From 2301a75033022f15c59176c4408dadccacd30131 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 22 Jul 2022 04:00:44 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/20xxx/CVE-2022-20892.json | 4 ++-- 2022/20xxx/CVE-2022-20893.json | 4 ++-- 2022/20xxx/CVE-2022-20894.json | 4 ++-- 2022/20xxx/CVE-2022-20895.json | 4 ++-- 2022/20xxx/CVE-2022-20896.json | 4 ++-- 2022/20xxx/CVE-2022-20897.json | 4 ++-- 2022/20xxx/CVE-2022-20898.json | 4 ++-- 2022/20xxx/CVE-2022-20899.json | 4 ++-- 2022/20xxx/CVE-2022-20900.json | 4 ++-- 2022/20xxx/CVE-2022-20901.json | 4 ++-- 2022/20xxx/CVE-2022-20902.json | 4 ++-- 2022/20xxx/CVE-2022-20903.json | 4 ++-- 2022/20xxx/CVE-2022-20904.json | 4 ++-- 2022/20xxx/CVE-2022-20906.json | 4 ++-- 2022/20xxx/CVE-2022-20907.json | 4 ++-- 2022/20xxx/CVE-2022-20908.json | 4 ++-- 2022/20xxx/CVE-2022-20909.json | 4 ++-- 2022/20xxx/CVE-2022-20910.json | 4 ++-- 2022/20xxx/CVE-2022-20911.json | 4 ++-- 2022/20xxx/CVE-2022-20912.json | 4 ++-- 2022/20xxx/CVE-2022-20913.json | 4 ++-- 2022/20xxx/CVE-2022-20916.json | 4 ++-- 2022/22xxx/CVE-2022-22555.json | 5 +++-- 2022/31xxx/CVE-2022-31163.json | 2 +- 2022/31xxx/CVE-2022-31169.json | 2 +- 2022/31xxx/CVE-2022-31170.json | 10 +++++----- 2022/31xxx/CVE-2022-31234.json | 5 +++-- 2022/32xxx/CVE-2022-32232.json | 18 ++++++++++++++++++ 2022/32xxx/CVE-2022-32498.json | 5 +++-- 2022/32xxx/CVE-2022-32570.json | 18 ++++++++++++++++++ 2022/33xxx/CVE-2022-33196.json | 18 ++++++++++++++++++ 2022/33xxx/CVE-2022-33923.json | 5 +++-- 2022/34xxx/CVE-2022-34169.json | 7 +------ 2022/34xxx/CVE-2022-34367.json | 5 +++-- 2022/34xxx/CVE-2022-34657.json | 18 ++++++++++++++++++ 2022/34xxx/CVE-2022-34846.json | 18 ++++++++++++++++++ 2022/34xxx/CVE-2022-34848.json | 18 ++++++++++++++++++ 2022/35xxx/CVE-2022-35729.json | 18 ++++++++++++++++++ 2022/36xxx/CVE-2022-36298.json | 18 ++++++++++++++++++ 2022/36xxx/CVE-2022-36367.json | 18 ++++++++++++++++++ 2022/36xxx/CVE-2022-36372.json | 18 ++++++++++++++++++ 41 files changed, 247 insertions(+), 67 deletions(-) create mode 100644 2022/32xxx/CVE-2022-32232.json create mode 100644 2022/32xxx/CVE-2022-32570.json create mode 100644 2022/33xxx/CVE-2022-33196.json create mode 100644 2022/34xxx/CVE-2022-34657.json create mode 100644 2022/34xxx/CVE-2022-34846.json create mode 100644 2022/34xxx/CVE-2022-34848.json create mode 100644 2022/35xxx/CVE-2022-35729.json create mode 100644 2022/36xxx/CVE-2022-36298.json create mode 100644 2022/36xxx/CVE-2022-36367.json create mode 100644 2022/36xxx/CVE-2022-36372.json diff --git a/2022/20xxx/CVE-2022-20892.json b/2022/20xxx/CVE-2022-20892.json index b6975c9f862..fc3199275cb 100644 --- a/2022/20xxx/CVE-2022-20892.json +++ b/2022/20xxx/CVE-2022-20892.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.\r These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device.\r Cisco has not released software updates that address these vulnerabilities. " + "value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities." } ] }, @@ -88,4 +88,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20893.json b/2022/20xxx/CVE-2022-20893.json index d05756fb606..d3af83ecfea 100644 --- a/2022/20xxx/CVE-2022-20893.json +++ b/2022/20xxx/CVE-2022-20893.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.\r These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device.\r Cisco has not released software updates that address these vulnerabilities. " + "value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities." } ] }, @@ -88,4 +88,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20894.json b/2022/20xxx/CVE-2022-20894.json index 1fad3a4b820..73dfc41b83c 100644 --- a/2022/20xxx/CVE-2022-20894.json +++ b/2022/20xxx/CVE-2022-20894.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.\r These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device.\r Cisco has not released software updates that address these vulnerabilities. " + "value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities." } ] }, @@ -88,4 +88,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20895.json b/2022/20xxx/CVE-2022-20895.json index 364d808168c..780c68b509f 100644 --- a/2022/20xxx/CVE-2022-20895.json +++ b/2022/20xxx/CVE-2022-20895.