admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-09-28 20:00:37 +00:00
parent b6fc74e69a
commit 01c2511896
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
14 changed files with 372 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
2021/45xxx/CVE-2021-45035.json
View File

@ -84,6 +84,16 @@
"name": "https://velneo.es/publicacion-de-incidencia-de-seguridad-en-cve-cve-2021-45035/",
"refsource": "CONFIRM",
"url": "https://velneo.es/publicacion-de-incidencia-de-seguridad-en-cve-cve-2021-45035/"
},
{
"refsource": "MISC",
"name": "https://www.velneo.com/blog/nueva-revision-velneo-29-2",
"url": "https://www.velneo.com/blog/nueva-revision-velneo-29-2"
},
{
"refsource": "MISC",
"name": "https://doc.velneo.com/v/29/velneo/notas-de-la-version#verificacion-de-certificados",
"url": "https://doc.velneo.com/v/29/velneo/notas-de-la-version#verificacion-de-certificados"
}
]
},

50
2022/1xxx/CVE-2022-1270.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1270",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "GraphicsMagick",
"version": {
"version_data": [
{
"version_value": "GraphicsMagick-1.4.020220326"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://sourceforge.net/p/graphicsmagick/bugs/664/",
"url": "https://sourceforge.net/p/graphicsmagick/bugs/664/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In GraphicsMagick, a heap buffer overflow was found when parsing MIFF."
}
]
}

2
2022/1xxx/CVE-2022-1341.json
View File

@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_value": "bwm-ng 0.6.2"
"version_value": "bwm-ng v0.6.2"
}
]
}

57
2022/23xxx/CVE-2022-23716.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@elastic.co",
"ID": "CVE-2022-23716",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Elastic",
"product": {
"product_data": [
{
"product_name": "Elastic Cloud Enterprise",
"version": {
"version_data": [
{
"version_value": "Versions through 3.1.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532: Insertion of Sensitive Information into Log File"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.elastic.co/community/security/",
"refsource": "MISC",
"name": "https://www.elastic.co/community/security/"
},
{
"url": "https://discuss.elastic.co/t/elastic-cloud-enterprise-3-1-1-security-update/315317",
"refsource": "MISC",
"name": "https://discuss.elastic.co/t/elastic-cloud-enterprise-3-1-1-security-update/315317"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster."
}
]
}

97
2022/36xxx/CVE-2022-36781.json
View File

@ -1,18 +1,103 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cna@cyber.gov.il",
"DATE_PUBLIC": "2022-09-28T08:57:00.000Z",
"ID": "CVE-2022-36781",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WiseConnect - ScreenConnect Session Code Bypass"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ScreenConnect",
"version": {
"version_data": [
{
"version_affected": ">",
"version_name": "22.7",
"version_value": "22.7"
}
]
}
}
]
},
"vendor_name": "WiseConnect"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Gad Abuhatziera \u2013 Sophtix Security LTD"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "WiseConnect - ScreenConnect Session Code Bypass. An attacker would have to use a proxy to monitor the traffic, and perform a brute force on the session code in order to get in. Sensitive data about the company , get in a session."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Session Code Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"name": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to version 22.7."
}
],
"source": {
"defect": [
"ILVN-2022-0052"
],
"discovery": "EXTERNAL"
}
}

2
2022/37xxx/CVE-2022-37734.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "graphql-java before19.0 is vulnerable to Denial of Service. An attacker can send a malicious GraphQL query that consumes CPU resources. The fixed versions are 19.0 and later, 18.3, and 17.4."
"value": "graphql-java before19.0 is vulnerable to Denial of Service. An attacker can send a malicious GraphQL query that consumes CPU resources. The fixed versions are 19.0 and later, 18.3, and 17.4, and 0.0.0-2022-07-26T05-45-04-226aabd9."
}
]
},

