diff --git a/2022/0xxx/CVE-2022-0084.json b/2022/0xxx/CVE-2022-0084.json index 4bf3d7589c7..535c6e2faa1 100644 --- a/2022/0xxx/CVE-2022-0084.json +++ b/2022/0xxx/CVE-2022-0084.json @@ -4,14 +4,73 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-0084", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "xnio", + "version": { + "version_data": [ + { + "version_value": "Fixed in v3.x" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-770 - Allocation of Resources Without Limits or Throttling" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" + }, + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2022-0084", + "url": "https://access.redhat.com/security/cve/CVE-2022-0084" + }, + { + "refsource": "MISC", + "name": "https://github.com/xnio/xnio/pull/291", + "url": "https://github.com/xnio/xnio/pull/291" + }, + { + "refsource": "MISC", + "name": "https://github.com/xnio/xnio/commit/fdefb3b8b715d33387cadc4d48991fb1989b0c12", + "url": "https://github.com/xnio/xnio/commit/fdefb3b8b715d33387cadc4d48991fb1989b0c12" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up." } ] } diff --git a/2022/0xxx/CVE-2022-0168.json b/2022/0xxx/CVE-2022-0168.json index f33c88fbbde..efdb2e1e673 100644 --- a/2022/0xxx/CVE-2022-0168.json +++ b/2022/0xxx/CVE-2022-0168.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-0168", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "kernel", + "version": { + "version_data": [ + { + "version_value": "Affects v5.4\u20135.12, v5.13-rc+HEAD" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476 - NULL Pointer Dereference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2037386", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2037386" + }, + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2022-0168", + "url": "https://access.redhat.com/security/cve/CVE-2022-0168" + }, + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d6f5e358452479fa8a773b5c6ccc9e4ec5a20880", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d6f5e358452479fa8a773b5c6ccc9e4ec5a20880" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service (DOS) issue was found in the Linux kernel\u2019s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system." } ] } diff --git a/2022/0xxx/CVE-2022-0171.json b/2022/0xxx/CVE-2022-0171.json index 220df979311..3b4f4d2f817 100644 --- a/2022/0xxx/CVE-2022-0171.json +++ b/2022/0xxx/CVE-2022-0171.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-0171", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "kernel", + "version": { + "version_data": [ + { + "version_value": "Fixed in kernel 5.18-rc4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-459 - Incomplete Cleanup." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2038940", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2038940" + }, + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=683412ccf61294d727ead4a73d97397396e69a6b", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=683412ccf61294d727ead4a73d97397396e69a6b" + }, + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2022-0171", + "url": "https://access.redhat.com/security/cve/CVE-2022-0171" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV)." } ] } diff --git a/2022/0xxx/CVE-2022-0175.json b/2022/0xxx/CVE-2022-0175.json index ca4ad0ac830..b6237229c6e 100644 --- a/2022/0xxx/CVE-2022-0175.json +++ b/2022/0xxx/CVE-2022-0175.json @@ -4,14 +4,78 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-0175", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "virglrenderer", + "version": { + "version_data": [ + { + "version_value": "Affects v0.9.0 and later." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-909 - Missing Initialization of Resource" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654", + "url": "https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654" + }, + { + "refsource": "MISC", + "name": "https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/b05bb61f454eeb8a85164c8a31510aeb9d79129c", + "url": "https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/b05bb61f454eeb8a85164c8a31510aeb9d79129c" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2039003", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039003" + }, + { + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2022-0175", + "url": "https://security-tracker.debian.org/tracker/CVE-2022-0175" + }, + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2022-0175", + "url": "https://access.redhat.com/security/cve/CVE-2022-0175" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure." } ] } diff --git a/2022/0xxx/CVE-2022-0207.json b/2022/0xxx/CVE-2022-0207.json index da79238010a..1909a232b5a 100644 --- a/2022/0xxx/CVE-2022-0207.json +++ b/2022/0xxx/CVE-2022-0207.json @@ -4,14 +4,78 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-0207", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "vdsm", + "version": { + "version_data": [ + { + "version_value": "Fixed in v4.50.0.