From 17d277484adbf7414c632b7c5509ad27f5c8dba1 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 26 Aug 2022 16:00:41 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/20xxx/CVE-2021-20260.json | 55 +++++++++++++++++++++-- 2021/35xxx/CVE-2021-35939.json | 70 +++++++++++++++++++++++++++-- 2021/3xxx/CVE-2021-3414.json | 55 +++++++++++++++++++++-- 2021/3xxx/CVE-2021-3427.json | 55 +++++++++++++++++++++-- 2021/3xxx/CVE-2021-3563.json | 65 +++++++++++++++++++++++++-- 2021/3xxx/CVE-2021-3574.json | 60 +++++++++++++++++++++++-- 2021/3xxx/CVE-2021-3585.json | 70 +++++++++++++++++++++++++++-- 2021/3xxx/CVE-2021-3627.json | 4 +- 2021/3xxx/CVE-2021-3632.json | 70 +++++++++++++++++++++++++++-- 2021/3xxx/CVE-2021-3644.json | 75 +++++++++++++++++++++++++++++-- 2021/3xxx/CVE-2021-3651.json | 4 +- 2021/3xxx/CVE-2021-3669.json | 65 +++++++++++++++++++++++++-- 2021/3xxx/CVE-2021-3688.json | 55 +++++++++++++++++++++-- 2021/3xxx/CVE-2021-3691.json | 4 +- 2021/3xxx/CVE-2021-3703.json | 55 +++++++++++++++++++++-- 2021/3xxx/CVE-2021-3735.json | 60 +++++++++++++++++++++++-- 2021/3xxx/CVE-2021-3754.json | 55 +++++++++++++++++++++-- 2021/3xxx/CVE-2021-3856.json | 70 +++++++++++++++++++++++++++-- 2021/3xxx/CVE-2021-3859.json | 70 +++++++++++++++++++++++++++-- 2021/3xxx/CVE-2021-3864.json | 80 ++++++++++++++++++++++++++++++++-- 2021/3xxx/CVE-2021-3913.json | 4 +- 2021/4xxx/CVE-2021-4215.json | 4 +- 2021/4xxx/CVE-2021-4216.json | 55 +++++++++++++++++++++-- 2022/25xxx/CVE-2022-25625.json | 50 +++++++++++++++++++-- 2022/34xxx/CVE-2022-34169.json | 30 +++++++++++++ 2022/34xxx/CVE-2022-34255.json | 8 ++-- 2022/35xxx/CVE-2022-35692.json | 2 +- 27 files changed, 1178 insertions(+), 72 deletions(-) diff --git a/2021/20xxx/CVE-2021-20260.json b/2021/20xxx/CVE-2021-20260.json index 0bfaa618e15..cc3924d02d4 100644 --- a/2021/20xxx/CVE-2021-20260.json +++ b/2021/20xxx/CVE-2021-20260.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20260", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "foreman", + "version": { + "version_data": [ + { + "version_value": "Not-Known" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1932181", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932181" + }, + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2021-20260", + "url": "https://access.redhat.com/security/cve/CVE-2021-20260" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in the Foreman project. The Datacenter plugin exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." } ] } diff --git a/2021/35xxx/CVE-2021-35939.json b/2021/35xxx/CVE-2021-35939.json index 6cbf24a810d..573db3919c1 100644 --- a/2021/35xxx/CVE-2021-35939.json +++ b/2021/35xxx/CVE-2021-35939.json @@ -4,14 +4,78 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-35939", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "RPM", + "version": { + "version_data": [ + { + "version_value": "Fixed in RPM-v4.18" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-59 - Improper Link Resolution Before File Access ('Link Following')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://rpm.org/wiki/Releases/4.18.0", + "url": "https://rpm.org/wiki/Releases/4.18.0" + }, + { + "refsource": "MISC", + "name": "https://github.com/rpm-software-management/rpm/pull/1919", + "url": "https://github.com/rpm-software-management/rpm/pull/1919" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1964129", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964129" + }, + { + "refsource": "MISC", + "name": "https://github.com/rpm-software-management/rpm/commit/96ec957e281220f8e137a2d5eb23b83a6377d556", + "url": "https://github.com/rpm-software-management/rpm/commit/96ec957e281220f8e137a2d5eb23b83a6377d556" + }, + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2021-35939", + "url": "https://access.redhat.com/security/cve/CVE-2021-35939" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." } ] } diff --git a/2021/3xxx/CVE-2021-3414.json b/2021/3xxx/CVE-2021-3414.json index 13bc71e6e1e..9a2a7de1b9a 100644 --- a/2021/3xxx/CVE-2021-3414.json +++ b/2021/3xxx/CVE-2021-3414.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3414", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "satellite", + "version": { + "version_data": [ + { + "version_value": "Satellite v6.