diff --git a/2022/24xxx/CVE-2022-24669.json b/2022/24xxx/CVE-2022-24669.json index a68c7078a68..10de12d23f9 100644 --- a/2022/24xxx/CVE-2022-24669.json +++ b/2022/24xxx/CVE-2022-24669.json @@ -1,18 +1,112 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@forgerock.com", + "DATE_PUBLIC": "2022-10-20T15:33:00.000Z", "ID": "CVE-2022-24669", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Anonymous users can register / de-register for configuration change notifications" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Access Management", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "6.5.5" + }, + { + "version_affected": "<", + "version_value": "7.1.2" + }, + { + "version_affected": "<", + "version_value": "7.2.0" + } + ] + } + } + ] + }, + "vendor_name": "ForgeRock" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "It may be possible to gain some details of the deployment through a well-crafted attack. This may allow that data to be used to probe internal network services." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://backstage.forgerock.com/knowledge/kb/article/a90639318", + "name": "https://backstage.forgerock.com/knowledge/kb/article/a90639318" + }, + { + "refsource": "MISC", + "url": "https://backstage.forgerock.com/downloads/browse/am/featured", + "name": "https://backstage.forgerock.com/downloads/browse/am/featured" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Upgrade to the latest versions." + } + ], + "source": { + "advisory": "202204", + "defect": [ + "https://bugster.forgerock.org/jira/browse/OPENAM-18367", + "(not", + "public)" + ], + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/24xxx/CVE-2022-24670.json b/2022/24xxx/CVE-2022-24670.json index 0bd4c3fcce6..a358b475f9e 100644 --- a/2022/24xxx/CVE-2022-24670.json +++ b/2022/24xxx/CVE-2022-24670.json @@ -1,18 +1,112 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@forgerock.com", + "DATE_PUBLIC": "2022-10-20T15:33:00.000Z", "ID": "CVE-2022-24670", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Any user can run unrestricted LDAP queries against a configuration endpoint" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Access Management", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "6.5.5" + }, + { + "version_affected": "<", + "version_value": "7.1.2" + }, + { + "version_affected": "<", + "version_value": "7.2.0" + } + ] + } + } + ] + }, + "vendor_name": "ForgeRock" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An attacker can use the unrestricted LDAP queries to determine configuration entries" } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Information Exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://backstage.forgerock.com/knowledge/kb/article/a90639318", + "name": "https://backstage.forgerock.com/knowledge/kb/article/a90639318" + }, + { + "refsource": "MISC", + "url": "https://backstage.forgerock.com/downloads/browse/am/featured", + "name": "https://backstage.forgerock.com/downloads/browse/am/featured" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Upgrade to the latest versions." + } + ], + "source": { + "advisory": "202204", + "defect": [ + "https://bugster.forgerock.org/jira/browse/OPENAM-18368", + "(not", + "public)" + ], + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3527.json b/2022/3xxx/CVE-2022-3527.json index 1636f988625..49019a48889 100644 --- a/2022/3xxx/CVE-2022-3527.json +++ b/2022/3xxx/CVE-2022-3527.json @@ -1,12 +1,12 @@ { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "cna@vuldb.com", "ID": "CVE-2022-3527", + "ASSIGNER": "cve@mitre.org", "STATE": "REJECT" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -15,4 +15,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3528.json b/2022/3xxx/CVE-2022-3528.json index f0ab2e701d7..bf865212c97 100644 --- a/2022/3xxx/CVE-2022-3528.json +++ b/2022/3xxx/CVE-2022-3528.json @@ -1,12 +1,12 @@ { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "cna@vuldb.com", "ID": "CVE-2022-3528", + "ASSIGNER": "cve@mitre.org", "STATE": "REJECT" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -15,4 +15,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3529.json b/2022/3xxx/CVE-2022-3529.json index 28854c458d9..a7196891bcf 100644 --- a/2022/3xxx/CVE-2022-3529.json +++ b/2022/3xxx/CVE-2022-3529.json @@ -1,12 +1,12 @@ { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "cna@vuldb.com", "ID": "CVE-2022-3529", + "ASSIGNER": "cve@mitre.org", "STATE": "REJECT" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -15,4 +15,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3530.json b/2022/3xxx/CVE-2022-3530.json index 8ba274a121d..a77f2c5aecf 100644 --- a/2022/3xxx/CVE-2022-3530.json +++ b/2022/3xxx/CVE-2022-3530.json @@ -1,12 +1,12 @@ { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "cna@vuldb.com", "ID": "CVE-2022-3530", + "ASSIGNER": "cve@mitre.org", "STATE": "REJECT" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -15,4 +15,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3593.json b/2022/3xxx/CVE-2022-3593.json index 6b16a1bc952..73a82d21868 100644 --- a/2022/3xxx/CVE-2022-3593.json +++ b/2022/3xxx/CVE-2022-3593.json @@ -1,12 +1,12 @@ { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "cna@vuldb.com", "ID": "CVE-2022-3593", + "ASSIGNER": "cve@mitre.org", "STATE": "REJECT" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -15,4 +15,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3725.json b/2022/3xxx/CVE-2022-3725.json index 2e601904821..bfa591acb3d 