admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-11-19 00:00:32 +00:00
parent eea48ea651
commit 1ebfd90e73
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
16 changed files with 928 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
2022/30xxx/CVE-2022-30256.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-30256",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2022-30256",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An issue was discovered in MaraDNS Deadwood through 3.5.0021 that allows variant V1 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and highly impactful, because the exploitation conforms to de facto DNS specifications and operational practices, and overcomes current mitigation patches for \"Ghost\" domain names."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://maradns.samiam.org/",
"refsource": "MISC",
"name": "https://maradns.samiam.org/"
},
{
"refsource": "MISC",
"name": "https://maradns.samiam.org/security.html#CVE-2022-30256",
"url": "https://maradns.samiam.org/security.html#CVE-2022-30256"
} }
] ]
} }

64
2022/31xxx/CVE-2022-31606.json
View File

@ -1,18 +1,70 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2022-31606", "ID": "CVE-2022-31606",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC"
"STATE": "RESERVED"
}, },
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a failure to properly validate data might allow an attacker with basic user capabilities to cause an out-of-bounds access in kernel mode, which could lead to denial of service, information disclosure, escalation of privileges, or data tampering."
} }
] ]
},
"impact": {
"cvss": {
"baseScore": "7.8",
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383",
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NVIDIA Cloud Gaming (guest driver)",
"version": {
"version_data": [
{
"version_value": "All versions prior to the August 2022 release"
}
]
}
}
]
},
"vendor_name": "NVIDIA"
}
]
}
} }
} }

64
2022/31xxx/CVE-2022-31607.json
View File

@ -1,18 +1,70 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2022-31607", "ID": "CVE-2022-31607",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC"
"STATE": "RESERVED"
}, },
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where a local user with basic capabilities can cause improper input validation, which may lead to denial of service, escalation of privileges, data tampering, and limited information disclosure."
} }
] ]
},
"impact": {
"cvss": {
"baseScore": "7.8",
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383",
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager)",
"version": {
"version_data": [
{
"version_value": "All versions prior to the August 2022 release"
}
]
}
}
]
},
"vendor_name": "NVIDIA"
}
]
}
} }
} }

64
2022/31xxx/CVE-2022-31608.json
View File

@ -1,18 +1,70 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2022-31608", "ID": "CVE-2022-31608",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC"
"STATE": "RESERVED"
}, },
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration file, where a local user with basic capabilities can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering."
} }
] ]
},
"impact": {
"cvss": {
"baseScore": "7.8",
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-281 Improper Preservation of Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383",
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GeForce, Workstation, Compute",
"version": {
"version_data": [
{
"version_value": "All versions prior to the August 2022 release"
}
]
}
}
]
},
"vendor_name": "NVIDIA"
}
]
}
} }
} }

64
2022/31xxx/CVE-2022-31610.json
View File

@ -1,18 +1,70 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2022-31610", "ID": "CVE-2022-31610",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC"
"STATE": "RESERVED"
}, },
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds write, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering."
} }
] ]
},
"impact": {
"cvss": {
"baseScore": "7.8",
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383",
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NVIDIA Cloud Gaming (guest driver)",
"version": {
"version_data": [
{
"version_value": "All versions prior to the August 2022 release"
}
]
}
}
]
},
"vendor_name": "NVIDIA"
}
]
}
} }
} }

64
2022/31xxx/CVE-2022-31612.json
View File

@ -1,18 +1,70 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2022-31612", "ID": "CVE-2022-31612",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC"
"STATE": "RESERVED"
}, },
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to a system crash or a leak of internal kernel information."
} }
] ]
},
"impact": {
"cvss": {
"baseScore": "7.1",
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383",
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NVIDIA Cloud Gaming (guest driver)",
"version": {
"version_data": [
{
"version_value": "All versions prior to the August 2022 release"
}
]
}
}
]
},
"vendor_name": "NVIDIA"
}
]
}
} }
} }

64
2022/31xxx/CVE-2022-31613.json
View File

@ -1,18 +1,70 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2022-31613", "ID": "CVE-2022-31613",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC"
"STATE": "RESERVED"
}, },
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where any local user can cause a null-pointer dereference, which may lead to a kernel panic."
} }
] ]
},
"impact": {
"cvss": {
"baseScore": "7.1",
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383",
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NVIDIA Cloud Gaming (guest driver)",
"version": {
"version_data": [
{
"version_value": "All versions prior to the August 2022 release"
}
]
}
}
]
},
"vendor_name": "NVIDIA"
}
]
}
} }
} }

64
2022/31xxx/CVE-2022-31615.json
View File

@ -1,18 +1,70 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2022-31615", "ID": "CVE-2022-31615",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC"
"STATE": "RESERVED"
}, },
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service."
} }
] ]
},
"impact": {
"cvss": {
"baseScore": "5.5",
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383",
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GeForce, Workstation, Compute",
"version": {
"version_data": [
{
"version_value": "All versions prior to the August 2022 release"
}
]
}
}
]
},
"vendor_name": "NVIDIA"
}
]
}
} }
} }

