From fbffa10047e3f38cf80699bf504bf5a931c7aa7d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 25 Nov 2022 16:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/37xxx/CVE-2022-37720.json | 66 ++++++++++++++++-- 2022/38xxx/CVE-2022-38377.json | 121 +++++++++++++++++++++++++++++++-- 2022/44xxx/CVE-2022-44411.json | 56 +++++++++++++-- 2022/45xxx/CVE-2022-45036.json | 56 +++++++++++++-- 2022/45xxx/CVE-2022-45037.json | 56 +++++++++++++-- 2022/45xxx/CVE-2022-45038.json | 56 +++++++++++++-- 2022/45xxx/CVE-2022-45039.json | 56 +++++++++++++-- 2022/45xxx/CVE-2022-45040.json | 56 +++++++++++++-- 8 files changed, 477 insertions(+), 46 deletions(-) diff --git a/2022/37xxx/CVE-2022-37720.json b/2022/37xxx/CVE-2022-37720.json index d0402745fc3..fb085474843 100644 --- a/2022/37xxx/CVE-2022-37720.json +++ b/2022/37xxx/CVE-2022-37720.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-37720", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-37720", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scripting (XSS). When a low privileged user such as an author or publisher, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation when the malicious blog post is loaded in the victim's browser." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://orchard.com", + "refsource": "MISC", + "name": "http://orchard.com" + }, + { + "url": "http://orchardproject.com", + "refsource": "MISC", + "name": "http://orchardproject.com" + }, + { + "refsource": "MISC", + "name": "https://labs.integrity.pt/advisories/cve-2022-37720/", + "url": "https://labs.integrity.pt/advisories/cve-2022-37720/" } ] } diff --git a/2022/38xxx/CVE-2022-38377.json b/2022/38xxx/CVE-2022-38377.json index 5f4a1632951..88c601a2610 100644 --- a/2022/38xxx/CVE-2022-38377.json +++ b/2022/38xxx/CVE-2022-38377.json @@ -1,17 +1,130 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-38377", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper access control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiManager", + "version": { + "version_data": [ + { + "version_value": "7.2.0", + "version_affected": "=" + }, + { + "version_value": "7.0.0", + "version_affected": "=" + }, + { + "version_value": "6.4.0", + "version_affected": "=" + }, + { + "version_value": "6.2.0", + "version_affected": "=" + }, + { + "version_value": "6.0.0", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "FortiAnalyzer", + "version": { + "version_data": [ + { + "version_value": "7.2.0", + "version_affected": "=" + }, + { + "version_value": "7.0.0", + "version_affected": "=" + }, + { + "version_value": "6.4.0", + "version_affected": "=" + }, + { + "version_value": "6.2.0", + "version_affected": "=" + }, + { + "version_value": "6.0.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-20-143", + "refsource": "MISC", + "name": "https://fortiguard.com/psirt/FG-IR-20-143" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Please upgrade to FortiManager version 7.2.1 or above\r\nPlease upgrade to FortiManager version 7.0.4 or above\r\nPlease upgrade to FortiManager version 6.4.8 or above\n\r\nPlease upgrade to FortiAnalyzer version 7.2.1 or above\r\nPlease upgrade to\u00a0FortiAnalyzer version 7.0.4 or above\r\nPlease upgrade to\u00a0FortiAnalyzer version 6.4.9 or above" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:U/RC:C" } ] } diff --git a/2022/44xxx/CVE-2022-44411.json b/2022/44xxx/CVE-2022-44411.json index 4f78d769a55..2eece9d46a3 100644 --- a/2022/44xxx/CVE-2022-44411.json +++ b/2022/44xxx/CVE-2022-44411.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-44411", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-44411", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Web Based Quiz System v1.0 transmits user passwords in plaintext during the authentication process, allowing attackers to obtain users' passwords via a bruteforce attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://shimo.im/docs/5xkGMZx0ZeUmpx3X", + "refsource": "MISC", + "name": "https://shimo.im/docs/5xkGMZx0ZeUmpx3X" } ] } diff --git a/2022/45xxx/CVE-2022-45036.json b/2022/45xxx/CVE-2022-45036.json index c13335278e3..dd3ee6a1222 100644 --- a/2022/45xxx/CVE-2022-45036.json +++ b/2022/45xxx/CVE-2022-45036.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-45036", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-45036", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://shimo.im/docs/2wAlXR1j6BsJlDAP", + "refsource": "MISC", + "name": "https://shimo.im/docs/2wAlXR1j6BsJlDAP" } ] } diff --git a/2022/45xxx/CVE-2022-45037.json b/2022/45xxx/CVE-2022-45037.json index f766af01fc8..1c471bf54c4 100644 --- a/2022/45xxx/CVE-2022-45037.json +++ b/2022/45xxx/CVE-2022-45037.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-45037", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-45037", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://shimo.im/docs/dPkpKPQEjXfvYoqO", + "refsource": "MISC", + "name": "https://shimo.im/docs/dPkpKPQEjXfvYoqO" } ] } diff --git a/2022/45xxx/CVE-2022-45038.json b/2022/45xxx/CVE-2022-45038.json index bb674a97581..58bef5317f5 100644 --- a/2022/45xxx/CVE-2022-45038.json +++ b/2022/45xxx/CVE-2022-45038.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-45038", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-45038", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://shimo.im/docs/Ee32MrJd80iEwyA2", + "refsource": "MISC", + "name": "https://shimo.im/docs/Ee32MrJd80iEwyA2" } ] } diff --git a/2022/45xxx/CVE-2022-45039.json b/2022/45xxx/CVE-2022-45039.json index b95566f39e2..0cbf4b15b78 100644 --- a/2022/45xxx/CVE-2022-45039.json +++ b/2022/45xxx/CVE-2022-45039.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-45039", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-45039", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://shimo.im/docs/XKq4MKmDYDC8B1kN", + "refsource": "MISC", + "name": "https://shimo.im/docs/XKq4MKmDYDC8B1kN" } ] } diff --git a/2022/45xxx/CVE-2022-45040.json b/2022/45xxx/CVE-2022-45040.json index 8b604c6f835..140d0a59a32 100644 --- a/2022/45xxx/CVE-2022-45040.json +++ b/2022/45xxx/CVE-2022-45040.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-45040", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-45040", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability in /admin/pages/sections_save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name Section field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://shimo.im/docs/XKq4MKmDGnsgjZkN", + "refsource": "MISC", + "name": "https://shimo.im/docs/XKq4MKmDGnsgjZkN" } ] }