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-281 - Improper Preservation of Permissions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1926139", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1926139" + }, + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2021-3414", + "url": "https://access.redhat.com/security/cve/CVE-2021-3414" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in satellite. When giving granular permission related to the organization, other permissions allowing a user to view and manage other organizations are also granted. The highest threat from this vulnerability is to data confidentiality." } ] } diff --git a/2021/3xxx/CVE-2021-3427.json b/2021/3xxx/CVE-2021-3427.json index f7a0b8e2d62..d9a3f5352c0 100644 --- a/2021/3xxx/CVE-2021-3427.json +++ b/2021/3xxx/CVE-2021-3427.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3427", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Deluge-web", + "version": { + "version_data": [ + { + "version_value": "Not-Known" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://dev.deluge-torrent.org/ticket/3459", + "url": "https://dev.deluge-torrent.org/ticket/3459" + }, + { + "refsource": "MISC", + "name": "https://groups.google.com/g/deluge-dev/c/e5zh7wT0rEg", + "url": "https://groups.google.com/g/deluge-dev/c/e5zh7wT0rEg" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user's browser session." } ] } diff --git a/2021/3xxx/CVE-2021-3563.json b/2021/3xxx/CVE-2021-3563.json index 5b4028b7800..1b69ac07b09 100644 --- a/2021/3xxx/CVE-2021-3563.json +++ b/2021/3xxx/CVE-2021-3563.json @@ -4,14 +4,73 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3563", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "keystone", + "version": { + "version_data": [ + { + "version_value": "Not-known" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863 - Incorrect Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugs.launchpad.net/ossa/+bug/1901891", + "url": "https://bugs.launchpad.net/ossa/+bug/1901891" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1962908", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962908" + }, + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2021-3563", + "url": "https://access.redhat.com/security/cve/CVE-2021-3563" + }, + { + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2021-3563", + "url": "https://security-tracker.debian.org/tracker/CVE-2021-3563" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity." } ] } diff --git a/2021/3xxx/CVE-2021-3574.json b/2021/3xxx/CVE-2021-3574.json index e1c590a4706..7c111c7b7ac 100644 --- a/2021/3xxx/CVE-2021-3574.json +++ b/2021/3xxx/CVE-2021-3574.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3574", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ImageMagick", + "version": { + "version_data": [ + { + "version_value": "Fixed in ImageMagick-7.0.11-8, ImageMagick-6.9.12-8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-401 - Missing Release of Memory after Effective Lifetime" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/ImageMagick/ImageMagick/issues/3540", + "url": "https://github.com/ImageMagick/ImageMagick/issues/3540" + }, + { + "refsource": "MISC", + "name": "https://github.com/ImageMagick/ImageMagick/commit/c6ad94fbb7b280f39c2fbbdc1c140e51b1b466e9", + "url": "https://github.com/ImageMagick/ImageMagick/commit/c6ad94fbb7b280f39c2fbbdc1c140e51b1b466e9" + }, + { + "refsource": "MISC", + "name": "https://github.com/ImageMagick/ImageMagick6/commit/cd7f9fb7751b0d59d5a74b12d971155caad5a792", + "url": "https://github.com/ImageMagick/ImageMagick6/commit/cd7f9fb7751b0d59d5a74b12d971155caad5a792" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks." } ] } diff --git a/2021/3xxx/CVE-2021-3585.json b/2021/3xxx/CVE-2021-3585.json index 3162864d099..63112e37105 100644 --- a/2021/3xxx/CVE-2021-3585.json +++ b/2021/3xxx/CVE-2021-3585.json @@ -4,14 +4,78 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3585", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "openstack/tripleo-heat-templates.", + "version": { + "version_data": [ + { + "version_value": "Fixed in openstack-tripleo-heat-templates-8.