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.\r These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device.\r Cisco has not released software updates that address these vulnerabilities. " + "value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities." } ] }, @@ -88,4 +88,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20896.json b/2022/20xxx/CVE-2022-20896.json index 4635ab0b9d9..0e66c41287a 100644 --- a/2022/20xxx/CVE-2022-20896.json +++ b/2022/20xxx/CVE-2022-20896.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.\r These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device.\r Cisco has not released software updates that address these vulnerabilities. " + "value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities." } ] }, @@ -88,4 +88,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20897.json b/2022/20xxx/CVE-2022-20897.json index 7dca6c0f32a..22f2c9e4ad4 100644 --- a/2022/20xxx/CVE-2022-20897.json +++ b/2022/20xxx/CVE-2022-20897.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.\r These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device.\r Cisco has not released software updates that address these vulnerabilities. " + "value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities." } ] }, @@ -88,4 +88,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20898.json b/2022/20xxx/CVE-2022-20898.json index 73e1c3a1b26..73993a71dd2 100644 --- a/2022/20xxx/CVE-2022-20898.json +++ b/2022/20xxx/CVE-2022-20898.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.\r These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device.\r Cisco has not released software updates that address these vulnerabilities. " + "value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities." } ] }, @@ -88,4 +88,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20899.json b/2022/20xxx/CVE-2022-20899.json index 25d52b72d77..f97785f97c4 100644 --- a/2022/20xxx/CVE-2022-20899.json +++ b/2022/20xxx/CVE-2022-20899.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.\r These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device.\r Cisco has not released software updates that address these vulnerabilities. " + "value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities." } ] }, @@ -88,4 +88,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20900.json b/2022/20xxx/CVE-2022-20900.json index 0728baaf62e..c0cd12af3aa 100644 --- a/2022/20xxx/CVE-2022-20900.json +++ b/2022/20xxx/CVE-2022-20900.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.\r These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device.\r Cisco has not released software updates that address these vulnerabilities. " + "value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities." } ] }, @@ -88,4 +88,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20901.json b/2022/20xxx/CVE-2022-20901.json index 93b4a182eb1..2f3cf1d0ae7 100644 --- a/2022/20xxx/CVE-2022-20901.json +++ b/2022/20xxx/CVE-2022-20901.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.\r These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device.\r Cisco has not released software updates that address these vulnerabilities. " + "value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities." } ] }, @@ -88,4 +88,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20902.json b/2022/20xxx/CVE-2022-20902.json index c14c58d9931..b5ca0afbe3f 100644 --- a/2022/20xxx/CVE-2022-20902.json +++ b/2022/20xxx/CVE-2022-20902.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.\r These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device.\r Cisco has not released software updates that address these vulnerabilities. " + "value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities." } ] }, @@ -88,4 +88,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20903.json b/2022/20xxx/CVE-2022-20903.json index bfe7ad155d9..15028161b73 100644 --- a/2022/20xxx/CVE-2022-20903.json +++ b/2022/20xxx/CVE-2022-20903.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.\r These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device.