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2033697", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2033697" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2039248", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039248" + }, + { + "refsource": "MISC", + "name": "https://gerrit.ovirt.org/c/vdsm/+/118025", + "url": "https://gerrit.ovirt.org/c/vdsm/+/118025" + }, + { + "refsource": "MISC", + "name": "https://gerrit.ovirt.org/gitweb?p=vdsm.git;a=commit;h=53b0036fc72d3b8877d4e7f047d705e5a4c722e8", + "url": "https://gerrit.ovirt.org/gitweb?p=vdsm.git;a=commit;h=53b0036fc72d3b8877d4e7f047d705e5a4c722e8" + }, + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2022-0207", + "url": "https://access.redhat.com/security/cve/CVE-2022-0207" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A race condition was found in vdsm. Functionality to obfuscate sensitive values in log files that may lead to values being stored in clear text." } ] } diff --git a/2022/0xxx/CVE-2022-0216.json b/2022/0xxx/CVE-2022-0216.json index ec7bc2f2c80..637b8762a4c 100644 --- a/2022/0xxx/CVE-2022-0216.json +++ b/2022/0xxx/CVE-2022-0216.json @@ -4,14 +4,78 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-0216", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "QEMU", + "version": { + "version_data": [ + { + "version_value": "Affects QEMU < v6.0.0, Fixed in v7.1.0-rc0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416 - Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://starlabs.sg/advisories/22/22-0216/", + "url": "https://starlabs.sg/advisories/22/22-0216/" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2036953", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036953" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/qemu-project/qemu/-/issues/972", + "url": "https://gitlab.com/qemu-project/qemu/-/issues/972" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/qemu-project/qemu/-/commit/4367a20cc4", + "url": "https://gitlab.com/qemu-project/qemu/-/commit/4367a20cc4" + }, + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2022-0216", + "url": "https://access.redhat.com/security/cve/CVE-2022-0216" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service." } ] } diff --git a/2022/0xxx/CVE-2022-0217.json b/2022/0xxx/CVE-2022-0217.json index 01dece0ed73..95afdd66c48 100644 --- a/2022/0xxx/CVE-2022-0217.json +++ b/2022/0xxx/CVE-2022-0217.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-0217", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "prosody", + "version": { + "version_data": [ + { + "version_value": "Fixed in prosody 0.11.12, Affects all versions with support for WebSockets." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion'), CWE-20 - Improper Input Validation." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2040639", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040639" + }, + { + "refsource": "MISC", + "name": "https://prosody.im/security/advisory_20220113/", + "url": "https://prosody.im/security/advisory_20220113/" + }, + { + "refsource": "MISC", + "name": "https://prosody.im/security/advisory_20220113/1.patch", + "url": "https://prosody.im/security/advisory_20220113/1.patch" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in expansion of recursive entity references from DTDs (CWE-776). In addition, depending on the libexpat version used, it may also allow injections using XML External Entity References (CWE-611)." } ] } diff --git a/2022/0xxx/CVE-2022-0225.json b/2022/0xxx/CVE-2022-0225.json index 715c19b892f..1f17a6119bf 100644 --- a/2022/0xxx/CVE-2022-0225.json +++ b/2022/0xxx/CVE-2022-0225.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-0225", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "keycloak", + "version": { + "version_data": [ + { + "version_value": "Not-Known" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" + }, + { + "refsource": "MISC", + "name": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", + "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack." } ] } diff --git a/2022/31xxx/CVE-2022-31773.json b/2022/31xxx/CVE-2022-31773.json index f2fa338e604..ba619623d68 100644 --- a/2022/31xxx/CVE-2022-31773.json +++ b/2022/31xxx/CVE-2022-31773.json @@ -1,105 +1,105 @@ { - "data_version" : "4.0", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } - ] - } - ] - }, - "data_type" : "CVE", - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6615307 (DataPower Gateway)", - "url" : "https://www.ibm.com/support/pages/node/6615307", - "name" : "https://www.ibm.com/support/pages/node/6615307" - }, - { - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/228357", - "name" : "ibm-datapower-cve202231773-csrf (228357)" - } - ] - }, - "description" : { - "description_data" : [ - { - "value" : "IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 228357.", - "lang" : "eng" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_version": "4.0", + "problemtype": { + "problemtype_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "2018.4.1.0" - }, - { - "version_value" : "10.0.1.0" - }, - { - "version_value" : "10.0.2.0" - }, - { - "version_value" : "10.0.4.0" - }, - { - "version_value" : "2018.4.1.21" - }, - { - "version_value" : "10.0.1.8" - } - ] - }, - "product_name" : "DataPower Gateway" - } - ] - } + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] } - ] - } - }, - "data_format" : "MITRE", - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2022-31773", - "DATE_PUBLIC" : "2022-08-25T00:00:00" - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - }, - "BM" : { - "C" : "H", - "SCORE" : "8.800", - "A" : "H", - "S" : "U", - "UI" : "R", - "I" : "H", - "AC" : "L", - "PR" : "N", - "AV" : "N" - } - } - } -} + ] + }, + "data_type": "CVE", + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6615307 (DataPower Gateway)", + "url": "https://www.ibm.com/support/pages/node/6615307", + "name": "https://www.ibm.com/support/pages/node/6615307" + }, + { + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/228357", + "name": "ibm-datapower-cve202231773-csrf (228357)" + } + ] + }, + "description": { + "description_data": [ + { + "value": "IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 228357.", + "lang": "eng" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2018.4.1.0" + }, + { + "version_value": "10.0.1.0" + }, + { + "version_value": "10.0.2.0" + }, + { + "version_value": "10.0.4.0" + }, + { + "version_value": "2018.4.1.21" + }, + { + "version_value": "10.0.1.8" + } + ] + }, + "product_name": "DataPower Gateway" + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "CVE_data_meta": { + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2022-31773", + "DATE_PUBLIC": "2022-08-25T00:00:00" + }, + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + }, + "BM": { + "C": "H", + "SCORE": "8.800", + "A": "H", + "S": "U", + "UI": "R", + "I": "H", + "AC": "L", + "PR": "N", + "AV": "N" + } + } + } +} \ No newline at end of file diff --git a/2022/34xxx/CVE-2022-34301.json b/2022/34xxx/CVE-2022-34301.json index c4dbdd952ef..1d52427748a 100644 --- a/2022/34xxx/CVE-2022-34301.json +++ b/2022/34xxx/CVE-2022-34301.