admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-03-10 17:26:41 +00:00
parent ce2f64ed8e
commit 1ba1c0d865
No known key found for this signature in database
GPG Key ID: 08789936A25A004E
92 changed files with 1649 additions and 121 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2019/19xxx/CVE-2019-19242.json
View File

@ -66,6 +66,11 @@
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}

5
2019/19xxx/CVE-2019-19244.json
View File

@ -66,6 +66,11 @@
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}

5
2019/19xxx/CVE-2019-19317.json
View File

@ -71,6 +71,11 @@
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}

5
2019/19xxx/CVE-2019-19603.json
View File

@ -81,6 +81,11 @@
"refsource": "MLIST",
"name": "[guacamole-issues] 20210618 [jira] [Created] (GUACAMOLE-1368) Latest docker image fails security scans.",
"url": "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}

5
2019/19xxx/CVE-2019-19645.json
View File

@ -76,6 +76,11 @@
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/tns-2021-14",
"url": "https://www.tenable.com/security/tns-2021-14"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}

5
2019/19xxx/CVE-2019-19924.json
View File

@ -81,6 +81,11 @@
"refsource": "MLIST",
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}

5
2019/19xxx/CVE-2019-19925.json
View File

@ -96,6 +96,11 @@
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}

5
2019/19xxx/CVE-2019-19926.json
View File

@ -101,6 +101,11 @@
"refsource": "UBUNTU",
"name": "USN-4298-2",
"url": "https://usn.ubuntu.com/4298-2/"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}

5
2020/11xxx/CVE-2020-11656.json
View File

@ -101,6 +101,11 @@
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/tns-2021-14",
"url": "https://www.tenable.com/security/tns-2021-14"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}

5
2020/13xxx/CVE-2020-13630.json
View File

@ -151,6 +151,11 @@
"refsource": "FULLDISC",
"name": "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1",
"url": "http://seclists.org/fulldisclosure/2020/Dec/32"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}

5
2020/13xxx/CVE-2020-13632.json
View File

@ -101,6 +101,11 @@
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}

5
2020/15xxx/CVE-2020-15358.json
View File

@ -151,6 +151,11 @@
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT212147",
"url": "https://support.apple.com/kb/HT212147"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}

5
2020/1xxx/CVE-2020-1971.json
View File

@ -184,6 +184,11 @@
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}

5
2020/27xxx/CVE-2020-27304.json
View File

@ -58,6 +58,11 @@
"url": "https://groups.google.com/g/civetweb/c/yPBxNXdGgJQ",
"refsource": "MISC",
"name": "https://groups.google.com/g/civetweb/c/yPBxNXdGgJQ"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
},

5
2020/7xxx/CVE-2020-7774.json
View File

@ -71,6 +71,11 @@
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
},

5
2020/8xxx/CVE-2020-8169.json
View File

@ -63,6 +63,11 @@
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
},

5
2020/8xxx/CVE-2020-8177.json
View File

@ -63,6 +63,11 @@
"url": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
},

5
2020/8xxx/CVE-2020-8231.json
View File

@ -73,6 +73,11 @@
"refsource": "MLIST",
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
},

5
2020/8xxx/CVE-2020-8265.json
View File

@ -83,6 +83,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210212-0003/",
"url": "https://security.netapp.com/advisory/ntap-20210212-0003/"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
},

5
2020/8xxx/CVE-2020-8286.json
View File

@ -128,6 +128,11 @@
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
},

5
2020/8xxx/CVE-2020-8287.json
View File

@ -83,6 +83,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210212-0003/",
"url": "https://security.netapp.com/advisory/ntap-20210212-0003/"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
},

5
2020/8xxx/CVE-2020-8625.json
View File

@ -126,6 +126,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2021-8b4744f152",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBTPWRQWRQEJNWY4NHO4WLS4KLJ3ERHZ/"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
},

5
2021/22xxx/CVE-2021-22876.json
View File

@ -88,6 +88,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210521-0007/",
"url": "https://security.netapp.com/advisory/ntap-20210521-0007/"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
},

