 --- a/2022/27xxx/CVE-2022-27872.json +++ b/2022/27xxx/CVE-2022-27872.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-27872", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Navisworks", + "version": { + "version_data": [ + { + "version_value": "2022" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted Pointer Dereference vuln" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0011", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0011" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A maliciously crafted PDF file may be used to dereference a pointer for read or write operation while parsing PDF files in Autodesk Navisworks 2022. The vulnerability exists because the application fails to handle a crafted PDF file, which causes an unhandled exception. An attacker can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code." } ] } diff --git a/2022/28xxx/CVE-2022-28774.json b/2022/28xxx/CVE-2022-28774.json index b65d7778e75..2041062a1b8 100644 --- a/2022/28xxx/CVE-2022-28774.json +++ b/2022/28xxx/CVE-2022-28774.json @@ -52,7 +52,7 @@ "description": [ { "lang": "eng", - "value": "CWE-200" + "value": "CWE-532, CWE-522" } ] } diff --git a/2022/2xxx/CVE-2022-2150.json b/2022/2xxx/CVE-2022-2150.json new file mode 100644 index 00000000000..1e1514e36c7 --- /dev/null +++ b/2022/2xxx/CVE-2022-2150.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2150", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2151.json b/2022/2xxx/CVE-2022-2151.json new file mode 100644 index 00000000000..d6925fe09f2 --- /dev/null +++ b/2022/2xxx/CVE-2022-2151.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2151", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2152.json b/2022/2xxx/CVE-2022-2152.json new file mode 100644 index 00000000000..c92c8b6c17b --- /dev/null +++ b/2022/2xxx/CVE-2022-2152.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2152", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2153.json b/2022/2xxx/CVE-2022-2153.json new file mode 100644 index 00000000000..56d5375819e --- /dev/null +++ b/2022/2xxx/CVE-2022-2153.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2153", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/30xxx/CVE-2022-30874.json b/2022/30xxx/CVE-2022-30874.json index e65d1f5d658..a4dd04ef738 100644 --- a/2022/30xxx/CVE-2022-30874.json +++ b/2022/30xxx/CVE-2022-30874.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-30874", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-30874", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a Cross Site Scripting Stored (XSS) vulnerability in NukeViet CMS before 4.5.02." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/nukeviet/nukeviet", + "refsource": "MISC", + "name": "https://github.com/nukeviet/nukeviet" } ] } diff --git a/2022/31xxx/CVE-2022-31786.json b/2022/31xxx/CVE-2022-31786.json index cda14a2cad2..9e722117f36 100644 --- a/2022/31xxx/CVE-2022-31786.json +++ b/2022/31xxx/CVE-2022-31786.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-31786", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-31786", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IdeaLMS 2022 allows reflected Cross Site Scripting (XSS) via the IdeaLMS/Class/Assessment/ PATH_INFO." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gist.github.com/RNPG/e10524f1781a9981b50fb27bb473b0fe", + "url": "https://gist.github.com/RNPG/e10524f1781a9981b50fb27bb473b0fe" } ] } diff --git a/2022/32xxx/CVE-2022-32973.json b/2022/32xxx/CVE-2022-32973.json index e5f39b0f706..373c8374825 100644 --- a/2022/32xxx/CVE-2022-32973.json +++ b/2022/32xxx/CVE-2022-32973.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-32973", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Nessus", + "version": { + "version_data": [ + { + "version_value": "Nessus 10.1.X and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/tns-2022-11", + "url": "https://www.tenable.com/security/tns-2022-11" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges." } ] } diff --git a/2022/32xxx/CVE-2022-32974.json b/2022/32xxx/CVE-2022-32974.json index 46cfa03b1e0..0f8d7403ef5 100644 --- a/2022/32xxx/CVE-2022-32974.json +++ b/2022/32xxx/CVE-2022-32974.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-32974", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Nessus", + "version": { + "version_data": [ + { + "version_value": "Nessus 10.1.X and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary File Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/tns-2022-11", + "url": "https://www.tenable.com/security/tns-2022-11" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials." } ] } diff --git a/2022/33xxx/CVE-2022-33995.json b/2022/33xxx/CVE-2022-33995.json index 29d95bb6f36..b2f708eff6f 100644 --- a/2022/33xxx/CVE-2022-33995.json +++ b/2022/33xxx/CVE-2022-33995.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-33995", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-33995", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A path traversal issue in entry attachments in Devolutions Remote Desktop Manager before 2022.2 allows attackers to create or overwrite files in an arbitrary location." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://devolutions.net", + "refsource": "MISC", + "name": "https://devolutions.net" } ] } diff --git a/2022/34xxx/CVE-2022-34008.json b/2022/34xxx/CVE-2022-34008.json index 4df85683116..4a838a2376f 100644 --- a/2022/34xxx/CVE-2022-34008.json +++ b/2022/34xxx/CVE-2022-34008.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-34008", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-34008", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Comodo Antivirus 12.2.2.8012 has a quarantine flaw that allows privilege escalation. To escalate privilege, a low-privileged attacker can use an NTFS directory junction to restore a malicious DLL from quarantine into the System32 folder." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://antivirus.comodo.com/", + "refsource": "MISC", + "name": "https://antivirus.comodo.com/" + }, + { + "refsource": "MISC", + "name": "https://r0h1rr1m.medium.com/comodo-antivirus-local-privilege-escalation-through-insecure-file-move-476a4601d9b8", + "url": "https://r0h1rr1m.medium.com/comodo-antivirus-local-privilege-escalation-through-insecure-file-move-476a4601d9b8" } ] }