From 0e82a8fc6d443899a9019561c82841d9eb7cce5c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 27 Apr 2022 03:01:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/23xxx/CVE-2022-23942.json | 5 +++ 2022/27xxx/CVE-2022-27331.json | 56 +++++++++++++++++++++++++++---- 2022/27xxx/CVE-2022-27332.json | 56 +++++++++++++++++++++++++++---- 2022/28xxx/CVE-2022-28085.json | 61 ++++++++++++++++++++++++++++++---- 2022/29xxx/CVE-2022-29700.json | 56 +++++++++++++++++++++++++++---- 2022/29xxx/CVE-2022-29701.json | 56 +++++++++++++++++++++++++++---- 6 files changed, 260 insertions(+), 30 deletions(-) diff --git a/2022/23xxx/CVE-2022-23942.json b/2022/23xxx/CVE-2022-23942.json index 6ed0fcc4f09..3ae8cf5bd21 100644 --- a/2022/23xxx/CVE-2022-23942.json +++ b/2022/23xxx/CVE-2022-23942.json @@ -77,6 +77,11 @@ "refsource": "MLIST", "name": "[oss-security] 20220426 CVE-2022-23942: Apache Doris(incubating) hardcoded cryptography initialization", "url": "http://www.openwall.com/lists/oss-security/2022/04/26/2" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20220426 [morningman@....com: CVE-2022-23942: Apache Doris(incubating) hardcoded cryptography initialization]", + "url": "http://www.openwall.com/lists/oss-security/2022/04/26/3" } ] }, diff --git a/2022/27xxx/CVE-2022-27331.json b/2022/27xxx/CVE-2022-27331.json index a6bbc1aab4a..27e9fee7d87 100644 --- a/2022/27xxx/CVE-2022-27331.json +++ b/2022/27xxx/CVE-2022-27331.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-27331", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-27331", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://zammad.com/de/advisories/zaa-2022-02", + "refsource": "MISC", + "name": "https://zammad.com/de/advisories/zaa-2022-02" } ] } diff --git a/2022/27xxx/CVE-2022-27332.json b/2022/27xxx/CVE-2022-27332.json index 954cf18d05c..491cc236a67 100644 --- a/2022/27xxx/CVE-2022-27332.json +++ b/2022/27xxx/CVE-2022-27332.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-27332", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-27332", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log without authentication. This vulnerability can allow attackers to execute phishing attacks or cause a Denial of Service (DoS)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://zammad.com/en/advisories/zaa-2022-01", + "refsource": "MISC", + "name": "https://zammad.com/en/advisories/zaa-2022-01" } ] } diff --git a/2022/28xxx/CVE-2022-28085.json b/2022/28xxx/CVE-2022-28085.json index 1c21547dc89..8f6e8446c5f 100644 --- a/2022/28xxx/CVE-2022-28085.json +++ b/2022/28xxx/CVE-2022-28085.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-28085", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-28085", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdf_write_names in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service (DoS)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/michaelrsweet/htmldoc/issues/480", + "refsource": "MISC", + "name": "https://github.com/michaelrsweet/htmldoc/issues/480" + }, + { + "url": "https://github.com/michaelrsweet/htmldoc/commit/46c8ec2b9bccb8ccabff52d998c5eee77a228348", + "refsource": "MISC", + "name": "https://github.com/michaelrsweet/htmldoc/commit/46c8ec2b9bccb8ccabff52d998c5eee77a228348" } ] } diff --git a/2022/29xxx/CVE-2022-29700.json b/2022/29xxx/CVE-2022-29700.json index dd5ccc00c7d..f000b18979b 100644 --- a/2022/29xxx/CVE-2022-29700.json +++ b/2022/29xxx/CVE-2022-29700.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-29700", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-29700", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denial of Service (DoS) during password verification." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://zammad.com/en/advisories/zaa-2022-03", + "refsource": "MISC", + "name": "https://zammad.com/en/advisories/zaa-2022-03" } ] } diff --git a/2022/29xxx/CVE-2022-29701.json b/2022/29xxx/CVE-2022-29701.json index 10097baeb00..f2fbd763152 100644 --- a/2022/29xxx/CVE-2022-29701.json +++ b/2022/29xxx/CVE-2022-29701.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-29701", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-29701", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A lack of rate limiting in the 'forgot password' feature of Zammad v5.1.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://zammad.com/en/advisories/zaa-2022-04", + "refsource": "MISC", + "name": "https://zammad.com/en/advisories/zaa-2022-04" } ] }