changed CWE for various CVEs since the originally chosen CVEs are not

in the 1003 view NIST uses
2025-05-06 02:32:02 +00:00 · 2022-10-13 13:56:22 +02:00 · 2022-10-13 13:56:22 +02:00 · 0406d461e5
commit 0406d461e5
parent fdb3a55f44
11 changed files with 26 additions and 26 deletions
--- a/2018/17xxx/CVE-2018-17954.json
+++ b/2018/17xxx/CVE-2018-17954.json
@ -92,7 +92,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "A Least Privilege Violation vulnerability in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue affects: SUSE OpenStack Cloud 7 crowbar-core versions prior to 4.0+git.1578392992.fabfd186c-9.63.1, crowbar-. SUSE OpenStack Cloud 8 ardana-cinder versions prior to 8.0+git.1579279939.ee7da88-3.39.3, ardana-. SUSE OpenStack Cloud 9 ardana-ansible versions prior to 9.0+git.1581611758.f694f7d-3.16.1, ardana-. SUSE OpenStack Cloud Crowbar 8 crowbar-core versions prior to 5.0+git.1582968668.1a55c77c5-3.35.4, crowbar-. SUSE OpenStack Cloud Crowbar 9 crowbar-core versions prior to 6.0+git.1582892022.cbd70e833-3.19.3, crowbar-."
+                "value": "An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue affects: SUSE OpenStack Cloud 7 crowbar-core versions prior to 4.0+git.1578392992.fabfd186c-9.63.1, crowbar-. SUSE OpenStack Cloud 8 ardana-cinder versions prior to 8.0+git.1579279939.ee7da88-3.39.3, ardana-. SUSE OpenStack Cloud 9 ardana-ansible versions prior to 9.0+git.1581611758.f694f7d-3.16.1, ardana-. SUSE OpenStack Cloud Crowbar 8 crowbar-core versions prior to 5.0+git.1582968668.1a55c77c5-3.35.4, crowbar-. SUSE OpenStack Cloud Crowbar 9 crowbar-core versions prior to 6.0+git.1582892022.cbd70e833-3.19.3, crowbar-."
            }
        ]
    },
@ -121,7 +121,7 @@
                "description": [
                    {
                        "lang": "eng",
-                        "value": "CWE-272: Least Privilege Violation"
+                        "value": "CWE-269: Improper Privilege Management"
                    }
                ]
            }
@ -143,4 +143,4 @@
        ],
        "discovery": "INTERNAL"
    }
-}
+}
--- a/2018/17xxx/CVE-2018-17956.json
+++ b/2018/17xxx/CVE-2018-17956.json
@ -69,7 +69,7 @@
                "description": [
                    {
                        "lang": "eng",
-                        "value": "CWE-214"
+                        "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
                    }
                ]
            }
@ -91,4 +91,4 @@
        ],
        "discovery": "INTERNAL"
    }
-}
+}
--- a/2019/18xxx/CVE-2019-18899.json
+++ b/2019/18xxx/CVE-2019-18899.json
@ -73,7 +73,7 @@
                "description": [
                    {
                        "lang": "eng",
-                        "value": "CWE-250: Execution with Unnecessary Privileges"
+                        "value": "CWE-269: Improper Privilege Management"
                    }
                ]
            }
@ -105,4 +105,4 @@
        ],
        "discovery": "INTERNAL"
    }
-}
+}
--- a/2019/18xxx/CVE-2019-18906.json
+++ b/2019/18xxx/CVE-2019-18906.json
@ -56,7 +56,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "A Use of Password Hash Instead of Password for Authentication vulnerability in cryptctl of SUSE Linux Enterprise Server for SAP 12-SP5, SUSE Manager Server 4.0 allows attackers with access to the hashed password to use it without having to crack it. This issue affects: SUSE Linux Enterprise Server for SAP 12-SP5 cryptctl versions prior to 2.4. SUSE Manager Server 4.0 cryptctl versions prior to 2.4."
+                "value": "A Improper Authentication vulnerability in cryptctl of SUSE Linux Enterprise Server for SAP 12-SP5, SUSE Manager Server 4.0 allows attackers with access to the hashed password to use it without having to crack it. This issue affects: SUSE Linux Enterprise Server for SAP 12-SP5 cryptctl versions prior to 2.4. SUSE Manager Server 4.0 cryptctl versions prior to 2.4."