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1961709", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961709" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1968247", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968247" + }, + { + "refsource": "MISC", + "name": "https://bugs.launchpad.net/tripleo/+bug/1931132", + "url": "https://bugs.launchpad.net/tripleo/+bug/1931132" + }, + { + "refsource": "MISC", + "name": "https://review.opendev.org/c/openstack/tripleo-heat-templates/+/791988", + "url": "https://review.opendev.org/c/openstack/tripleo-heat-templates/+/791988" + }, + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2021-3585", + "url": "https://access.redhat.com/security/cve/CVE-2021-3585" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager." } ] } diff --git a/2021/3xxx/CVE-2021-3627.json b/2021/3xxx/CVE-2021-3627.json index 4378752f8f2..eab5aafe8ee 100644 --- a/2021/3xxx/CVE-2021-3627.json +++ b/2021/3xxx/CVE-2021-3627.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-3627", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2021/3xxx/CVE-2021-3632.json b/2021/3xxx/CVE-2021-3632.json index 1e7fd9dc981..8913c63086b 100644 --- a/2021/3xxx/CVE-2021-3632.json +++ b/2021/3xxx/CVE-2021-3632.json @@ -4,14 +4,78 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3632", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "keycloak", + "version": { + "version_data": [ + { + "version_value": "Fixed in v15.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287 - Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://issues.redhat.com/browse/KEYCLOAK-18500", + "url": "https://issues.redhat.com/browse/KEYCLOAK-18500" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1978196", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1978196" + }, + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2021-3632", + "url": "https://access.redhat.com/security/cve/CVE-2021-3632" + }, + { + "refsource": "MISC", + "name": "https://github.com/keycloak/keycloak/pull/8203", + "url": "https://github.com/keycloak/keycloak/pull/8203" + }, + { + "refsource": "MISC", + "name": "https://github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4", + "url": "https://github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow." } ] } diff --git a/2021/3xxx/CVE-2021-3644.json b/2021/3xxx/CVE-2021-3644.json index a3536ca60d0..0996b662f7e 100644 --- a/2021/3xxx/CVE-2021-3644.json +++ b/2021/3xxx/CVE-2021-3644.json @@ -4,14 +4,83 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3644", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "wildfly-core", + "version": { + "version_data": [ + { + "version_value": "Fixed in 16.0.1.Final, 17.0.0.Final and later." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1976052", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1976052" + }, + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2021-3644", + "url": "https://access.redhat.com/security/cve/CVE-2021-3644" + }, + { + "refsource": "MISC", + "name": "https://issues.redhat.com/browse/WFCORE-5511", + "url": "https://issues.redhat.com/browse/WFCORE-5511" + }, + { + "refsource": "MISC", + "name": "https://github.com/wildfly/wildfly-core/pull/4668", + "url": "https://github.com/wildfly/wildfly-core/pull/4668" + }, + { + "refsource": "MISC", + "name": "https://github.com/wildfly/wildfly-core/commit/6d8db43cd43b5994b7a14003db978064e086090b", + "url": "https://github.com/wildfly/wildfly-core/commit/6d8db43cd43b5994b7a14003db978064e086090b" + }, + { + "refsource": "MISC", + "name": "https://github.com/wildfly/wildfly-core/commit/06dd9884f6ba50470b1fb5a35198a8784f037714", + "url": "https://github.com/wildfly/wildfly-core/commit/06dd9884f6ba50470b1fb5a35198a8784f037714" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. The highest threat from this vulnerability is data confidentiality and integrity." } ] } diff --git a/2021/3xxx/CVE-2021-3651.json b/2021/3xxx/CVE-2021-3651.json index 098d46846df..0f668d099ba 100644 --- a/2021/3xxx/CVE-2021-3651.json +++ b/2021/3xxx/CVE-2021-3651.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-3651", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2021/3xxx/CVE-2021-3669.json b/2021/3xxx/CVE-2021-3669.json index 5964a404a4d..74fcd2fb20f 100644 --- a/2021/3xxx/CVE-2021-3669.json +++ b/2021/3xxx/CVE-2021-3669.json @@ -4,14 +4,73 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3669", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "kernel", + "version": { + "version_data": [ + { + "version_value": "Not Known" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400 - Uncontrolled Resource Consumption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1986473", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1986473" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1980619", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1980619" + }, + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2021-3669", + "url": "https://access.redhat.com/security/cve/CVE-2021-3669" + }, + { + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2021-3669", + "url": "https://security-tracker.debian.org/tracker/CVE-2021-3669" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS." } ] } diff --git a/2021/3xxx/CVE-2021-3688.json b/2021/3xxx/CVE-2021-3688.json index 94c5504884d..a508d958874 100644 --- a/2021/3xxx/CVE-2021-3688.json +++ b/2021/3xxx/CVE-2021-3688.