admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-08 03:27:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-02-12 22:03:01 +00:00
parent 49773969f7
commit 00de4b0d9d
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
8 changed files with 211 additions and 231 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
2022/41xxx/CVE-2022-41859.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-41859",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "unknown"
}
]
@ -30,37 +52,17 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://freeradius.org/security/",
"refsource": "MISC",
"name": "https://freeradius.org/security/",
"url": "https://freeradius.org/security/"
"name": "https://freeradius.org/security/"
},
{
"url": "https://github.com/FreeRADIUS/freeradius-server/commit/9e5e8f2f",
"refsource": "MISC",
"name": "https://github.com/FreeRADIUS/freeradius-server/commit/9e5e8f2f",
"url": "https://github.com/FreeRADIUS/freeradius-server/commit/9e5e8f2f"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack."
"name": "https://github.com/FreeRADIUS/freeradius-server/commit/9e5e8f2f"
}
]
}

52
2022/41xxx/CVE-2022-41860.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-41860",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions from 0.9.3 to 3.0.25"
}
]
@ -30,37 +52,17 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://freeradius.org/security/",
"refsource": "MISC",
"name": "https://freeradius.org/security/",
"url": "https://freeradius.org/security/"
"name": "https://freeradius.org/security/"
},
{
"url": "https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a",
"refsource": "MISC",
"name": "https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a",
"url": "https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash."
"name": "https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a"
}
]
}

52
2022/41xxx/CVE-2022-41861.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-41861",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions from 0.0.1 to 3.0.25"
}
]
@ -30,37 +52,17 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://freeradius.org/security/",
"refsource": "MISC",
"name": "https://freeradius.org/security/",
"url": "https://freeradius.org/security/"
"name": "https://freeradius.org/security/"
},
{
"url": "https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e",
"refsource": "MISC",
"name": "https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e",
"url": "https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash."
"name": "https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e"
}
]
}

67
2022/4xxx/CVE-2022-4130.json
View File

@ -1,34 +1,19 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4130",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Satellite Server",
"version": {
"version_data": [
{
"version_value": "Satellite Server 6.9,6.10,6.11"
}
]
}
}
]
}
}
]
}
"description": {
"description_data": [
{
"lang": "eng",
"value": "A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an attacker's server by modifying the Referer header in an HTTP request of specific resources in the server."
}
]
},
"problemtype": {
"problemtype_data": [
@ -42,20 +27,36 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Satellite Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Satellite Server 6.9,6.10,6.11"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145254",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2145254",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145254"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an attacker's server by modifying the Referer header in an HTTP request of specific resources in the server."
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2145254"
}
]
}

48
2022/4xxx/CVE-2022-4147.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4147",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET or POST requests made with XMLHttpRequest are the ones which have no event listeners registered on the object returned by the XMLHttpRequest upload property and have no ReadableStream object used in the request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1026",
"cweId": "CWE-1026"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2"
}
]
@ -30,32 +52,12 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1026"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/cve/CVE-2022-4147",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-4147",
"url": "https://access.redhat.com/security/cve/CVE-2022-4147"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET or POST requests made with XMLHttpRequest are the ones which have no event listeners registered on the object returned by the XMLHttpRequest upload property and have no ReadableStream object used in the request."
"name": "https://access.redhat.com/security/cve/CVE-2022-4147"
}
]
}

48
2022/4xxx/CVE-2022-4269.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4269",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action \"mirred\") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of service condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-833",
"cweId": "CWE-833"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Since upstream commit 53592b3 (v4.10-rc1)"
}
]
@ -30,32 +52,12 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-833"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://lore.kernel.org/netdev/33dc43f587ec1388ba456b4915c75f02a8aae226.1663945716.git.dcaratti%40redhat.com/",
"refsource": "MISC",
"name": "https://lore.kernel.org/netdev/33dc43f587ec1388ba456b4915c75f02a8aae226.1663945716.git.dcaratti@redhat.com/",
"url": "https://lore.kernel.org/netdev/33dc43f587ec1388ba456b4915c75f02a8aae226.1663945716.git.dcaratti@redhat.com/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action \"mirred\") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of service condition."
"name": "https://lore.kernel.org/netdev/33dc43f587ec1388ba456b4915c75f02a8aae226.1663945716.git.dcaratti%40redhat.com/"
}
]
}

55
2022/4xxx/CVE-2022-4283.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in X.Org. This issue occurs because the XkbCopyNames function leaves a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions."
"value": "A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Use After Free",
"cweId": "CWE-416"
"value": "use-after-free"
}
]
}
@ -32,20 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "xorg-x11-server",
"version": {
"version_data": [
{
"version_value": "0:1.8.0-23.el7_9",
"version_affected": "!"
},
{
"version_value": "0:1.20.4-21.el7_9",
"version_affected": "!"
"version_affected": "=",
"version_value": "xorg-x11-server-1.20.4"
}
]
}
@ -58,6 +53,11 @@
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151761",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2151761"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-4283",
"refsource": "MISC",
@ -82,39 +82,6 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:0045",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:0045"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:0046",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:0046"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151761",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2151761"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

68
2022/4xxx/CVE-2022-4379.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4379",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416",
"cweId": "CWE-416"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Linux kernel through v6.1-rc8"
}
]
@ -30,52 +52,32 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://seclists.org/oss-sec/2022/q4/185",
"refsource": "MISC",
"name": "https://seclists.org/oss-sec/2022/q4/185",
"url": "https://seclists.org/oss-sec/2022/q4/185"
"name": "https://seclists.org/oss-sec/2022/q4/185"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=aeba12b26c79fc35e07e511f692a8907037d95da",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=aeba12b26c79fc35e07e511f692a8907037d95da",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=aeba12b26c79fc35e07e511f692a8907037d95da"
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=aeba12b26c79fc35e07e511f692a8907037d95da"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=75333d48f92256a0dec91dbf07835e804fc411c0",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=75333d48f92256a0dec91dbf07835e804fc411c0",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=75333d48f92256a0dec91dbf07835e804fc411c0"
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=75333d48f92256a0dec91dbf07835e804fc411c0"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2023-f4f9182dc8",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RAVD6JIILAVSRHZ4VXSV3RAAGUXKVXZA/"
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LECFVUHKIRBV5JJBE3KQCLGKNYJPBRCN/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LECFVUHKIRBV5JJBE3KQCLGKNYJPBRCN/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2023-3fd7349f60",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LECFVUHKIRBV5JJBE3KQCLGKNYJPBRCN/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial"
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAVD6JIILAVSRHZ4VXSV3RAAGUXKVXZA/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAVD6JIILAVSRHZ4VXSV3RAAGUXKVXZA/"
}
]
}