From 19a9cc2e96e1f064d74967e493755f401f0e6682 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 18 Aug 2022 19:00:41 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/27xxx/CVE-2020-27787.json | 55 ++++++++++++++++++++++++++-- 2020/27xxx/CVE-2020-27790.json | 55 ++++++++++++++++++++++++++-- 2022/2xxx/CVE-2022-2143.json | 5 +++ 2022/2xxx/CVE-2022-2625.json | 60 +++++++++++++++++++++++++++++-- 2022/35xxx/CVE-2022-35204.json | 66 ++++++++++++++++++++++++++++++---- 2022/36xxx/CVE-2022-36788.json | 18 ++++++++++ 2022/37xxx/CVE-2022-37422.json | 61 +++++++++++++++++++++++++++---- 2022/38xxx/CVE-2022-38072.json | 18 ++++++++++ 8 files changed, 317 insertions(+), 21 deletions(-) create mode 100644 2022/36xxx/CVE-2022-36788.json create mode 100644 2022/38xxx/CVE-2022-38072.json diff --git a/2020/27xxx/CVE-2020-27787.json b/2020/27xxx/CVE-2020-27787.json index 2797ec25337..907f58d8f55 100644 --- a/2020/27xxx/CVE-2020-27787.json +++ b/2020/27xxx/CVE-2020-27787.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-27787", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "upx", + "version": { + "version_data": [ + { + "version_value": "Fixed in v3.96." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/upx/upx/issues/333", + "url": "https://github.com/upx/upx/issues/333" + }, + { + "refsource": "MISC", + "name": "https://github.com/upx/upx/commit/e2f60adc95334f47e286838dac33160819c5d74d", + "url": "https://github.com/upx/upx/commit/e2f60adc95334f47e286838dac33160819c5d74d" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Segmentaation fault was found in UPX in invert_pt_dynamic() function in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service." } ] } diff --git a/2020/27xxx/CVE-2020-27790.json b/2020/27xxx/CVE-2020-27790.json index d2f731b483f..72045ffa41e 100644 --- a/2020/27xxx/CVE-2020-27790.json +++ b/2020/27xxx/CVE-2020-27790.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-27790", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "upx", + "version": { + "version_data": [ + { + "version_value": "Fixed in v3.96." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-369 - Divide By Zero" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/upx/upx/issues/331", + "url": "https://github.com/upx/upx/issues/331" + }, + { + "refsource": "MISC", + "name": "https://github.com/upx/upx/commit/eb90eab6325d009004ffb155e3e33f22d4d3ca26", + "url": "https://github.com/upx/upx/commit/eb90eab6325d009004ffb155e3e33f22d4d3ca26" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A floating point exception issue was discovered in UPX in PackLinuxElf64::invert_pt_dynamic() function of p_lx_elf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a crash leading to a denial of service. The highest impact is to Availability." } ] } diff --git a/2022/2xxx/CVE-2022-2143.json b/2022/2xxx/CVE-2022-2143.json index 831efb1a968..e3289e23cef 100644 --- a/2022/2xxx/CVE-2022-2143.json +++ b/2022/2xxx/CVE-2022-2143.json @@ -85,6 +85,11 @@ "refsource": "MISC", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03", "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/168108/Advantech-iView-NetworkServlet-Command-Injection.html", + "url": "http://packetstormsecurity.com/files/168108/Advantech-iView-NetworkServlet-Command-Injection.html" } ] }, diff --git a/2022/2xxx/CVE-2022-2625.json b/2022/2xxx/CVE-2022-2625.json index 026057a8c29..4ac7462f621 100644 --- a/2022/2xxx/CVE-2022-2625.json +++ b/2022/2xxx/CVE-2022-2625.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2625", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "PostgreSQL", + "version": { + "version_data": [ + { + "version_value": "PostgreSQL 10 - 14" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Object Modification" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2022-2625", + "url": "https://access.redhat.com/security/cve/CVE-2022-2625" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2113825", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113825" + }, + { + "refsource": "MISC", + "name": "https://www.postgresql.org/about/news/postgresql-145-138-1212-1117-1022-and-15-beta-3-released-2496/", + "url": "https://www.postgresql.org/about/news/postgresql-145-138-1212-1117-1022-and-15-beta-3-released-2496/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability found in postgresql. On this security issue an attack requires permission to create non-temporary objects in at least one schema, ability to lure or wait for an administrator to create or update an affected extension in that schema, and ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites, the attacker can run arbitrary code as the victim role, which may be a superuser. Known-affected extensions include both PostgreSQL-bundled and non-bundled extensions. PostgreSQL blocks this attack in the core server, so there's no need to modify individual extensions." } ] } diff --git a/2022/35xxx/CVE-2022-35204.json b/2022/35xxx/CVE-2022-35204.json index f19c50b6bb3..d761db82efd 100644 --- a/2022/35xxx/CVE-2022-35204.json +++ b/2022/35xxx/CVE-2022-35204.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-35204", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-35204", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vitejs Vite before v2.9.13 was discovered to allow attackers to perform a directory traversal via a crafted URL to the victim's service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/vitejs/vite/issues/8498", + "refsource": "MISC", + "name": "https://github.com/vitejs/vite/issues/8498" + }, + { + "url": "https://github.com/vitejs/vite/releases/tag/v2.9.13", + "refsource": "MISC", + "name": "https://github.com/vitejs/vite/releases/tag/v2.9.13" + }, + { + "url": "https://github.com/vitejs/vite/releases/tag/v3.0.0-beta.4", + "refsource": "MISC", + "name": "https://github.com/vitejs/vite/releases/tag/v3.0.0-beta.4" } ] } diff --git a/2022/36xxx/CVE-2022-36788.json b/2022/36xxx/CVE-2022-36788.json new file mode 100644 index 00000000000..c73170df158 --- /dev/null +++ b/2022/36xxx/CVE-2022-36788.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-36788", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/37xxx/CVE-2022-37422.json b/2022/37xxx/CVE-2022-37422.json index b4aa31767d9..902824996a2 100644 --- a/2022/37xxx/CVE-2022-37422.json +++ b/2022/37xxx/CVE-2022-37422.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-37422", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-37422", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Payara through 5.2022.2 allows directory traversal without authentication. This affects Payara Server, Payara Micro, and Payara Server Embedded." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.payara.fish/downloads/", + "refsource": "MISC", + "name": "https://www.payara.fish/downloads/" + }, + { + "refsource": "MISC", + "name": "https://blog.payara.fish/august-community-5-release", + "url": "https://blog.payara.fish/august-community-5-release" } ] } diff --git a/2022/38xxx/CVE-2022-38072.json b/2022/38xxx/CVE-2022-38072.json new file mode 100644 index 00000000000..7ed9158dcbf --- /dev/null +++ b/2022/38xxx/CVE-2022-38072.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-38072", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file