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3688", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Red Hat JBCS HTTP Server", + "version": { + "version_data": [ + { + "version_value": "Fixed in jbcs-httpd-2.4.37.SP10 GA" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1990252", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1990252" + }, + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2021-3688", + "url": "https://access.redhat.com/security/cve/CVE-2021-3688" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolon(s). This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity." } ] } diff --git a/2021/3xxx/CVE-2021-3691.json b/2021/3xxx/CVE-2021-3691.json index 430e6171eba..d29fc54a8d2 100644 --- a/2021/3xxx/CVE-2021-3691.json +++ b/2021/3xxx/CVE-2021-3691.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-3691", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2021/3xxx/CVE-2021-3703.json b/2021/3xxx/CVE-2021-3703.json index 99080314e84..044bb122c5d 100644 --- a/2021/3xxx/CVE-2021-3703.json +++ b/2021/3xxx/CVE-2021-3703.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3703", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Serverless", + "version": { + "version_data": [ + { + "version_value": "Fixed in Serverless 1.17.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NA" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1992955", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992955" + }, + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2021-3703", + "url": "https://access.redhat.com/security/cve/CVE-2021-3703" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed in RHSA for Serverless 1.16.0 and Serverless client kn 1.16.0. These have been fixed with Serverless 1.17.0." } ] } diff --git a/2021/3xxx/CVE-2021-3735.json b/2021/3xxx/CVE-2021-3735.json index cd891b0831a..37700919a5c 100644 --- a/2021/3xxx/CVE-2021-3735.json +++ b/2021/3xxx/CVE-2021-3735.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3735", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "QEMU", + "version": { + "version_data": [ + { + "version_value": "Not Known" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-667 - Improper Locking -> CWE-400 - Uncontrolled Resource Consumption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1997184", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997184" + }, + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2021-3735", + "url": "https://access.redhat.com/security/cve/CVE-2021-3735" + }, + { + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2021-3735", + "url": "https://security-tracker.debian.org/tracker/CVE-2021-3735" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A deadlock issue was found in the AHCI controller device of QEMU. It occurs on a software reset (ahci_reset_port) while handling a host-to-device Register FIS (Frame Information Structure) packet from the guest. A privileged user inside the guest could use this flaw to hang the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability." } ] } diff --git a/2021/3xxx/CVE-2021-3754.json b/2021/3xxx/CVE-2021-3754.json index 63db6fd3a0c..07ebf9f1f92 100644 --- a/2021/3xxx/CVE-2021-3754.json +++ b/2021/3xxx/CVE-2021-3754.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3754", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "keycloak", + "version": { + "version_data": [ + { + "version_value": "Not-Known" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 - Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1999196", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999196" + }, + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2021-3754", + "url": "https://access.redhat.com/security/cve/CVE-2021-3754" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. This may cause trouble in getting password recovery email in case the user forgets the password." } ] } diff --git a/2021/3xxx/CVE-2021-3856.json b/2021/3xxx/CVE-2021-3856.json index ec8913ec155..db1a01be9d3 100644 --- a/2021/3xxx/CVE-2021-3856.json +++ b/2021/3xxx/CVE-2021-3856.json @@ -4,14 +4,78 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3856", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "keycloak", + "version": { + "version_data": [ + { + "version_value": "Fixed in 15.