\r Cisco has not released software updates that address these vulnerabilities. " + "value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities." } ] }, @@ -88,4 +88,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20904.json b/2022/20xxx/CVE-2022-20904.json index c54495ad5d4..41c4e722d6a 100644 --- a/2022/20xxx/CVE-2022-20904.json +++ b/2022/20xxx/CVE-2022-20904.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.\r These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device.\r Cisco has not released software updates that address these vulnerabilities. " + "value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities." } ] }, @@ -88,4 +88,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20906.json b/2022/20xxx/CVE-2022-20906.json index 12704d3b0b3..912ddd448ba 100644 --- a/2022/20xxx/CVE-2022-20906.json +++ b/2022/20xxx/CVE-2022-20906.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device.\r These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device.\r " + "value": "Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device." } ] }, @@ -86,4 +86,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20907.json b/2022/20xxx/CVE-2022-20907.json index 011587061db..da169841df5 100644 --- a/2022/20xxx/CVE-2022-20907.json +++ b/2022/20xxx/CVE-2022-20907.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device.\r These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device.\r " + "value": "Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device." } ] }, @@ -86,4 +86,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20908.json b/2022/20xxx/CVE-2022-20908.json index f6a34cd0dde..9f0649848cd 100644 --- a/2022/20xxx/CVE-2022-20908.json +++ b/2022/20xxx/CVE-2022-20908.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device.\r These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device.\r " + "value": "Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device." } ] }, @@ -86,4 +86,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20909.json b/2022/20xxx/CVE-2022-20909.json index d3d0519c301..bde35aa24a6 100644 --- a/2022/20xxx/CVE-2022-20909.json +++ b/2022/20xxx/CVE-2022-20909.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device.\r These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device.\r " + "value": "Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device." } ] }, @@ -86,4 +86,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20910.json b/2022/20xxx/CVE-2022-20910.json index 954df895bea..62ce5060dc9 100644 --- a/2022/20xxx/CVE-2022-20910.json +++ b/2022/20xxx/CVE-2022-20910.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.\r These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device.\r Cisco has not released software updates that address these vulnerabilities. " + "value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities." } ] }, @@ -88,4 +88,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20911.json b/2022/20xxx/CVE-2022-20911.json index 3c7b9ad2b5e..a5c67b09561 100644 --- a/2022/20xxx/CVE-2022-20911.json +++ b/2022/20xxx/CVE-2022-20911.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.\r These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device.\r Cisco has not released software updates that address these vulnerabilities. " + "value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities." } ] }, @@ -88,4 +88,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20912.json b/2022/20xxx/CVE-2022-20912.json index 8d6f8e0a578..4ecf9cebe0f 100644 --- a/2022/20xxx/CVE-2022-20912.json +++ b/2022/20xxx/CVE-2022-20912.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.\r These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device.\r Cisco has not released software updates that address these vulnerabilities. " + "value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities." } ] }, @@ -88,4 +88,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20913.json b/2022/20xxx/CVE-2022-20913.json index a410ad1afe1..1168b329c18 100644 --- a/2022/20xxx/CVE-2022-20913.json +++ b/2022/20xxx/CVE-2022-20913.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "\r A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to write arbitrary files on an affected device.