5
2021/22xxx/CVE-2021-22883.json
View File

@ -88,6 +88,11 @@
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
},

5
2021/22xxx/CVE-2021-22897.json
View File

@ -73,6 +73,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210727-0007/",
"url": "https://security.netapp.com/advisory/ntap-20210727-0007/"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
},

5
2021/22xxx/CVE-2021-22898.json
View File

@ -93,6 +93,11 @@
"url": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
},

5
2021/22xxx/CVE-2021-22918.json
View File

@ -58,6 +58,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210805-0003/",
"url": "https://security.netapp.com/advisory/ntap-20210805-0003/"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
},

5
2021/22xxx/CVE-2021-22923.json
View File

@ -63,6 +63,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210902-0003/",
"url": "https://security.netapp.com/advisory/ntap-20210902-0003/"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
},

5
2021/22xxx/CVE-2021-22924.json
View File

@ -93,6 +93,11 @@
"url": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
},

5
2021/22xxx/CVE-2021-22925.json
View File

@ -88,6 +88,11 @@
"url": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
},

5
2021/22xxx/CVE-2021-22926.json
View File

@ -88,6 +88,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20211022-0003/",
"url": "https://security.netapp.com/advisory/ntap-20211022-0003/"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
},

5
2021/22xxx/CVE-2021-22930.json
View File

@ -58,6 +58,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20211112-0002/",
"url": "https://security.netapp.com/advisory/ntap-20211112-0002/"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
},

5
2021/22xxx/CVE-2021-22931.json
View File

@ -73,6 +73,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20211022-0003/",
"url": "https://security.netapp.com/advisory/ntap-20211022-0003/"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
},

5
2021/22xxx/CVE-2021-22940.json
View File

@ -68,6 +68,11 @@
"url": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
},

5
2021/22xxx/CVE-2021-22945.json
View File

@ -68,6 +68,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2021-1d24845e93",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
},

5
2021/22xxx/CVE-2021-22946.json
View File

@ -83,6 +83,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220121-0008/",
"url": "https://security.netapp.com/advisory/ntap-20220121-0008/"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
},

5
2021/22xxx/CVE-2021-22947.json
View File

@ -78,6 +78,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20211029-0003/",
"url": "https://security.netapp.com/advisory/ntap-20211029-0003/"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
},

5
2021/23xxx/CVE-2021-23840.json
View File

@ -154,6 +154,11 @@
"url": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}

5
2021/25xxx/CVE-2021-25173.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-225/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-225/"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf"
}
]
}

5
2021/25xxx/CVE-2021-25174.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-226/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-226/"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf"
}
]
}

5
2021/25xxx/CVE-2021-25175.json
View File

@ -91,6 +91,11 @@
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-218/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-218/"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf"
}
]
}

5
2021/25xxx/CVE-2021-25177.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-219/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-219/"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf"
}
]
}

5
2021/25xxx/CVE-2021-25214.json
View File

@ -155,6 +155,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210521-0006/",
"url": "https://security.netapp.com/advisory/ntap-20210521-0006/"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
},

5
2021/25xxx/CVE-2021-25216.json
View File

@ -146,6 +146,11 @@
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-657/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-657/"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
},

5
2021/27xxx/CVE-2021-27290.json
View File

@ -71,6 +71,11 @@
"refsource": "MISC",
"name": "https://github.com/yetingli/SaveResults/blob/main/pdf/ssri-redos.pdf",
"url": "https://github.com/yetingli/SaveResults/blob/main/pdf/ssri-redos.pdf"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}

66
2021/28xxx/CVE-2021-28488.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-28488",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-28488",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Ericsson Network Manager 20.2 has Insecure Permissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.ericsson.com",
"refsource": "MISC",
"name": "https://www.ericsson.com"
},
{
"refsource": "MISC",
"name": "https://www.gruppotim.it/it/footer/red-team.html",
"url": "https://www.gruppotim.it/it/footer/red-team.html"
},
{
"refsource": "MISC",
"name": "https://www.ericsson.com/en/about-us/enterprise-security/psirt",
"url": "https://www.ericsson.com/en/about-us/enterprise-security/psirt"
}
]
}