100644 --- a/2022/3xxx/CVE-2022-3725.json +++ b/2022/3xxx/CVE-2022-3725.json @@ -4,15 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3725", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wireshark Foundation", + "product": { + "product_data": [ + { + "product_name": "Wireshark", + "version": { + "version_data": [ + { + "version_value": ">=3.6.0, <3.6.8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer copy without checking size of input ('classic buffer overflow') in Wireshark" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.wireshark.org/security/wnpa-sec-2022-07.html", + "url": "https://www.wireshark.org/security/wnpa-sec-2022-07.html", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/wireshark/wireshark/-/issues/18378", + "url": "https://gitlab.com/wireshark/wireshark/-/issues/18378", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3725.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3725.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file" } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1", + "baseScore": 6.2, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Qiuhao Li of Zoom Video Communications, Inc." + } + ] } \ No newline at end of file diff --git a/2022/40xxx/CVE-2022-40183.json b/2022/40xxx/CVE-2022-40183.json index 365ef15837f..7bdd53ab23c 100644 --- a/2022/40xxx/CVE-2022-40183.json +++ b/2022/40xxx/CVE-2022-40183.json @@ -4,15 +4,80 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-40183", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@bosch.com", + "TITLE": "Reflected Cross Site Scripting (XSS) in VIDEOJET multi 4000", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Bosch", + "product": { + "product_data": [ + { + "product_name": "VIDEOJET multi 4000", + "version": { + "version_data": [ + { + "version_value": "6.31.0010", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.8, + "baseSeverity": "MEDIUM" + } + }, + "references": { + "reference_data": [ + { + "url": "https://psirt.bosch.com/security-advisories/bosch-sa-454166-bt.html", + "name": "https://psirt.bosch.com/security-advisories/bosch-sa-454166-bt.html", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An error in the URL handler of the VIDEOJET multi 4000 may lead to a reflected cross site scripting (XSS) in the web-based interface. An attacker with knowledge of the encoder address can send a crafted link to a user, which will execute JavaScript code in the context of the user." } ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/40xxx/CVE-2022-40184.json b/2022/40xxx/CVE-2022-40184.json index 83c40e47bbb..b935dd4b743 100644 --- a/2022/40xxx/CVE-2022-40184.json +++ b/2022/40xxx/CVE-2022-40184.json @@ -4,15 +4,80 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-40184", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@bosch.com", + "TITLE": "Stored Cross Site Scripting (XSS) in VIDEOJET multi 4000", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Bosch", + "product": { + "product_data": [ + { + "product_name": "VIDEOJET multi 4000", + "version": { + "version_data": [ + { + "version_value": "6.31.0010", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.1, + "baseSeverity": "MEDIUM" + } + }, + "references": { + "reference_data": [ + { + "url": "https://psirt.bosch.com/security-advisories/bosch-sa-454166-bt.html", + "name": "https://psirt.bosch.com/security-advisories/bosch-sa-454166-bt.html", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incomplete filtering of JavaScript code in different configuration fields of the web based interface of the VIDEOJET multi 4000 allows an attacker with administrative credentials to store JavaScript code which will be executed for all administrators accessing the same configuration option." } ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41996.json b/2022/41xxx/CVE-2022-41996.json index b4651242f8b..39f4146068f 100644 --- a/2022/41xxx/CVE-2022-41996.json +++ b/2022/41xxx/CVE-2022-41996.json @@ -1,18 +1,110 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-10-20T14:08:00.000Z", "ID": "CVE-2022-41996", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress Avada premium theme <= 7.8.1 - Cross-Site Request Forgery (CSRF) vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Avada (premium WordPress theme)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 7.8.1", + "version_value": "7.8.1" + } + ] + } + } + ] + }, + "vendor_name": "ThemeFusion" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Dave Jong (Patchstack)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada premium theme versions <= 7.8.1 on WordPress leading to arbitrary plugin installation/activation." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://patchstack.com/database/vulnerability/avada/wordpress-avada-premium-theme-7-8-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/avada/wordpress-avada-premium-theme-7-8-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + }, + { + "name": "https://theme-fusion.com/documentation-assets/avada/changelog.txt", + "refsource": "CONFIRM", + "url": "https://theme-fusion.com/documentation-assets/avada/changelog.txt" + }, + { + "name": "https://themeforest.net/item/avada-responsive-multipurpose-theme/2833226", + "refsource": "CONFIRM", + "url": "https://themeforest.net/item/avada-responsive-multipurpose-theme/2833226" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to 7.8.2 or higher version." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file