\r This vulnerability is due to insufficient input validation in the web-based management interface of Cisco Nexus Dashboard. An attacker with Administrator credentials could exploit this vulnerability by uploading a crafted file. A successful exploit could allow the attacker to overwrite arbitrary files on an affected device.\r " + "value": "A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to write arbitrary files on an affected device. This vulnerability is due to insufficient input validation in the web-based management interface of Cisco Nexus Dashboard. An attacker with Administrator credentials could exploit this vulnerability by uploading a crafted file. A successful exploit could allow the attacker to overwrite arbitrary files on an affected device." } ] }, @@ -83,4 +83,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20916.json b/2022/20xxx/CVE-2022-20916.json index 3f92ec1f00c..550954a5935 100644 --- a/2022/20xxx/CVE-2022-20916.json +++ b/2022/20xxx/CVE-2022-20916.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "\r A vulnerability in the web-based management interface of Cisco IoT Control Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.\r " + "value": "A vulnerability in the web-based management interface of Cisco IoT Control Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information." } ] }, @@ -83,4 +83,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22555.json b/2022/22xxx/CVE-2022-22555.json index 79e0313eba9..6c416865eed 100644 --- a/2022/22xxx/CVE-2022-22555.json +++ b/2022/22xxx/CVE-2022-22555.json @@ -63,8 +63,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/kbdoc/000201283" + "refsource": "MISC", + "url": "https://www.dell.com/support/kbdoc/000201283", + "name": "https://www.dell.com/support/kbdoc/000201283" } ] } diff --git a/2022/31xxx/CVE-2022-31163.json b/2022/31xxx/CVE-2022-31163.json index a98f1ddb838..e976790b9a1 100644 --- a/2022/31xxx/CVE-2022-31163.json +++ b/2022/31xxx/CVE-2022-31163.json @@ -38,7 +38,7 @@ "description_data": [ { "lang": "eng", - "value": "TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source, time zones are defined in Ruby files. There is one file per time zone. Time zone files are loaded with `require` on demand. In the affected versions, `TZInfo::Timezone.get` fails to validate time zone identifiers correctly, allowing a new line character within the identifier. With Ruby version 1.9.3 and later, `TZInfo::Timezone.get` can be made to load unintended files with `require`, executing them within the Ruby process.\n\nVersions 0.3.61 and 1.2.10 include fixes to correctly validate time zone identifiers. Versions 2.0.0 and later are not vulnerable. Version 0.3.61 can still load arbitrary files from the Ruby load path if their name follows the rules for a valid time zone identifier and the file has a prefix of `tzinfo/definition` within a directory in the load path. Applications should ensure that untrusted files are not placed in a directory on the load path. As a workaround, the time zone identifier can be validated before passing to `TZInfo::Timezone.get` by ensuring it matches the regular expression `\\A[A-Za-z0-9+\\-_]+(?:\\/[A-Za-z0-9+\\-_]+)*\\z`." + "value": "TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source, time zones are defined in Ruby files. There is one file per time zone. Time zone files are loaded with `require` on demand. In the affected versions, `TZInfo::Timezone.get` fails to validate time zone identifiers correctly, allowing a new line character within the identifier. With Ruby version 1.9.3 and later, `TZInfo::Timezone.get` can be made to load unintended files with `require`, executing them within the Ruby process. Versions 0.3.61 and 1.2.10 include fixes to correctly validate time zone identifiers. Versions 2.0.0 and later are not vulnerable. Version 0.3.61 can still load arbitrary files from the Ruby load path if their name follows the rules for a valid time zone identifier and the file has a prefix of `tzinfo/definition` within a directory in the load path. Applications should ensure that untrusted files are not placed in a directory on the load path. As a workaround, the time zone identifier can be validated before passing to `TZInfo::Timezone.get` by ensuring it matches the regular expression `\\A[A-Za-z0-9+\\-_]+(?:\\/[A-Za-z0-9+\\-_]+)*\\z`." } ] }, diff --git a/2022/31xxx/CVE-2022-31169.json b/2022/31xxx/CVE-2022-31169.json index 33eee7b35ae..9ee117216bb 100644 --- a/2022/31xxx/CVE-2022-31169.json +++ b/2022/31xxx/CVE-2022-31169.json @@ -38,7 +38,7 @@ "description_data": [ { "lang": "eng", - "value": "Wasmtime is a standalone runtime for WebAssembly. There is a bug in Wasmtime's code generator, Cranelift, for AArch64 targets where constant divisors can result in incorrect division results at runtime. This affects Wasmtime prior to version 0.38.2 and Cranelift prior to 0.85.2. This issue only affects the AArch64 platform. Other platforms are not affected.\n\nThe translation rules for constants did not take into account whether sign or zero-extension should happen which resulted in an incorrect value being placed into a register when a division was encountered. The impact of this bug is that programs executing within the WebAssembly sandbox would not behave according to the WebAssembly specification. This means that it is hypothetically possible for execution within the sandbox to go awry and WebAssembly programs could produce unexpected results. This should not impact hosts executing WebAssembly but does affect the correctness of guest programs.\n\nThis bug has been patched in Wasmtime version 0.38.2 and cranelift-codegen 0.85.2. There are no known workarounds." + "value": "Wasmtime is a standalone runtime for WebAssembly. There is a bug in Wasmtime's code generator, Cranelift, for AArch64 targets where constant divisors can result in incorrect division results at runtime. This affects Wasmtime prior to version 0.38.2 and Cranelift prior to 0.85.2. This issue only affects the AArch64 platform. Other platforms are not affected. The translation rules for constants did not take into account whether sign or zero-extension should happen which resulted in an incorrect value being placed into a register when a division was encountered. The impact of this bug is that programs executing within the WebAssembly sandbox would not behave according to the WebAssembly specification. This means that it is hypothetically possible for execution within the sandbox to go awry and WebAssembly programs could produce unexpected results. This should not impact hosts executing WebAssembly but does affect the correctness of guest programs. This bug has been patched in Wasmtime version 0.38.2 and cranelift-codegen 0.85.2. There are no known workarounds." } ] }, diff --git a/2022/31xxx/CVE-2022-31170.json b/2022/31xxx/CVE-2022-31170.json index 63f0e9845fd..88b4d370117 100644 --- a/2022/31xxx/CVE-2022-31170.json +++ b/2022/31xxx/CVE-2022-31170.json @@ -69,15 +69,15 @@ }, "references": { "reference_data": [ - { - "name": "https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-qh9x-gcfh-pcrw", - "refsource": "CONFIRM", - "url": "https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-qh9x-gcfh-pcrw" - }, { "name": "https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3552", "refsource": "MISC", "url": "https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3552" + }, + { + "name": "https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-qh9x-gcfh-pcrw", + "refsource": "CONFIRM", + "url": "https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-qh9x-gcfh-pcrw" } ] }, diff --git a/2022/31xxx/CVE-2022-31234.json b/2022/31xxx/CVE-2022-31234.json index 4fd732d4e40..9ea33dca4b8 100644 --- a/2022/31xxx/CVE-2022-31234.json +++ b/2022/31xxx/CVE-2022-31234.json @@ -63,8 +63,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/kbdoc/000201283" + "refsource": "MISC", + "url": "https://www.dell.com/support/kbdoc/000201283", + "name": "https://www.dell.com/support/kbdoc/000201283" } ] } diff --git a/2022/32xxx/CVE-2022-32232.json b/2022/32xxx/CVE-2022-32232.json new file mode 100644 index 00000000000..daa7a6b6568 --- /dev/null +++ b/2022/32xxx/CVE-2022-32232.