5
2021/31xxx/CVE-2021-31784.json
View File

@ -56,6 +56,11 @@
"url": "https://www.opendesign.com/security-advisories",
"refsource": "MISC",
"name": "https://www.opendesign.com/security-advisories"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf"
}
]
}

4
2021/32xxx/CVE-2021-32501.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2021-32501",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none."
}
]
}

4
2021/32xxx/CVE-2021-32502.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2021-32502",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none."
}
]
}

4
2021/32xxx/CVE-2021-32505.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2021-32505",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none."
}
]
}

5
2021/32xxx/CVE-2021-32803.json
View File

@ -102,6 +102,11 @@
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
},

5
2021/32xxx/CVE-2021-32804.json
View File

@ -102,6 +102,11 @@
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
},

5
2021/32xxx/CVE-2021-32936.json
View File

@ -58,6 +58,11 @@
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-982/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-982/"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf"
}
]
},

5
2021/32xxx/CVE-2021-32938.json
View File

@ -58,6 +58,11 @@
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-980/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-980/"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf"
}
]
},

5
2021/32xxx/CVE-2021-32944.json
View File

@ -63,6 +63,11 @@
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-990/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-990/"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf"
}
]
},

10
2021/32xxx/CVE-2021-32946.json
View File

@ -58,6 +58,16 @@
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-983/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-983/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-985/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-985/"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf"
}
]
},

5
2021/32xxx/CVE-2021-32948.json
View File

@ -58,6 +58,11 @@
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-984/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-984/"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf"
}
]
},

5
2021/32xxx/CVE-2021-32952.json
View File

@ -58,6 +58,11 @@
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-989/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-989/"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf"
}
]
},

5
2021/37xxx/CVE-2021-37701.json
View File

@ -102,6 +102,11 @@
"refsource": "DEBIAN",
"name": "DSA-5008",
"url": "https://www.debian.org/security/2021/dsa-5008"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
},

5
2021/37xxx/CVE-2021-37712.json
View File

@ -102,6 +102,11 @@
"refsource": "DEBIAN",
"name": "DSA-5008",
"url": "https://www.debian.org/security/2021/dsa-5008"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
},

5
2021/37xxx/CVE-2021-37713.json
View File

@ -89,6 +89,11 @@
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
},

5
2021/39xxx/CVE-2021-39134.json
View File

@ -83,6 +83,11 @@
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
},

5
2021/39xxx/CVE-2021-39135.json
View File

@ -83,6 +83,11 @@
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
},

5
2021/3xxx/CVE-2021-3449.json
View File

@ -191,6 +191,11 @@
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}

4
2021/3xxx/CVE-2021-3558.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2021-3558",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}

5
2021/3xxx/CVE-2021-3672.json
View File

@ -53,6 +53,11 @@
"refsource": "MISC",
"name": "https://c-ares.haxx.se/adv_20210810.html",
"url": "https://c-ares.haxx.se/adv_20210810.html"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
},

5
2021/3xxx/CVE-2021-3712.json
View File

@ -149,6 +149,11 @@
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}

5
2021/43xxx/CVE-2021-43527.json
View File

@ -73,6 +73,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20211229-0002/",
"url": "https://security.netapp.com/advisory/ntap-20211229-0002/"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-594438.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-594438.pdf"
}
]
},

13
2021/46xxx/CVE-2021-46388.json
View File

@ -1,21 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"ID": "CVE-2021-46388",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT **\nDO NOT USE THIS CANDIDATE NUMBER. \nConsultIDs:\nReason: The issue is not a vulnerability (fails CNT2) - Has no impact on availability, integrity or confidence as only documented html templates are shown without additional data or the option to store changes.\nNotes:"
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: Reason: The issue is not a vulnerability (fails CNT2) - Has no impact on availability, integrity or confidence as only documented html templates are shown without additional data or the option to store changes. Notes:"
}
]
},
"generator": {
"engine": "CERT@VDE"
}
}