64
2022/31xxx/CVE-2022-31616.json
View File

@ -1,18 +1,70 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2022-31616", "ID": "CVE-2022-31616",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC"
"STATE": "RESERVED"
}, },
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to denial of service, or information disclosure."
} }
] ]
},
"impact": {
"cvss": {
"baseScore": "6.1",
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383",
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NVIDIA Cloud Gaming (guest driver)",
"version": {
"version_data": [
{
"version_value": "All versions prior to the August 2022 release"
}
]
}
}
]
},
"vendor_name": "NVIDIA"
}
]
}
} }
} }

64
2022/31xxx/CVE-2022-31617.json
View File

@ -1,18 +1,70 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2022-31617", "ID": "CVE-2022-31617",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC"
"STATE": "RESERVED"
}, },
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds read, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering."
} }
] ]
},
"impact": {
"cvss": {
"baseScore": "7.8",
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383",
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NVIDIA Cloud Gaming (guest driver)",
"version": {
"version_data": [
{
"version_value": "All versions prior to the August 2022 release"
}
]
}
}
]
},
"vendor_name": "NVIDIA"
}
]
}
} }
} }

64
2022/34xxx/CVE-2022-34665.json
View File

@ -1,18 +1,70 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2022-34665", "ID": "CVE-2022-34665",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC"
"STATE": "RESERVED"
}, },
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service."
} }
] ]
},
"impact": {
"cvss": {
"baseScore": "6.5",
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383",
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager)",
"version": {
"version_data": [
{
"version_value": "All versions prior to the August 2022 release"
}
]
}
}
]
},
"vendor_name": "NVIDIA"
}
]
}
} }
} }

4
2022/34xxx/CVE-2022-34666.json
View File

@ -29,7 +29,7 @@
"description": [ "description": [
{ {
"lang": "eng", "lang": "eng",
"value": "CWE 476 NULL Pointer Dereference" "value": "CWE-476 NULL Pointer Dereference"
} }
] ]
} }
@ -51,7 +51,7 @@
"product": { "product": {
"product_data": [ "product_data": [
{ {
"product_name": "NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager)", "product_name": "NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager)",
"version": { "version": {
"version_data": [ "version_data": [
{ {

64
2022/34xxx/CVE-2022-34667.json
View File

@ -1,18 +1,70 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2022-34667", "ID": "CVE-2022-34667",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC"
"STATE": "RESERVED"
}, },
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "NVIDIA CUDA Toolkit SDK contains a stack-based buffer overflow vulnerability in cuobjdump, where an unprivileged remote attacker could exploit this buffer overflow condition by persuading a local user to download a specially crafted corrupted file and execute cuobjdump against it locally, which may lead to a limited denial of service and some loss of data integrity for the local user."
} }
] ]
},
"impact": {
"cvss": {
"baseScore": "4.4",
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5373",
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5373"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NVIDIA CUDA Toolkit",
"version": {
"version_data": [
{
"version_value": "All versions prior to 11.8"
}
]
}
}
]
},
"vendor_name": "NVIDIA"
}
]
}
} }
} }

99
2022/41xxx/CVE-2022-41155.json
View File

@ -1,18 +1,105 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-09-28T15:33:00.000Z",
"ID": "CVE-2022-41155", "ID": "CVE-2022-41155",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "WordPress iQ Block Country plugin <= 1.2.18 - Block BYPASS vulnerability"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iQ Block Country (WordPress)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 1.2.18",
"version_value": "1.2.18"
}
]
}
}
]
},
"vendor_name": "Pascal"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Brandon Roldan (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Block BYPASS vulnerability in iQ Block Country plugin <= 1.2.18 on WordPress."
} }
] ]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/iq-block-country/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/iq-block-country/#developers"
},
{
"name": "https://patchstack.com/database/vulnerability/iq-block-country/wordpress-iq-block-country-plugin-1-2-18-block-bypass-vulnerability?_s_id=cve",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/iq-block-country/wordpress-iq-block-country-plugin-1-2-18-block-bypass-vulnerability?_s_id=cve"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to 1.2.19 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
} }
} }

99
2022/41xxx/CVE-2022-41609.json
View File

@ -1,18 +1,105 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-10-21T13:49:00.000Z",
"ID": "CVE-2022-41609", "ID": "CVE-2022-41609",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "WordPress Better Messages plugin <= 1.9.10.68 - Server-Side Request Forgery (SSRF) vulnerability"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Better Messages (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 1.9.10.68",
"version_value": "1.9.10.68"
}
]
}
}
]
},
"vendor_name": "WordPlus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Dhakal Ananda (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Auth. (subscriber+) Server-Side Request Forgery (SSRF) vulnerability in Better Messages plugin 1.9.10.68 on WordPress."
} }
] ]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918 Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/bp-better-messages/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/bp-better-messages/#developers"
},
{
"name": "https://patchstack.com/database/vulnerability/bp-better-messages/wordpress-better-messages-plugin-1-9-10-68-server-side-request-forgery-ssrf-vulnerability?_s_id=cve",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/bp-better-messages/wordpress-better-messages-plugin-1-9-10-68-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to 1.9.10.69 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
} }
} }

50
2022/4xxx/CVE-2022-4055.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-4055", "ID": "CVE-2022-4055",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "xdg-utils",
"version": {
"version_data": [
{
"version_value": "xdg-utils 1.1.0 to and including 1.1.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-146"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/205#note_1494267",
"url": "https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/205#note_1494267"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach files when clicked."
} }
] ]
} }