            }
        ]
    },
@ -85,7 +85,7 @@
                "description": [
                    {
                        "lang": "eng",
-                        "value": "CWE-836: Use of Password Hash Instead of Password for Authentication"
+                        "value": "CWE-287: Improper Authentication"
                    }
                ]
            }
@ -107,4 +107,4 @@
        ],
        "discovery": "INTERNAL"
    }
-}
+}
--- a/2020/8xxx/CVE-2020-8016.json
+++ b/2020/8xxx/CVE-2020-8016.json
@ -116,7 +116,7 @@
                "description": [
                    {
                        "lang": "eng",
-                        "value": "CWE-363: Race Condition Enabling Link Following"
+                        "value": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition"
                    }
                ]
            }
@ -143,4 +143,4 @@
        ],
        "discovery": "INTERNAL"
    }
-}
+}
--- a/2020/8xxx/CVE-2020-8017.json
+++ b/2020/8xxx/CVE-2020-8017.json
@ -116,7 +116,7 @@
                "description": [
                    {
                        "lang": "eng",
-                        "value": "CWE-363: Race Condition Enabling Link Following"
+                        "value": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition"
                    }
                ]
            }
@ -143,4 +143,4 @@
        ],
        "discovery": "INTERNAL"
    }
-}
+}
--- a/2021/31xxx/CVE-2021-31997.json
+++ b/2021/31xxx/CVE-2021-31997.json
@ -56,7 +56,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "a UNIX Symbolic Link (Symlink) Following vulnerability in python-postorius of openSUSE Leap 15.2, Factory allows local attackers to escalate from users postorius or postorius-admin to root. This issue affects: openSUSE Leap 15.2 python-postorius version 1.3.2-lp152.1.2 and prior versions. openSUSE Factory python-postorius version 1.3.4-2.1 and prior versions."
+                "value": "A UNIX Symbolic Link (Symlink) Following vulnerability in python-postorius of openSUSE Leap 15.2, Factory allows local attackers to escalate from users postorius or postorius-admin to root. This issue affects: openSUSE Leap 15.2 python-postorius version 1.3.2-lp152.1.2 and prior versions. openSUSE Factory python-postorius version 1.3.4-2.1 and prior versions."
            }
        ]
    },
@ -85,7 +85,7 @@
                "description": [
                    {
                        "lang": "eng",
-                        "value": "CWE-61: UNIX Symbolic Link (Symlink) Following"
+                        "value": "CWE-59: Improper Link Resolution Before File Access ('Link Following')"
                    }
                ]
            }
@ -107,4 +107,4 @@
        ],
        "discovery": "INTERNAL"
    }
-}
+}
--- a/2021/32xxx/CVE-2021-32000.json
+++ b/2021/32xxx/CVE-2021-32000.json
@ -104,7 +104,7 @@
                "description": [
                    {
                        "lang": "eng",
-                        "value": "CWE-61: UNIX Symbolic Link (Symlink) Following"
+                        "value": "Improper Link Resolution Before File Access ('Link Following')"
                    }
                ]
            }
@ -126,4 +126,4 @@
        ],
        "discovery": "INTERNAL"
    }
-}
+}
--- a/2021/36xxx/CVE-2021-36778.json
+++ b/2021/36xxx/CVE-2021-36778.json
@ -56,7 +56,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE Rancher allows administrators of third-party repositories to gather credentials that are sent to their servers. This issue affects: SUSE Rancher Rancher versions prior to 2.5.12; Rancher versions prior to 2.6.3."
+                "value": "A Incorrect Authorization vulnerability in SUSE Rancher allows administrators of third-party repositories to gather credentials that are sent to their servers. This issue affects: SUSE Rancher Rancher versions prior to 2.5.12; Rancher versions prior to 2.6.3."
            }
        ]
    },
@ -85,7 +85,7 @@
                "description": [
                    {
                        "lang": "eng",
-                        "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
+                        "value": "CWE-863: Incorrect Authorization"
                    }
                ]
            }
@ -107,4 +107,4 @@
        ],
        "discovery": "EXTERNAL"
    }
-}
+}
--- a/2022/21xxx/CVE-2022-21944.json
+++ b/2022/21xxx/CVE-2022-21944.json
@ -85,7 +85,7 @@
                "description": [
                    {
                        "lang": "eng",
-                        "value": "CWE-61: UNIX Symbolic Link (Symlink) Following"
+                        "value": "CWE-59: Improper Link Resolution Before File Access ('Link Following')"
                    }
                ]
            }
@ -107,4 +107,4 @@
        ],
        "discovery": "INTERNAL"
    }
-}
+}
--- a/2022/31xxx/CVE-2022-31250.json
+++ b/2022/31xxx/CVE-2022-31250.json
@ -73,7 +73,7 @@
                "description": [
                    {
                        "lang": "eng",
-                        "value": "CWE-61: UNIX Symbolic Link (Symlink) Following"
+                        "value": "CWE-59: Improper Link Resolution Before File Access ('Link Following')"
                    }
                ]
            }
@ -95,4 +95,4 @@
        ],
        "discovery": "INTERNAL"
    }
-}
+}