56
2021/46xxx/CVE-2021-46408.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46408",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-46408",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tenda AX12 v22.03.01.21 was discovered to contain a stack buffer overflow in the function sub_422CE4. This vulnerability allows attackers to cause a Denial of Service (DoS) via the strcpy parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX12/2",
"refsource": "MISC",
"name": "https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX12/2"
}
]
}

96
2022/0xxx/CVE-2022-0507.json
View File

@ -1,18 +1,102 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-coordination@incibe.es",
"DATE_PUBLIC": "2022-02-10T11:00:00.000Z",
"ID": "CVE-2022-0507",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Vulnerability: Authenticated SQL Injection in API"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pandora FMS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "v759",
"version_value": "v759"
}
]
}
}
]
},
"vendor_name": "Artica PFMS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Found a potential security vulnerability inside the Pandora API. Affected Pandora FMS version range: all versions of NG version, up to OUM 759. This vulnerability could allow an attacker with authenticated IP to inject SQL."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",
"refsource": "CONFIRM",
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
},
{
"name": "https://www.incibe.es/en/cve-assignment-publication/coordinated-cves",
"refsource": "CONFIRM",
"url": "https://www.incibe.es/en/cve-assignment-publication/coordinated-cves"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Fixed in version v760"
}
],
"source": {
"defect": [
"Ticket#4839"
],
"discovery": "EXTERNAL"
}
}

5
2022/0xxx/CVE-2022-0516.json
View File

@ -53,6 +53,11 @@
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=09a93c1df3eafa43bcdfd7bf837c574911f12f55",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=09a93c1df3eafa43bcdfd7bf837c574911f12f55"
},
{
"refsource": "DEBIAN",
"name": "DSA-5092",
"url": "https://www.debian.org/security/2022/dsa-5092"
}
]
},

102
2022/0xxx/CVE-2022-0813.json
View File

@ -1,18 +1,108 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-coordination@incibe.es",
"DATE_PUBLIC": "2022-03-08T08:00:00.000Z",
"ID": "CVE-2022-0813",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "PhpMyAdmin exposure of sensitive information"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "phpMyAdmin ",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "5.1.1",
"version_value": "5.1.1"
}
]
}
}
]
},
"vendor_name": "phpMyAdmin "
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Rafael Pedrero"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.incibe-cert.es/en/early-warning/security-advisories/phpmyadmin-exposure-sensitive-information",
"refsource": "CONFIRM",
"url": "https://www.incibe-cert.es/en/early-warning/security-advisories/phpmyadmin-exposure-sensitive-information"
},
{
"name": "https://www.phpmyadmin.net/news/2022/2/11/phpmyadmin-4910-and-513-are-released/",
"refsource": "CONFIRM",
"url": "https://www.phpmyadmin.net/news/2022/2/11/phpmyadmin-4910-and-513-are-released/"
}
]
},
"solution": [
{
"lang": "eng",
"value": "This vulnerability has been solved by the phpMyAdmin team in the 5.1.3 version."
}
],
"source": {
"defect": [
"INCIBE-2022-0636"
],
"discovery": "EXTERNAL"
}
}

118
2022/0xxx/CVE-2022-0903.json Normal file
View File

@ -0,0 +1,118 @@
{
"CVE_data_meta": {
"ASSIGNER": "responsibledisclosure@mattermost.com",
"ID": "CVE-2022-0903",
"STATE": "PUBLIC",
"TITLE": "Stack overflow in SAML login in Mattermost"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mattermost",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6.3",
"version_value": "6.3.3"
},
{
"version_affected": "<",
"version_name": "6.2",
"version_value": "6.2.3"
},
{
"version_affected": "<",
"version_name": "6.1",
"version_value": "6.1.3"
},
{
"version_affected": "<",
"version_name": "5.37",
"version_value": "5.37.8"
}
]
}
}
]
},
"vendor_name": "Mattermost"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks to Juho Nurminen for contributing to this improvement under the Mattermost responsible disclosure policy."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A call stack overflow bug in the SAML login feature in Mattermost server in versions up to and including 6.3.2 allows an attacker to crash the server via submitting a maliciously crafted POST body."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Call stack overflow / goroutine stack overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://mattermost.com/security-updates/",
"name": "https://mattermost.com/security-updates/"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update the Mattermost version to v6.3.3, 6.2.3, 6.1.3, or 5.37.8, depending on the minor version being run"
}
],
"source": {
"advisory": "MMSA-2022-0087",
"defect": [
"https://mattermost.atlassian.net/browse/MM-41263"
],
"discovery": "UNKNOWN"
}
}

