admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-12-23 16:00:38 +00:00
parent a58b3f53bd
commit 0f8830b1d8
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
15 changed files with 690 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2021/31xxx/CVE-2021-31693.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0029.html",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0029.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20221223-0009/",
"url": "https://security.netapp.com/advisory/ntap-20221223-0009/"
}
]
},

5
2021/46xxx/CVE-2021-46784.json
View File

@ -76,6 +76,11 @@
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2021-46784",
"url": "https://security-tracker.debian.org/tracker/CVE-2021-46784"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20221223-0007/",
"url": "https://security.netapp.com/advisory/ntap-20221223-0007/"
}
]
}

5
2022/2xxx/CVE-2022-2938.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a06247c6804f1a7c86a2e5398a4c1f1db1471848",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a06247c6804f1a7c86a2e5398a4c1f1db1471848"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20221223-0002/",
"url": "https://security.netapp.com/advisory/ntap-20221223-0002/"
}
]
},

133
2022/38xxx/CVE-2022-38757.json
View File

@ -1,18 +1,139 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2022-38757",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "CVE-2022-38757 ZENworks"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZENworks Configuration Management (ZCM)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "ZENworks 2020",
"version_value": "Update 3a"
}
]
}
},
{
"product_name": "ZENworks Asset Management",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "ZENworks 2020",
"version_value": "Update 3a"
}
]
}
},
{
"product_name": "ZENworks Endpoint Security Management (ZESM)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "ZENworks 2020",
"version_value": "Update 3a"
}
]
}
},
{
"product_name": "ZENworks Patch Management (ZPM)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "ZENworks 2020",
"version_value": "Update 3a"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Micro Focus ZENworks 2020 Update 3a and prior versions. This vulnerability allows administrators with rights to perform actions (e.g., install a bundle) on a set of managed devices, to be able to exercise these rights on managed devices in the ZENworks zone but which are outside the scope of the administrator. This vulnerability does not result in the administrators gaining additional rights on the managed devices, either in the scope or outside the scope of the administrator."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://portal.microfocus.com/s/article/KM000012895?language=en_US",
"name": "https://portal.microfocus.com/s/article/KM000012895?language=en_US"
},
{
"refsource": "MISC",
"url": "https://kmviewer.saas.microfocus.com/#/PH_206719",
"name": "https://kmviewer.saas.microfocus.com/#/PH_206719"
},
{
"refsource": "MISC",
"url": "https://kmviewer.saas.microfocus.com/#/PH_206720",
"name": "https://kmviewer.saas.microfocus.com/#/PH_206720"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Micro Focus has made the following mitigation information available to resolve the vulnerability for the impacted versions of ZENworks:\n\n https://kmviewer.saas.microfocus.com/#/PH_206719 (ZENworks 2020 Update 2)\n https://kmviewer.saas.microfocus.com/#/PH_206720 (ZENworks 2020 Update 3a and ZENworks 2020 Update 3)"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

5
2022/3xxx/CVE-2022-3165.json
View File

@ -58,6 +58,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2022-4387579e67",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTY7TVHX62OJWF6IOBCIGLR2N5K4QN3E/"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20221223-0006/",
"url": "https://security.netapp.com/advisory/ntap-20221223-0006/"
}
]
},

5
2022/3xxx/CVE-2022-3545.json
View File

@ -71,6 +71,11 @@
"url": "https://vuldb.com/?id.211045",
"refsource": "MISC",
"name": "https://vuldb.com/?id.211045"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20221223-0003/",
"url": "https://security.netapp.com/advisory/ntap-20221223-0003/"
}
]
}

5
2022/3xxx/CVE-2022-3564.json
View File

@ -76,6 +76,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20221223-0001/",
"url": "https://security.netapp.com/advisory/ntap-20221223-0001/"
}
]
}

5
2022/3xxx/CVE-2022-3705.json
View File

@ -91,6 +91,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2022-4bc60c32a2",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20221223-0004/",
"url": "https://security.netapp.com/advisory/ntap-20221223-0004/"
}
]
}

72
2022/47xxx/CVE-2022-47938.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-47938",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in ksmbd in the Linux kernel before 5.19.2. fs/ksmbd/smb2misc.c has an out-of-bounds read and OOPS for SMB2_TREE_CONNNECT."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.2",
"refsource": "MISC",
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.2"
},
{
"url": "https://github.com/torvalds/linux/commit/824d4f64c20093275f72fc8101394d75ff6a249e",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/824d4f64c20093275f72fc8101394d75ff6a249e"
},
{
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=824d4f64c20093275f72fc8101394d75ff6a249e",
"refsource": "MISC",
"name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=824d4f64c20093275f72fc8101394d75ff6a249e"
}
]
}
}