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-34301", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-34301", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot", + "refsource": "MISC", + "name": "https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot" + }, + { + "refsource": "MISC", + "name": "https://www.kb.cert.org/vuls/id/309662", + "url": "https://www.kb.cert.org/vuls/id/309662" } ] } diff --git a/2022/34xxx/CVE-2022-34302.json b/2022/34xxx/CVE-2022-34302.json index 5dfdaa235a1..c7d39727b46 100644 --- a/2022/34xxx/CVE-2022-34302.json +++ b/2022/34xxx/CVE-2022-34302.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-34302", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-34302", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot", + "refsource": "MISC", + "name": "https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot" + }, + { + "refsource": "MISC", + "name": "https://www.kb.cert.org/vuls/id/309662", + "url": "https://www.kb.cert.org/vuls/id/309662" } ] } diff --git a/2022/34xxx/CVE-2022-34303.json b/2022/34xxx/CVE-2022-34303.json index 84ab0c6ddfc..48be95e850f 100644 --- a/2022/34xxx/CVE-2022-34303.json +++ b/2022/34xxx/CVE-2022-34303.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-34303", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-34303", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot", + "refsource": "MISC", + "name": "https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot" + }, + { + "refsource": "MISC", + "name": "https://www.kb.cert.org/vuls/id/309662", + "url": "https://www.kb.cert.org/vuls/id/309662" } ] } diff --git a/2022/35xxx/CVE-2022-35714.json b/2022/35xxx/CVE-2022-35714.json index 11d2e86d9bf..f53fcc43a13 100644 --- a/2022/35xxx/CVE-2022-35714.json +++ b/2022/35xxx/CVE-2022-35714.json @@ -1,93 +1,93 @@ { - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Maximo Asset Management 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231116." - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "Maximo Asset Management", - "version" : { - "version_data" : [ - { - "version_value" : "7.6.1.1" - }, - { - "version_value" : "7.6.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "lang": "eng", + "value": "IBM Maximo Asset Management 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231116." } - ] - } - }, - "data_version" : "4.0", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Maximo Asset Management", + "version": { + "version_data": [ + { + "version_value": "7.6.1.1" + }, + { + "version_value": "7.6.1.2" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6615273", - "title" : "IBM Security Bulletin 6615273 (Maximo Asset Management)", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6615273" - }, - { - "name" : "ibm-maximo-cve202235714-xss (231116)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/231116", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF" - } - ] - }, - "data_type" : "CVE", - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ID" : "CVE-2022-35714", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2022-08-25T00:00:00" - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "H" - }, - "BM" : { - "C" : "L", - "SCORE" : "5.400", - "A" : "N", - "UI" : "R", - "S" : "C", - "AV" : "N", - "PR" : "L", - "I" : "L", - "AC" : "L" - } - } - }, - "data_format" : "MITRE" -} + } + }, + "data_version": "4.0", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6615273", + "title": "IBM Security Bulletin 6615273 (Maximo Asset Management)", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6615273" + }, + { + "name": "ibm-maximo-cve202235714-xss (231116)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/231116", + "title": "X-Force Vulnerability Report", + "refsource": "XF" + } + ] + }, + "data_type": "CVE", + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2022-35714", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2022-08-25T00:00:00" + }, + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "RC": "C", + "E": "H" + }, + "BM": { + "C": "L", + "SCORE": "5.400", + "A": "N", + "UI": "R", + "S": "C", + "AV": "N", + "PR": "L", + "I": "L", + "AC": "L" + } + } + }, + "data_format": "MITRE" +} \ No newline at end of file diff --git a/2022/36xxx/CVE-2022-36522.json b/2022/36xxx/CVE-2022-36522.json index 607171d500e..5ce7fb45472 100644 --- a/2022/36xxx/CVE-2022-36522.json +++ b/2022/36xxx/CVE-2022-36522.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-36522", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-36522", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mikrotik RouterOs through stable v6.48.3 was discovered to contain an assertion failure in the component /advanced-tools/nova/bin/netwatch. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://seclists.org/fulldisclosure/2021/Jul/0", + "refsource": "MISC", + "name": "https://seclists.org/fulldisclosure/2021/Jul/0" } ] } diff --git a/2022/38xxx/CVE-2022-38784.json b/2022/38xxx/CVE-2022-38784.json new file mode 100644 index 00000000000..196fd7d8571 --- /dev/null +++ b/2022/38xxx/CVE-2022-38784.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-38784", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file