118
2022/0xxx/CVE-2022-0904.json Normal file
View File

@ -0,0 +1,118 @@
{
"CVE_data_meta": {
"ASSIGNER": "responsibledisclosure@mattermost.com",
"ID": "CVE-2022-0904",
"STATE": "PUBLIC",
"TITLE": "Stack overflow in document extractor in Mattermost"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mattermost",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6.3",
"version_value": "6.3.3"
},
{
"version_affected": "<",
"version_name": "6.2",
"version_value": "6.2.3"
},
{
"version_affected": "<",
"version_name": "6.1",
"version_value": "6.1.3"
},
{
"version_affected": "<",
"version_name": "5.37",
"version_value": "5.37.8"
}
]
}
}
]
},
"vendor_name": "Mattermost"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks to Juho Nurminen for contributing to this improvement under the Mattermost responsible disclosure policy."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack overflow bug in the document extractor in Mattermost Server in versions up to and including 6.3.2 allows an attacker to crash the server via submitting a maliciously crafted Apple Pages document."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Call stack overflow / goroutine stack overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://mattermost.com/security-updates/",
"name": "https://mattermost.com/security-updates/"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update the Mattermost version to v6.3.3, 6.2.3, 6.1.3, or 5.37.8, depending on the minor version being run\n"
}
],
"source": {
"advisory": "MMSA-2022-0086",
"defect": [
"https://mattermost.atlassian.net/browse/MM-41334"
],
"discovery": "INTERNAL"
}
}

95
2022/21xxx/CVE-2022-21146.json
View File

@ -1,18 +1,101 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-03-03T18:40:00.000Z",
"ID": "CVE-2022-21146",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "ICSA-22-062-01 IPCOMM ipDIO"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IPCOMM ipDIO ",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "3.9",
"version_value": "3.9"
}
]
}
}
]
},
"vendor_name": "IPCOMM"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Aar\u00f3n Flecha Men\u00e9ndez of S21Sec reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Persistent cross-site scripting in the web interface of ipDIO allows an unauthenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into a specific parameter. The XSS payload will be executed when a legitimate user attempts to review history."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-062-01",
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-062-01"
}
]
},
"solution": [
{
"lang": "eng",
"value": "IPCOMM recommends upgrading to its ip4Cloud device, which is the successor to ipDIO. Contact IPCOMM customer support for assistance with the upgrade. For more information, visit the IPCOMM ip4Cloud product page."
}
],
"source": {
"advisory": "ICSA-22-062-01",
"discovery": "EXTERNAL"
}
}

5
2022/22xxx/CVE-2022-22765.json
View File

@ -78,6 +78,11 @@
"name": "https://cybersecurity.bd.com/bulletins-and-patches/bd-viper-lt-system-%E2%80%93-hardcoded-credentials",
"refsource": "CONFIRM",
"url": "https://cybersecurity.bd.com/bulletins-and-patches/bd-viper-lt-system-%E2%80%93-hardcoded-credentials"
},
{
"refsource": "MISC",
"name": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-02",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-02"
}
]
},

5
2022/22xxx/CVE-2022-22766.json
View File

@ -307,6 +307,11 @@
"name": "https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products---hardcoded-credentials",
"refsource": "CONFIRM",
"url": "https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products---hardcoded-credentials"
},
{
"refsource": "MISC",
"name": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-01",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-01"
}
]
},

