From fd929212f843902c504bbca9960de86a8cd15a92 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 20 Jul 2022 17:00:45 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/29xxx/CVE-2022-29834.json | 55 ++++++++++++++++++++++++++++-- 2022/33xxx/CVE-2022-33315.json | 58 ++++++++++++++++++++++++++++++-- 2022/33xxx/CVE-2022-33316.json | 58 ++++++++++++++++++++++++++++++-- 2022/33xxx/CVE-2022-33317.json | 58 ++++++++++++++++++++++++++++++-- 2022/33xxx/CVE-2022-33318.json | 58 ++++++++++++++++++++++++++++++-- 2022/33xxx/CVE-2022-33319.json | 58 ++++++++++++++++++++++++++++++-- 2022/33xxx/CVE-2022-33320.json | 58 ++++++++++++++++++++++++++++++-- 2022/34xxx/CVE-2022-34042.json | 56 +++++++++++++++++++++++++++---- 2022/34xxx/CVE-2022-34045.json | 56 +++++++++++++++++++++++++++---- 2022/34xxx/CVE-2022-34046.json | 56 +++++++++++++++++++++++++++---- 2022/34xxx/CVE-2022-34047.json | 56 +++++++++++++++++++++++++++---- 2022/34xxx/CVE-2022-34048.json | 61 ++++++++++++++++++++++++++++++---- 2022/34xxx/CVE-2022-34049.json | 61 ++++++++++++++++++++++++++++++---- 13 files changed, 692 insertions(+), 57 deletions(-) diff --git a/2022/29xxx/CVE-2022-29834.json b/2022/29xxx/CVE-2022-29834.json index b2301f71506..abda19439f3 100644 --- a/2022/29xxx/CVE-2022-29834.json +++ b/2022/29xxx/CVE-2022-29834.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-29834", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ICONICS GENESIS64", + "version": { + "version_data": [ + { + "version_value": "ICONICS GENESIS64 versions 10.97 to 10.97.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf", + "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf" + }, + { + "refsource": "MISC", + "name": "https://jvn.jp/vu/JVNVU96480474/index.html", + "url": "https://jvn.jp/vu/JVNVU96480474/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ICONICS GENESIS64 versions 10.97 to 10.97.1 allows a remote unauthenticated attacker to access to arbitrary files in the GENESIS64 server and disclose information stored in the files by embedding a malicious URL parameter in the URL of the monitoring screen delivered to the GENESIS64 mobile monitoring application and accessing the monitoring screen." } ] } diff --git a/2022/33xxx/CVE-2022-33315.json b/2022/33xxx/CVE-2022-33315.json index dffbc075bba..23d844a6642 100644 --- a/2022/33xxx/CVE-2022-33315.json +++ b/2022/33xxx/CVE-2022-33315.json @@ -4,14 +4,66 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-33315", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ICONICS GENESIS64; Mitsubishi Electric MC Works64", + "version": { + "version_data": [ + { + "version_value": "ICONICS GENESIS64 versions 10.97.1 and prior" + }, + { + "version_value": "Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Deserialization of Untrusted Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf", + "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf" + }, + { + "refsource": "MISC", + "name": "https://jvn.jp/vu/JVNVU96480474/index.html", + "url": "https://jvn.jp/vu/JVNVU96480474/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows an unauthenticated attacker to execute an arbitrary malicious code by leading a user to load a monitoring screen file including malicious XAML codes." } ] } diff --git a/2022/33xxx/CVE-2022-33316.json b/2022/33xxx/CVE-2022-33316.json index 4549a136e73..c8b239aa3e2 100644 --- a/2022/33xxx/CVE-2022-33316.json +++ b/2022/33xxx/CVE-2022-33316.json @@ -4,14 +4,66 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-33316", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ICONICS GENESIS64; Mitsubishi Electric MC Works64", + "version": { + "version_data": [ + { + "version_value": "ICONICS GENESIS64 versions 10.97.1 and prior" + }, + { + "version_value": "Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Deserialization of Untrusted Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf", + "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf" + }, + { + "refsource": "MISC", + "name": "https://jvn.jp/vu/JVNVU96480474/index.html", + "url": "https://jvn.jp/vu/JVNVU96480474/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows an unauthenticated attacker to execute an arbitrary malicious code by leading a user to load a monitoring screen file including malicious XAML codes." } ] } diff --git a/2022/33xxx/CVE-2022-33317.json b/2022/33xxx/CVE-2022-33317.json index 3be112e795f..ea46319e104 100644 --- a/2022/33xxx/CVE-2022-33317.json +++ b/2022/33xxx/CVE-2022-33317.json @@ -4,14 +4,66 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-33317", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ICONICS GENESIS64; Mitsubishi Electric MC Works64", + "version": { + "version_data": [ + { + "version_value": "ICONICS GENESIS64 versions 10.97.1 and prior" + }, + { + "version_value": "Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inclusion of Functionality from Untrusted Control Sphere" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf", + "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf" + }, + { + "refsource": "MISC", + "name": "https://jvn.jp/vu/JVNVU96480474/index.html", + "url": "https://jvn.jp/vu/JVNVU96480474/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inclusion of Functionality from Untrusted Control Sphere vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows an unauthenticated attacker to execute an arbitrary malicious code by leading a user to load a monitoring screen file including malicious script codes." } ] } diff --git a/2022/33xxx/CVE-2022-33318.json b/2022/33xxx/CVE-2022-33318.json index a7323d2480e..09ba70e861e 100644 --- a/2022/33xxx/CVE-2022-33318.json +++ b/2022/33xxx/CVE-2022-33318.json @@ -4,14 +4,66 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-33318", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ICONICS GENESIS64; Mitsubishi Electric MC Works64", + "version": { + "version_data": [ + { + "version_value": "ICONICS GENESIS64 versions 10.97.1 and prior" + }, + { + "version_value": "Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Deserialization of Untrusted Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf", + "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf" + }, + { + "refsource": "MISC", + "name": "https://jvn.jp/vu/JVNVU96480474/index.html", + "url": "https://jvn.jp/vu/JVNVU96480474/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows a remote unauthenticated attacker to execute an arbitrary malicious code by sending specially crafted packets to the GENESIS64 server." } ] } diff --git a/2022/33xxx/CVE-2022-33319.json b/2022/33xxx/CVE-2022-33319.json index ba6e0fcf4e1..dcdddc8385f 100644 --- a/2022/33xxx/CVE-2022-33319.json +++ b/2022/33xxx/CVE-2022-33319.json @@ -4,14 +4,66 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-33319", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ICONICS GENESIS64; Mitsubishi Electric MC Works64", + "version": { + "version_data": [ + { + "version_value": "ICONICS GENESIS64 versions 10.97.1 and prior" + }, + { + "version_value": "Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf", + "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf" + }, + { + "refsource": "MISC", + "name": "https://jvn.jp/vu/JVNVU96480474/index.html", + "url": "https://jvn.jp/vu/JVNVU96480474/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Out-of-bounds Read vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows a remote unauthenticated attacker to disclose information on memory or cause a Denial of Service (DoS) condition by sending specially crafted packets to the GENESIS64 server." } ] } diff --git a/2022/33xxx/CVE-2022-33320.json b/2022/33xxx/CVE-2022-33320.json index 8798a7233af..7e61c759077 100644 --- a/2022/33xxx/CVE-2022-33320.json +++ b/2022/33xxx/CVE-2022-33320.json @@ -4,14 +4,66 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-33320", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ICONICS GENESIS64; Mitsubishi Electric MC Works64", + "version": { + "version_data": [ + { + "version_value": "ICONICS GENESIS64 versions 10.97.1 and prior" + }, + { + "version_value": "Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Deserialization of Untrusted Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf", + "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf" + }, + { + "refsource": "MISC", + "name": "https://jvn.jp/vu/JVNVU96480474/index.html", + "url": "https://jvn.jp/vu/JVNVU96480474/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows an unauthenticated attacker to execute an arbitrary malicious code by leading a user to load a project configuration file including malicious XML codes." } ] } diff --git a/2022/34xxx/CVE-2022-34042.json b/2022/34xxx/CVE-2022-34042.json index e7125d9d623..26f432c4bb0 100644 --- a/2022/34xxx/CVE-2022-34042.json +++ b/2022/34xxx/CVE-2022-34042.