diff --git a/2018/17xxx/CVE-2018-17954.json b/2018/17xxx/CVE-2018-17954.json index 5b9bc388c7f..a95fc5c3c43 100644 --- a/2018/17xxx/CVE-2018-17954.json +++ b/2018/17xxx/CVE-2018-17954.json @@ -92,7 +92,7 @@ "description_data": [ { "lang": "eng", - "value": "A Least Privilege Violation vulnerability in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue affects: SUSE OpenStack Cloud 7 crowbar-core versions prior to 4.0+git.1578392992.fabfd186c-9.63.1, crowbar-. SUSE OpenStack Cloud 8 ardana-cinder versions prior to 8.0+git.1579279939.ee7da88-3.39.3, ardana-. SUSE OpenStack Cloud 9 ardana-ansible versions prior to 9.0+git.1581611758.f694f7d-3.16.1, ardana-. SUSE OpenStack Cloud Crowbar 8 crowbar-core versions prior to 5.0+git.1582968668.1a55c77c5-3.35.4, crowbar-. SUSE OpenStack Cloud Crowbar 9 crowbar-core versions prior to 6.0+git.1582892022.cbd70e833-3.19.3, crowbar-." + "value": "An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue affects: SUSE OpenStack Cloud 7 crowbar-core versions prior to 4.0+git.1578392992.fabfd186c-9.63.1, crowbar-. SUSE OpenStack Cloud 8 ardana-cinder versions prior to 8.0+git.1579279939.ee7da88-3.39.3, ardana-. SUSE OpenStack Cloud 9 ardana-ansible versions prior to 9.0+git.1581611758.f694f7d-3.16.1, ardana-. SUSE OpenStack Cloud Crowbar 8 crowbar-core versions prior to 5.0+git.1582968668.1a55c77c5-3.35.4, crowbar-. SUSE OpenStack Cloud Crowbar 9 crowbar-core versions prior to 6.0+git.1582892022.cbd70e833-3.19.3, crowbar-." } ] }, @@ -121,7 +121,7 @@ "description": [ { "lang": "eng", - "value": "CWE-272: Least Privilege Violation" + "value": "CWE-269: Improper Privilege Management" } ] } @@ -143,4 +143,4 @@ ], "discovery": "INTERNAL" } -} \ No newline at end of file +} diff --git a/2018/17xxx/CVE-2018-17956.json b/2018/17xxx/CVE-2018-17956.json index c979017d5c1..10f58eb5151 100644 --- a/2018/17xxx/CVE-2018-17956.json +++ b/2018/17xxx/CVE-2018-17956.json @@ -69,7 +69,7 @@ "description": [ { "lang": "eng", - "value": "CWE-214" + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor" } ] } @@ -91,4 +91,4 @@ ], "discovery": "INTERNAL" } -} \ No newline at end of file +} diff --git a/2019/18xxx/CVE-2019-18899.json b/2019/18xxx/CVE-2019-18899.json index b7f4abd002d..df6f1c713bb 100644 --- a/2019/18xxx/CVE-2019-18899.json +++ b/2019/18xxx/CVE-2019-18899.json @@ -73,7 +73,7 @@ "description": [ { "lang": "eng", - "value": "CWE-250: Execution with Unnecessary Privileges" + "value": "CWE-269: Improper Privilege Management" } ] } @@ -105,4 +105,4 @@ ], "discovery": "INTERNAL" } -} \ No newline at end of file +} diff --git a/2019/18xxx/CVE-2019-18906.json b/2019/18xxx/CVE-2019-18906.json index 195c5e5a6f9..d28d180eeef 100644 --- a/2019/18xxx/CVE-2019-18906.json +++ b/2019/18xxx/CVE-2019-18906.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A Use of Password Hash Instead of Password for Authentication vulnerability in cryptctl of SUSE Linux Enterprise Server for SAP 12-SP5, SUSE Manager Server 4.0 allows attackers with access to the hashed password to use it without having to crack it. This issue affects: SUSE Linux Enterprise Server for SAP 12-SP5 cryptctl versions prior to 2.4. SUSE Manager Server 4.0 cryptctl versions prior to 2.4." + "value": "A Improper Authentication vulnerability in cryptctl of SUSE Linux Enterprise Server for SAP 12-SP5, SUSE Manager Server 4.0 allows attackers with access to the hashed password to use it without having to crack it. This issue affects: SUSE Linux Enterprise Server for SAP 12-SP5 cryptctl versions prior to 2.4. SUSE Manager Server 4.0 cryptctl versions prior to 2.4." } ] }, @@ -85,7 +85,7 @@ "description": [ { "lang": "eng", - "value": "CWE-836: Use of Password Hash Instead of Password for Authentication" + "value": "CWE-287: Improper Authentication" } ] } @@ -107,4 +107,4 @@ ], "discovery": "INTERNAL" } -} \ No newline at end of file +} diff --git a/2020/8xxx/CVE-2020-8016.json b/2020/8xxx/CVE-2020-8016.json index 5f19f1ce4de..7bd9469ba36 100644 --- a/2020/8xxx/CVE-2020-8016.json +++ b/2020/8xxx/CVE-2020-8016.json @@ -116,7 +116,7 @@ "description": [ { "lang": "eng", - "value": "CWE-363: Race Condition Enabling Link Following" + "value": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition" } ] } @@ -143,4 +143,4 @@ ], "discovery": "INTERNAL" } -} \ No newline at end of file +} diff --git a/2020/8xxx/CVE-2020-8017.json b/2020/8xxx/CVE-2020-8017.json index a8c821d456c..22d90dcbbdd 100644 --- a/2020/8xxx/CVE-2020-8017.json +++ b/2020/8xxx/CVE-2020-8017.json @@ -116,7 +116,7 @@ "description": [ { "lang": "eng", - "value": "CWE-363: Race Condition Enabling Link Following" + "value": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition" } ] } @@ -143,4 +143,4 @@ ], "discovery": "INTERNAL" } -} \ No newline at end of file +} diff --git a/2021/31xxx/CVE-2021-31997.json b/2021/31xxx/CVE-2021-31997.json index e13fbbb3379..ca5bb30b4c3 100644 --- a/2021/31xxx/CVE-2021-31997.json +++ b/2021/31xxx/CVE-2021-31997.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "a UNIX Symbolic Link (Symlink) Following vulnerability in python-postorius of openSUSE Leap 15.2, Factory allows local attackers to escalate from users postorius or postorius-admin to root. This issue affects: openSUSE Leap 15.2 python-postorius version 1.3.2-lp152.1.2 and prior versions. openSUSE Factory python-postorius version 1.3.4-2.1 and prior versions." + "value": "A UNIX Symbolic Link (Symlink) Following vulnerability in python-postorius of openSUSE Leap 15.2, Factory allows local attackers to escalate from users postorius or postorius-admin to root. This issue affects: openSUSE Leap 15.2 python-postorius version 1.3.2-lp152.1.2 and prior versions. openSUSE Factory python-postorius version 1.3.4-2.1 and prior versions." } ] }, @@ -85,7 +85,7 @@ "description": [ { "lang": "eng", - "value": "CWE-61: UNIX Symbolic Link (Symlink) Following" + "value": "CWE-59: Improper Link Resolution Before File Access ('Link Following')" } ] } @@ -107,4 +107,4 @@ ], "discovery": "INTERNAL" } -} \ No newline at end of file +} diff --git a/2021/32xxx/CVE-2021-32000.json b/2021/32xxx/CVE-2021-32000.json index a7358e181e3..d86a9edad92 100644 --- a/2021/32xxx/CVE-2021-32000.json +++ b/2021/32xxx/CVE-2021-32000.json @@ -104,7 +104,7 @@ "description": [ { "lang": "eng", - "value": "CWE-61: UNIX Symbolic Link (Symlink) Following" + "value": "Improper Link Resolution Before File Access ('Link Following')" } ] } @@ -126,4 +126,4 @@ ], "discovery": "INTERNAL" } -} \ No newline at end of file +} diff --git a/2021/36xxx/CVE-2021-36778.json b/2021/36xxx/CVE-2021-36778.json index 93d01cd20e5..bd0736f2373 100644 --- a/2021/36xxx/CVE-2021-36778.json +++ b/2021/36xxx/CVE-2021-36778.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE Rancher allows administrators of third-party repositories to gather credentials that are sent to their servers. This issue affects: SUSE Rancher Rancher versions prior to 2.5.12; Rancher versions prior to 2.6.3." + "value": "A Incorrect Authorization vulnerability in SUSE Rancher allows administrators of third-party repositories to gather credentials that are sent to their servers. This issue affects: SUSE Rancher Rancher versions prior to 2.5.12; Rancher versions prior to 2.6.3." } ] }, @@ -85,7 +85,7 @@ "description": [ { "lang": "eng", - "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor" + "value": "CWE-863: Incorrect Authorization" } ] } @@ -107,4 +107,4 @@ ], "discovery": "EXTERNAL" } -} \ No newline at end of file +} diff --git a/2022/21xxx/CVE-2022-21944.json b/2022/21xxx/CVE-2022-21944.json index 59c2fac42a4..41cadc5171f 100644 --- a/2022/21xxx/CVE-2022-21944.json +++ b/2022/21xxx/CVE-2022-21944.json @@ -85,7 +85,7 @@ "description": [ { "lang": "eng", - "value": "CWE-61: UNIX Symbolic Link (Symlink) Following" + "value": "CWE-59: Improper Link Resolution Before File Access ('Link Following')" } ] } @@ -107,4 +107,4 @@ ], "discovery": "INTERNAL" } -} \ No newline at end of file +} diff --git a/2022/31xxx/CVE-2022-31250.json b/2022/31xxx/CVE-2022-31250.json index 2972dea788c..aaf23c75514 100644 --- a/2022/31xxx/CVE-2022-31250.json +++ b/2022/31xxx/CVE-2022-31250.json @@ -73,7 +73,7 @@ "description": [ { "lang": "eng", - "value": "CWE-61: UNIX Symbolic Link (Symlink) Following" + "value": "CWE-59: Improper Link Resolution Before File Access ('Link Following')" } ] } @@ -95,4 +95,4 @@ ], "discovery": "INTERNAL" } -} \ No newline at end of file +}