95
2022/22xxx/CVE-2022-22985.json
View File

@ -1,18 +1,101 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-03-03T18:40:00.000Z",
"ID": "CVE-2022-22985",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "ICSA-22-062-01 IPCOMM ipDIO"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IPCOMM ipDIO ",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "3.9",
"version_value": "3.9"
}
]
}
}
]
},
"vendor_name": "IPCOMM"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Aar\u00f3n Flecha Men\u00e9ndez of S21Sec reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be interpreted when a legitimate user accesses the specific web section where the information is displayed. Injection can be done on specific parameters. The injected code is executed when a legitimate user attempts to review history."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code ('Code Injection')"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-062-01",
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-062-01"
}
]
},
"solution": [
{
"lang": "eng",
"value": "IPCOMM recommends upgrading to its ip4Cloud device, which is the successor to ipDIO. Contact IPCOMM customer support for assistance with the upgrade. For more information, visit the IPCOMM ip4Cloud product page."
}
],
"source": {
"advisory": "ICSA-22-062-01",
"discovery": "EXTERNAL"
}
}

56
2022/24xxx/CVE-2022-24285.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-24285",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-24285",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Acer Care Center 4.00.30xx before 4.00.3042 contains a local privilege escalation vulnerability. The user process communicates with a service of system authority called ACCsvc through a named pipe. In this case, the Named Pipe is also given Read and Write rights to the general user. In addition, the service program does not verify the user when communicating. A thread may exist with a specific command. When the path of the program to be executed is sent, there is a local privilege escalation in which the service program executes the path with system privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://community.acer.com/en/kb/articles/14761",
"refsource": "MISC",
"name": "https://community.acer.com/en/kb/articles/14761"
}
]
}

95
2022/24xxx/CVE-2022-24915.json
View File

@ -1,18 +1,101 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-03-03T18:40:00.000Z",
"ID": "CVE-2022-24915",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "ICSA-22-062-01 IPCOMM ipDIO"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IPCOMM ipDIO ",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "3.9",
"version_value": "3.9"
}
]
}
}
]
},
"vendor_name": "IPCOMM"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Aar\u00f3n Flecha Men\u00e9ndez of S21Sec reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be interpreted when a legitimate user accesses the web section where the information is displayed. Injection can be done on specific parameters. The injected code is executed when a legitimate user attempts to upload, copy, download, or delete an existing configuration (Administrative Services)."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code ('Code Injection')"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-062-01",
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-062-01"
}
]
},
"solution": [
{
"lang": "eng",
"value": "IPCOMM recommends upgrading to its ip4Cloud device, which is the successor to ipDIO. Contact IPCOMM customer support for assistance with the upgrade. For more information, visit the IPCOMM ip4Cloud product page."
}
],
"source": {
"advisory": "ICSA-22-062-01",
"discovery": "EXTERNAL"
}
}

7
2022/24xxx/CVE-2022-24917.json
View File

@ -64,7 +64,7 @@
"description_data": [
{
"lang": "eng",
"value": "An authenticated user can create a link with reflected Javascript code inside it for services page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.\nMalicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks."
"value": "An authenticated user can create a link with reflected Javascript code inside it for services\u2019 page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks."
}
]
},
@ -102,8 +102,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://support.zabbix.com/browse/ZBX-20680"
"refsource": "MISC",
"url": "https://support.zabbix.com/browse/ZBX-20680",
"name": "https://support.zabbix.com/browse/ZBX-20680"
}
]
},

7
2022/24xxx/CVE-2022-24918.json
View File

@ -64,7 +64,7 @@
"description_data": [
{
"lang": "eng",
"value": "An authenticated user can create a link with reflected Javascript code inside it for items page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.\nMalicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks."
"value": "An authenticated user can create a link with reflected Javascript code inside it for items\u2019 page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks."
}
]
},
@ -102,8 +102,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://support.zabbix.com/browse/ZBX-20680"
"refsource": "MISC",
"url": "https://support.zabbix.com/browse/ZBX-20680",
"name": "https://support.zabbix.com/browse/ZBX-20680"
}
]
},