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-34042", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-34042", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /pages/household/household.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/tianqi5432/bug_report/blob/main/vendors/itsourcecode.com/barangay-management-system/SQLi-1.md", + "url": "https://github.com/tianqi5432/bug_report/blob/main/vendors/itsourcecode.com/barangay-management-system/SQLi-1.md" } ] } diff --git a/2022/34xxx/CVE-2022-34045.json b/2022/34xxx/CVE-2022-34045.json index b9eafd74c97..45f9486b673 100644 --- a/2022/34xxx/CVE-2022-34045.json +++ b/2022/34xxx/CVE-2022-34045.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-34045", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-34045", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardcoded encryption/decryption key for its configuration files at /etc_ro/lighttpd/www/cgi-bin/ExportAllSettings.sh." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://drive.google.com/file/d/1s5uZGC_iSzfCJt9BJ8h-P24vmsrmttrf/view?usp=sharing", + "refsource": "MISC", + "name": "https://drive.google.com/file/d/1s5uZGC_iSzfCJt9BJ8h-P24vmsrmttrf/view?usp=sharing" } ] } diff --git a/2022/34xxx/CVE-2022-34046.json b/2022/34xxx/CVE-2022-34046.json index 559668defef..482f7afd4d6 100644 --- a/2022/34xxx/CVE-2022-34046.json +++ b/2022/34xxx/CVE-2022-34046.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-34046", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-34046", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An access control issue in Wavlink WN533A8 M33A8.V5030.190716 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/sysinit.shtml?r=52300 and searching for [logincheck(user);]." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://drive.google.com/file/d/18ECQEqZ296LDzZ0wErgqnNfen1jCn0mG/view?usp=sharing", + "refsource": "MISC", + "name": "https://drive.google.com/file/d/18ECQEqZ296LDzZ0wErgqnNfen1jCn0mG/view?usp=sharing" } ] } diff --git a/2022/34xxx/CVE-2022-34047.json b/2022/34xxx/CVE-2022-34047.json index b1bc730aac6..bc5a79ef123 100644 --- a/2022/34xxx/CVE-2022-34047.json +++ b/2022/34xxx/CVE-2022-34047.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-34047", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-34047", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var syspasswd]." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://drive.google.com/file/d/1sTQdUc12aZvJRFeb5wp8AfPdUEkkU9Sy/view?usp=sharing", + "refsource": "MISC", + "name": "https://drive.google.com/file/d/1sTQdUc12aZvJRFeb5wp8AfPdUEkkU9Sy/view?usp=sharing" } ] } diff --git a/2022/34xxx/CVE-2022-34048.json b/2022/34xxx/CVE-2022-34048.json index 72f3b4aabba..6c1f6fef1a9 100644 --- a/2022/34xxx/CVE-2022-34048.json +++ b/2022/34xxx/CVE-2022-34048.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-34048", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-34048", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Wavlink WN533A8 M33A8.V5030.190716 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login_page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://drive.google.com/file/d/1xznFhH3w3TDN2RCdX62_ebylR4yaKmzf/view?usp=sharing", + "refsource": "MISC", + "name": "https://drive.google.com/file/d/1xznFhH3w3TDN2RCdX62_ebylR4yaKmzf/view?usp=sharing" + }, + { + "url": "https://drive.google.com/file/d/1NI3-k3AGIsSe2zjeigl1GVyU1VpG1SV3/view?usp=sharing", + "refsource": "MISC", + "name": "https://drive.google.com/file/d/1NI3-k3AGIsSe2zjeigl1GVyU1VpG1SV3/view?usp=sharing" } ] } diff --git a/2022/34xxx/CVE-2022-34049.json b/2022/34xxx/CVE-2022-34049.json index 338e1a0ff13..0654f04aaaf 100644 --- a/2022/34xxx/CVE-2022-34049.json +++ b/2022/34xxx/CVE-2022-34049.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-34049", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-34049", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows unauthenticated attackers to download log files and configuration data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://drive.google.com/file/d/1ZeSwqu04OghLQXeG7emU-w-Amgadafqx/view?usp=sharing", + "refsource": "MISC", + "name": "https://drive.google.com/file/d/1ZeSwqu04OghLQXeG7emU-w-Amgadafqx/view?usp=sharing" + }, + { + "url": "https://drive.google.com/file/d/1-eNgq6IS609bq2vB93c_N8jnZrJ2dgNF/view?usp=sharing", + "refsource": "MISC", + "name": "https://drive.google.com/file/d/1-eNgq6IS609bq2vB93c_N8jnZrJ2dgNF/view?usp=sharing" } ] }