72
2022/47xxx/CVE-2022-47939.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-47939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in ksmbd in the Linux kernel before 5.19.2. fs/ksmbd/smb2pdu.c has a use-after-free and OOPS for SMB2_TREE_DISCONNECT."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.2",
"refsource": "MISC",
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.2"
},
{
"url": "https://github.com/torvalds/linux/commit/cf6531d98190fa2cf92a6d8bbc8af0a4740a223c",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/cf6531d98190fa2cf92a6d8bbc8af0a4740a223c"
},
{
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cf6531d98190fa2cf92a6d8bbc8af0a4740a223c",
"refsource": "MISC",
"name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cf6531d98190fa2cf92a6d8bbc8af0a4740a223c"
}
]
}
}

72
2022/47xxx/CVE-2022-47940.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-47940",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in ksmbd in the Linux kernel before 5.18.18. fs/ksmbd/smb2pdu.c lacks length validation in the non-padding case in smb2_write."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.18",
"refsource": "MISC",
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.18"
},
{
"url": "https://github.com/torvalds/linux/commit/158a66b245739e15858de42c0ba60fcf3de9b8e6",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/158a66b245739e15858de42c0ba60fcf3de9b8e6"
},
{
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=158a66b245739e15858de42c0ba60fcf3de9b8e6",
"refsource": "MISC",
"name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=158a66b245739e15858de42c0ba60fcf3de9b8e6"
}
]
}
}

72
2022/47xxx/CVE-2022-47941.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-47941",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in ksmbd in the Linux kernel before 5.19.2. fs/ksmbd/smb2pdu.c omits a kfree call in certain smb2_handle_negotiate error conditions, aka a memory leak."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.2",
"refsource": "MISC",
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.2"
},
{
"url": "https://github.com/torvalds/linux/commit/aa7253c2393f6dcd6a1468b0792f6da76edad917",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/aa7253c2393f6dcd6a1468b0792f6da76edad917"
},
{
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=aa7253c2393f6dcd6a1468b0792f6da76edad917",
"refsource": "MISC",
"name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=aa7253c2393f6dcd6a1468b0792f6da76edad917"
}
]
}
}

72
2022/47xxx/CVE-2022-47942.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-47942",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in ksmbd in the Linux kernel before 5.19.2. There is a heap-based buffer overflow in set_ntacl_dacl, related to use of SMB2_QUERY_INFO_HE after a malformed SMB2_SET_INFO_HE command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.2",
"refsource": "MISC",
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.2"
},
{
"url": "https://github.com/torvalds/linux/commit/8f0541186e9ad1b62accc9519cc2b7a7240272a7",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/8f0541186e9ad1b62accc9519cc2b7a7240272a7"
},
{
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8f0541186e9ad1b62accc9519cc2b7a7240272a7",
"refsource": "MISC",
"name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8f0541186e9ad1b62accc9519cc2b7a7240272a7"
}
]
}
}

84
2022/4xxx/CVE-2022-4697.json Normal file
View File

@ -0,0 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-4697",
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018wp_user_cover_default_image_url\u2019 parameter in versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "collizo4sky",
"product": {
"product_data": [
{
"product_name": "Paid Membership, Ecommerce, Registration Form, Login Form, User Profile, Paywall & Restrict Content \u2013 ProfilePress",
"version": {
"version_data": [
{
"version_value": "*",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2838522%40wp-user-avatar%2Ftrunk&old=2837217%40wp-user-avatar%2Ftrunk&sfp_email=&sfph_mail=",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2838522%40wp-user-avatar%2Ftrunk&old=2837217%40wp-user-avatar%2Ftrunk&sfp_email=&sfph_mail="
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3d54f585-0116-4517-84f1-271e89a05539",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3d54f585-0116-4517-84f1-271e89a05539"
}
]
},
"credits": [
{
"lang": "en",
"value": "Marco Wotschka"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
}
]
}
}

84
2022/4xxx/CVE-2022-4698.json Normal file
View File

@ -0,0 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-4698",
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several form fields in versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "collizo4sky",
"product": {
"product_data": [
{
"product_name": "Paid Membership, Ecommerce, Registration Form, Login Form, User Profile, Paywall & Restrict Content \u2013 ProfilePress",
"version": {
"version_data": [
{
"version_value": "*",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/43c9dcec-f769-4c55-93d0-c2aa45a4fa16",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/43c9dcec-f769-4c55-93d0-c2aa45a4fa16"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2838522%40wp-user-avatar%2Ftrunk&old=2837217%40wp-user-avatar%2Ftrunk&sfp_email=&sfph_mail=",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2838522%40wp-user-avatar%2Ftrunk&old=2837217%40wp-user-avatar%2Ftrunk&sfp_email=&sfph_mail="
}
]
},
"credits": [
{
"lang": "en",
"value": "Ivan Kuzymchak"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
}
]
}
}