diff --git a/2021/30xxx/CVE-2021-30490.json b/2021/30xxx/CVE-2021-30490.json index d141ec2e189..fe4b4ff3a50 100644 --- a/2021/30xxx/CVE-2021-30490.json +++ b/2021/30xxx/CVE-2021-30490.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-30490", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-30490", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "upsMonitor in ViewPower (aka ViewPowerHTML) 1.04-21012 through 1.04-21353 has insecure permissions for the service binary that enable an Authenticated User to modify files, allowing for privilege escalation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.power-software-download.com/viewpower.html", + "refsource": "MISC", + "name": "https://www.power-software-download.com/viewpower.html" + }, + { + "refsource": "MISC", + "name": "https://www.0x90.zone/binary/reverse/exploitation/2020/08/16/Privilege-Escalation-ViewPower.html", + "url": "https://www.0x90.zone/binary/reverse/exploitation/2020/08/16/Privilege-Escalation-ViewPower.html" } ] } diff --git a/2022/29xxx/CVE-2022-29959.json b/2022/29xxx/CVE-2022-29959.json index fd9bf856cf1..3e43dd0fe70 100644 --- a/2022/29xxx/CVE-2022-29959.json +++ b/2022/29xxx/CVE-2022-29959.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-29959", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-29959", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Emerson OpenBSI through 2022-04-29 mishandles credential storage. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. This environment provides access control functionality through user authentication and privilege management. The credentials for various users are stored insecurely in the SecUsers.ini file by using a simple string transformation rather than a cryptographic mechanism." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.forescout.com/blog/", + "refsource": "MISC", + "name": "https://www.forescout.com/blog/" + }, + { + "refsource": "MISC", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-221-03", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-221-03" } ] } diff --git a/2022/29xxx/CVE-2022-29960.json b/2022/29xxx/CVE-2022-29960.json index 805fd7c5058..2d5906e629d 100644 --- a/2022/29xxx/CVE-2022-29960.json +++ b/2022/29xxx/CVE-2022-29960.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03" + }, + { + "refsource": "MISC", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-221-03", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-221-03" } ] } diff --git a/2022/30xxx/CVE-2022-30264.json b/2022/30xxx/CVE-2022-30264.json index ad15f828a5c..faa7db969ad 100644 --- a/2022/30xxx/CVE-2022-30264.json +++ b/2022/30xxx/CVE-2022-30264.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-30264", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-30264", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Emerson ROC and FloBoss RTU product lines through 2022-05-02 perform insecure filesystem operations. They utilize the ROC protocol (4000/TCP, 5000/TCP) for communications between a master terminal and RTUs. Opcode 203 of this protocol allows a master terminal to transfer files to and from the flash filesystem and carrying out arbitrary file and directory read, write, and delete operations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.forescout.com/blog/", + "refsource": "MISC", + "name": "https://www.forescout.com/blog/" + }, + { + "refsource": "MISC", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-223-04", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-223-04" } ] } diff --git a/2022/36xxx/CVE-2022-36272.json b/2022/36xxx/CVE-2022-36272.json index 11ca295e7f6..83c2970d5a5 100644 --- a/2022/36xxx/CVE-2022-36272.json +++ b/2022/36xxx/CVE-2022-36272.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-36272", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-36272", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ming-soft/MCMS/issues/97", + "refsource": "MISC", + "name": "https://github.com/ming-soft/MCMS/issues/97" } ] } diff --git a/2022/36xxx/CVE-2022-36273.json b/2022/36xxx/CVE-2022-36273.json index ee59a594400..ab2e266306f 100644 --- a/2022/36xxx/CVE-2022-36273.json +++ b/2022/36xxx/CVE-2022-36273.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-36273", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-36273", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC9 V15.03.2.21_cn is vulnerable to command injection via goform/SetSysTimeCfg." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/F0und-icu/CVEIDs/tree/main/TendaAC9", + "refsource": "MISC", + "name": "https://github.com/F0und-icu/CVEIDs/tree/main/TendaAC9" } ] } diff --git a/2022/36xxx/CVE-2022-36530.json b/2022/36xxx/CVE-2022-36530.json index dd54bcf712e..5781485d737 100644 --- a/2022/36xxx/CVE-2022-36530.json +++ b/2022/36xxx/CVE-2022-36530.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-36530", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-36530", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in rageframe2 2.6.37. There is a XSS vulnerability in the user agent related parameters of the info.php page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/jianyan74/rageframe2", + "refsource": "MISC", + "name": "https://github.com/jianyan74/rageframe2" + }, + { + "url": "http://rageframe2.com", + "refsource": "MISC", + "name": "http://rageframe2.com" + }, + { + "url": "https://github.com/jianyan74/rageframe2/issues/106", + "refsource": "MISC", + "name": "https://github.com/jianyan74/rageframe2/issues/106" + }, + { + "refsource": "MISC", + "name": "https://github.com/jianyan74/rageframe2/issues/106?by=xboy(Topsec)", + "url": "https://github.com/jianyan74/rageframe2/issues/106?by=xboy(Topsec)" } ] } diff --git a/2022/36xxx/CVE-2022-36599.json b/2022/36xxx/CVE-2022-36599.json index 7f47c7f515c..e1145e0cb4d 100644 --- a/2022/36xxx/CVE-2022-36599.json +++ b/2022/36xxx/CVE-2022-36599.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-36599", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-36599", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/model/delete URI via models Lists." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gitee.com/mingSoft/MCMS/issues/I5I1P5", + "refsource": "MISC", + "name": "https://gitee.com/mingSoft/MCMS/issues/I5I1P5" } ] }