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-552 - Files or Directories Accessible to External Parties" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://issues.redhat.com/browse/KEYCLOAK-19422", + "url": "https://issues.redhat.com/browse/KEYCLOAK-19422" + }, + { + "refsource": "MISC", + "name": "https://github.com/keycloak/keycloak/pull/8588", + "url": "https://github.com/keycloak/keycloak/pull/8588" + }, + { + "refsource": "MISC", + "name": "https://github.com/keycloak/keycloak/commit/73f0474008e1bebd0733e62a22aceda9e5de6743", + "url": "https://github.com/keycloak/keycloak/commit/73f0474008e1bebd0733e62a22aceda9e5de6743" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2010164", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010164" + }, + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2021-3856", + "url": "https://access.redhat.com/security/cve/CVE-2021-3856" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending requests for theme resources with a relative path from an external HTTP client, the client will receive the content of random files if available." } ] } diff --git a/2021/3xxx/CVE-2021-3859.json b/2021/3xxx/CVE-2021-3859.json index 8e289655548..4619acf32be 100644 --- a/2021/3xxx/CVE-2021-3859.json +++ b/2021/3xxx/CVE-2021-3859.json @@ -4,14 +4,78 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3859", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "undertow", + "version": { + "version_data": [ + { + "version_value": "Fixed in 2.2.15.Final" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-214 - Invocation of Process Using Visible Sensitive Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2010378", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010378" + }, + { + "refsource": "MISC", + "name": "https://issues.redhat.com/browse/UNDERTOW-1979", + "url": "https://issues.redhat.com/browse/UNDERTOW-1979" + }, + { + "refsource": "MISC", + "name": "https://github.com/undertow-io/undertow/pull/1296", + "url": "https://github.com/undertow-io/undertow/pull/1296" + }, + { + "refsource": "MISC", + "name": "https://github.com/undertow-io/undertow/commit/e43f0ada3f4da6e8579e0020cec3cb1a81e487c2", + "url": "https://github.com/undertow-io/undertow/commit/e43f0ada3f4da6e8579e0020cec3cb1a81e487c2" + }, + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2021-3859", + "url": "https://access.redhat.com/security/cve/CVE-2021-3859" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks." } ] } diff --git a/2021/3xxx/CVE-2021-3864.json b/2021/3xxx/CVE-2021-3864.json index fd6cdee3abc..a3c74aaf054 100644 --- a/2021/3xxx/CVE-2021-3864.json +++ b/2021/3xxx/CVE-2021-3864.json @@ -4,14 +4,88 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3864", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "kernel", + "version": { + "version_data": [ + { + "version_value": "Not Known" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 - Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2021/10/20/2", + "url": "https://www.openwall.com/lists/oss-security/2021/10/20/2" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2015046", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2015046" + }, + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2021-3864", + "url": "https://access.redhat.com/security/cve/CVE-2021-3864" + }, + { + "refsource": "MISC", + "name": "https://lore.kernel.org/all/20211221021744.864115-1-longman@redhat.com/", + "url": "https://lore.kernel.org/all/20211221021744.864115-1-longman@redhat.com/" + }, + { + "refsource": "MISC", + "name": "https://lore.kernel.org/lkml/20211228170910.623156-1-wander@redhat.com/", + "url": "https://lore.kernel.org/lkml/20211228170910.623156-1-wander@redhat.com/" + }, + { + "refsource": "MISC", + "name": "https://lore.kernel.org/all/20211226150310.GA992@1wt.eu/", + "url": "https://lore.kernel.org/all/20211226150310.GA992@1wt.eu/" + }, + { + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2021-3864", + "url": "https://security-tracker.debian.org/tracker/CVE-2021-3864" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible root SUID binary could use this flaw to place core dumps into root-owned directories, potentially resulting in escalation of privileges." } ] } diff --git a/2021/3xxx/CVE-2021-3913.json b/2021/3xxx/CVE-2021-3913.json index 006e12a1c67..91292c47d09 100644 --- a/2021/3xxx/CVE-2021-3913.json +++ b/2021/3xxx/CVE-2021-3913.