20
2022/39xxx/CVE-2022-39249.json
View File

@ -77,16 +77,6 @@
},
"references": {
"reference_data": [
{
"name": "https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-6263-x97c-c4gg",
"refsource": "CONFIRM",
"url": "https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-6263-x97c-c4gg"
},
{
"name": "https://github.com/matrix-org/matrix-spec-proposals/pull/3061",
"refsource": "MISC",
"url": "https://github.com/matrix-org/matrix-spec-proposals/pull/3061"
},
{
"name": "https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76",
"refsource": "MISC",
@ -97,6 +87,16 @@
"refsource": "MISC",
"url": "https://github.com/matrix-org/matrix-js-sdk/releases/tag/v19.7.0"
},
{
"name": "https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-6263-x97c-c4gg",
"refsource": "CONFIRM",
"url": "https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-6263-x97c-c4gg"
},
{
"name": "https://github.com/matrix-org/matrix-spec-proposals/pull/3061",
"refsource": "MISC",
"url": "https://github.com/matrix-org/matrix-spec-proposals/pull/3061"
},
{
"name": "https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients",
"refsource": "MISC",

10
2022/39xxx/CVE-2022-39251.json
View File

@ -77,11 +77,6 @@
},
"references": {
"reference_data": [
{
"name": "https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-r48r-j8fx-mq2c",
"refsource": "CONFIRM",
"url": "https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-r48r-j8fx-mq2c"
},
{
"name": "https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76",
"refsource": "MISC",
@ -96,6 +91,11 @@
"name": "https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients",
"refsource": "MISC",
"url": "https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients"
},
{
"name": "https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-r48r-j8fx-mq2c",
"refsource": "CONFIRM",
"url": "https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-r48r-j8fx-mq2c"
}
]
},

5
2022/39xxx/CVE-2022-39261.json
View File

@ -84,6 +84,11 @@
"name": "https://github.com/twigphp/Twig/commit/35f3035c5deb0041da7b84daf02dea074ddc7a0b",
"refsource": "MISC",
"url": "https://github.com/twigphp/Twig/commit/35f3035c5deb0041da7b84daf02dea074ddc7a0b"
},
{
"refsource": "CONFIRM",
"name": "https://www.drupal.org/sa-core-2022-016",
"url": "https://www.drupal.org/sa-core-2022-016"
}
]
},

51
2022/3xxx/CVE-2022-3215.json
View File

@ -4,14 +4,59 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3215",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@forums.swift.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Swift Project",
"product": {
"product_data": [
{
"product_name": "SwiftNIO",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "2.41.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/apple/swift-nio/security/advisories/GHSA-7fj7-39wj-c64f",
"refsource": "MISC",
"name": "https://github.com/apple/swift-nio/security/advisories/GHSA-7fj7-39wj-c64f"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "NIOHTTP1 and projects using it for generating HTTP responses can be subject to a HTTP Response Injection attack. This occurs when a HTTP/1.1 server accepts user generated input from an incoming request and reflects it into a HTTP/1.1 response header in some form. A malicious user can add newlines to their input (usually in encoded form) and \"inject\" those newlines into the returned HTTP response. This capability allows users to work around security headers and HTTP/1.1 framing headers by injecting entirely false responses or other new headers. The injected false responses may also be treated as the response to subsequent requests, which can lead to XSS, cache poisoning, and a number of other flaws. This issue was resolved by adding validation to the HTTPHeaders type, ensuring that there's no whitespace incorrectly present in the HTTP headers provided by users. As the existing API surface is non-failable, all invalid characters are replaced by linear whitespace."
}
]
}

50
2022/3xxx/CVE-2022-3287.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3287",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "fwupd",
"version": {
"version_data": [
{
"version_value": "Fixed in version 1.8.5"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-256 | CWE-552"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/fwupd/fwupd/commit/ea676855f2119e36d433fbd2ed604039f53b2091",
"url": "https://github.com/fwupd/fwupd/commit/ea676855f2119e36d433fbd2ed604039f53b2091"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file."
}
]
}

18
2022/41xxx/CVE-2022-41741.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-41741",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/41xxx/CVE-2022-41742.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-41742",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/41xxx/CVE-2022-41743.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-41743",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}