7
2022/24xxx/CVE-2022-24919.json
View File

@ -72,7 +72,7 @@
"description_data": [
{
"lang": "eng",
"value": "An authenticated user can create a link with reflected Javascript code inside it for graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.\nMalicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks."
"value": "An authenticated user can create a link with reflected Javascript code inside it for graphs\u2019 page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks."
}
]
},
@ -110,8 +110,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://support.zabbix.com/browse/ZBX-20680"
"refsource": "MISC",
"url": "https://support.zabbix.com/browse/ZBX-20680",
"name": "https://support.zabbix.com/browse/ZBX-20680"
}
]
},

56
2022/24xxx/CVE-2022-24995.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-24995",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-24995",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX3/7",
"refsource": "MISC",
"name": "https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX3/7"
}
]
}

66
2022/25xxx/CVE-2022-25368.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-25368",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-25368",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Spectre BHB is a variant of Spectre-v2 in which malicious code uses the shared branch history (stored in the CPU BHB) to influence mispredicted branches in the victim's hardware context. Speculation caused by these mispredicted branches can then potentially be used to cause cache allocation, which can then be used to infer information that should be protected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://amperecomputing.com/products/security-bulletins/impact-of-spectre-bhb-on-ampere.html",
"url": "https://amperecomputing.com/products/security-bulletins/impact-of-spectre-bhb-on-ampere.html"
},
{
"refsource": "CONFIRM",
"name": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23960",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23960"
},
{
"refsource": "MISC",
"name": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/spectre-bhb",
"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/spectre-bhb"
}
]
}

56
2022/25xxx/CVE-2022-25546.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-25546",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-25546",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsUser parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX1806/6",
"refsource": "MISC",
"name": "https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX1806/6"
}
]
}

56
2022/25xxx/CVE-2022-25547.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-25547",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-25547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX1806/1",
"refsource": "MISC",
"name": "https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX1806/1"
}
]
}

56
2022/25xxx/CVE-2022-25548.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-25548",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-25548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the serverName parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX1806/5",
"refsource": "MISC",
"name": "https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX1806/5"
}
]
}

56
2022/25xxx/CVE-2022-25549.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-25549",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-25549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsEn parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX1806/4",
"refsource": "MISC",
"name": "https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX1806/4"
}
]
}

56
2022/25xxx/CVE-2022-25550.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-25550",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-25550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the deviceName parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX1806/9",
"refsource": "MISC",
"name": "https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX1806/9"
}
]
}

86
2022/26xxx/CVE-2022-26143.json
View File

@ -1,17 +1,91 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26143",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-26143",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-22-0001",
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-22-0001"
},
{
"refsource": "MISC",
"name": "https://www.akamai.com/blog/security/phone-home-ddos-attack-vector",
"url": "https://www.akamai.com/blog/security/phone-home-ddos-attack-vector"
},
{
"refsource": "MISC",
"name": "https://www.shadowserver.org/news/cve-2022-26143-tp240phonehome-reflection-amplification-ddos-attack-vector/",
"url": "https://www.shadowserver.org/news/cve-2022-26143-tp240phonehome-reflection-amplification-ddos-attack-vector/"
},
{
"refsource": "MISC",
"name": "https://news.ycombinator.com/item?id=30614073",
"url": "https://news.ycombinator.com/item?id=30614073"
},
{
"refsource": "MISC",
"name": "https://blog.cloudflare.com/cve-2022-26143/",
"url": "https://blog.cloudflare.com/cve-2022-26143/"
},
{
"refsource": "MISC",
"name": "https://team-cymru.com/blog/2022/03/08/record-breaking-ddos-potential-discovered-cve-2022-26143/",
"url": "https://team-cymru.com/blog/2022/03/08/record-breaking-ddos-potential-discovered-cve-2022-26143/"
},
{
"refsource": "MISC",
"name": "https://arstechnica.com/information-technology/2022/03/ddosers-use-new-method-capable-of-amplifying-traffic-by-a-factor-of-4-billion/",
"url": "https://arstechnica.com/information-technology/2022/03/ddosers-use-new-method-capable-of-amplifying-traffic-by-a-factor-of-4-billion/"
}
]
}