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-3913", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2021/4xxx/CVE-2021-4215.json b/2021/4xxx/CVE-2021-4215.json index 6e3ccb4eb01..4496e2268a5 100644 --- a/2021/4xxx/CVE-2021-4215.json +++ b/2021/4xxx/CVE-2021-4215.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-4215", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2021/4xxx/CVE-2021-4216.json b/2021/4xxx/CVE-2021-4216.json index f787c5fc93a..8dbff726b1a 100644 --- a/2021/4xxx/CVE-2021-4216.json +++ b/2021/4xxx/CVE-2021-4216.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-4216", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "mupdf", + "version": { + "version_data": [ + { + "version_value": "Fixed in v1.20.0-rc1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-369 - Divide By Zero" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugs.ghostscript.com/show_bug.cgi?id=704834", + "url": "https://bugs.ghostscript.com/show_bug.cgi?id=704834" + }, + { + "refsource": "MISC", + "name": "https://github.com/ArtifexSoftware/mupdf/commit/22c47acbd52949421f8c7cb46ea1556827d0fcbf", + "url": "https://github.com/ArtifexSoftware/mupdf/commit/22c47acbd52949421f8c7cb46ea1556827d0fcbf" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Floating point exception (division-by-zero) flaw was found in Mupdf for zero width pages in muraster.c. It is fixed in Mupdf-1.20.0-rc1 upstream." } ] } diff --git a/2022/25xxx/CVE-2022-25625.json b/2022/25xxx/CVE-2022-25625.json index c3d80ce11e0..3f2fefe44a7 100644 --- a/2022/25xxx/CVE-2022-25625.json +++ b/2022/25xxx/CVE-2022-25625.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-25625", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@symantec.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Symantec Privileged Access Management (PAM)", + "version": { + "version_data": [ + { + "version_value": "4.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.broadcom.com/external/content/SecurityAdvisories/0/20850", + "url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/20850" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A malicious unauthorized PAM user can access the administration configuration data and change the values." } ] } diff --git a/2022/34xxx/CVE-2022-34169.json b/2022/34xxx/CVE-2022-34169.json index 73792aaa68b..bc353de141a 100644 --- a/2022/34xxx/CVE-2022-34169.json +++ b/2022/34xxx/CVE-2022-34169.json @@ -121,6 +121,36 @@ "refsource": "FEDORA", "name": "FEDORA-2022-19b6f21746", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-ae563934f7", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-e573851f56", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-d26586b419", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-80afe2304a", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-b76ab52e73", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html", + "url": "http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html" } ] }, diff --git a/2022/34xxx/CVE-2022-34255.json b/2022/34xxx/CVE-2022-34255.json index 0d53542d11d..d926e75ef96 100644 --- a/2022/34xxx/CVE-2022-34255.json +++ b/2022/34xxx/CVE-2022-34255.json @@ -57,15 +57,15 @@ "cvss": { "attackComplexity": "Low", "attackVector": "Network", - "availabilityImpact": "High", - "baseScore": 8.8, + "availabilityImpact": "Low", + "baseScore": 8.3, "baseSeverity": "High", "confidentialityImpact": "High", "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "userInteraction": "None", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1" } }, @@ -75,7 +75,7 @@ "description": [ { "lang": "eng", - "value": "Improper Access Control (CWE-284)" + "value": "Incorrect Authorization (CWE-863)" } ] } diff --git a/2022/35xxx/CVE-2022-35692.json b/2022/35xxx/CVE-2022-35692.json index a48e5d6884c..c52e541f028 100644 --- a/2022/35xxx/CVE-2022-35692.json +++ b/2022/35xxx/CVE-2022-35692.json @@ -75,7 +75,7 @@ "description": [ { "lang": "eng", - "value": "Improper Access Control (CWE-284)" + "value": "Incorrect Authorization (CWE-863)" } ] }