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-32232", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/32xxx/CVE-2022-32498.json b/2022/32xxx/CVE-2022-32498.json index 16e14ba13b4..ef579a4c91e 100644 --- a/2022/32xxx/CVE-2022-32498.json +++ b/2022/32xxx/CVE-2022-32498.json @@ -63,8 +63,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/kbdoc/000201283" + "refsource": "MISC", + "url": "https://www.dell.com/support/kbdoc/000201283", + "name": "https://www.dell.com/support/kbdoc/000201283" } ] } diff --git a/2022/32xxx/CVE-2022-32570.json b/2022/32xxx/CVE-2022-32570.json new file mode 100644 index 00000000000..82d8b1b4cfe --- /dev/null +++ b/2022/32xxx/CVE-2022-32570.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-32570", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/33xxx/CVE-2022-33196.json b/2022/33xxx/CVE-2022-33196.json new file mode 100644 index 00000000000..1556f25ab40 --- /dev/null +++ b/2022/33xxx/CVE-2022-33196.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-33196", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/33xxx/CVE-2022-33923.json b/2022/33xxx/CVE-2022-33923.json index 788fc1e7904..0e63451f14d 100644 --- a/2022/33xxx/CVE-2022-33923.json +++ b/2022/33xxx/CVE-2022-33923.json @@ -63,8 +63,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/kbdoc/000201283" + "refsource": "MISC", + "url": "https://www.dell.com/support/kbdoc/000201283", + "name": "https://www.dell.com/support/kbdoc/000201283" } ] } diff --git a/2022/34xxx/CVE-2022-34169.json b/2022/34xxx/CVE-2022-34169.json index b5a1d55a21f..adec5c4c954 100644 --- a/2022/34xxx/CVE-2022-34169.json +++ b/2022/34xxx/CVE-2022-34169.json @@ -101,15 +101,10 @@ "refsource": "MLIST", "name": "[oss-security] 20220720 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", "url": "http://www.openwall.com/lists/oss-security/2022/07/20/3" - }, - { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html", - "refsource": "MISC", - "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] }, "source": { "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2022/34xxx/CVE-2022-34367.json b/2022/34xxx/CVE-2022-34367.json index 3ddd7f9a866..d64ebe48891 100644 --- a/2022/34xxx/CVE-2022-34367.json +++ b/2022/34xxx/CVE-2022-34367.json @@ -63,8 +63,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/kbdoc/en-us/000201505/dsa-2022-192-dell-emc-data-protection-central-security-update-for-multiple-vulnerabilities" + "refsource": "MISC", + "url": "https://www.dell.com/support/kbdoc/en-us/000201505/dsa-2022-192-dell-emc-data-protection-central-security-update-for-multiple-vulnerabilities", + "name": "https://www.dell.com/support/kbdoc/en-us/000201505/dsa-2022-192-dell-emc-data-protection-central-security-update-for-multiple-vulnerabilities" } ] } diff --git a/2022/34xxx/CVE-2022-34657.json b/2022/34xxx/CVE-2022-34657.json new file mode 100644 index 00000000000..ffd58f7337f --- /dev/null +++ b/2022/34xxx/CVE-2022-34657.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-34657", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/34xxx/CVE-2022-34846.json b/2022/34xxx/CVE-2022-34846.json new file mode 100644 index 00000000000..3fce1e81c9c --- /dev/null +++ b/2022/34xxx/CVE-2022-34846.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-34846", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/34xxx/CVE-2022-34848.json b/2022/34xxx/CVE-2022-34848.json new file mode 100644 index 00000000000..ebd3262becd --- /dev/null +++ b/2022/34xxx/CVE-2022-34848.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-34848", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/35xxx/CVE-2022-35729.json b/2022/35xxx/CVE-2022-35729.json new file mode 100644 index 00000000000..949e912d356 --- /dev/null +++ b/2022/35xxx/CVE-2022-35729.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-35729", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/36xxx/CVE-2022-36298.json b/2022/36xxx/CVE-2022-36298.json new file mode 100644 index 00000000000..9022cdb4adc --- /dev/null +++ b/2022/36xxx/CVE-2022-36298.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-36298", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/36xxx/CVE-2022-36367.json b/2022/36xxx/CVE-2022-36367.json new file mode 100644 index 00000000000..6d91899060e --- /dev/null +++ b/2022/36xxx/CVE-2022-36367.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-36367", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/36xxx/CVE-2022-36372.json b/2022/36xxx/CVE-2022-36372.json new file mode 100644 index 00000000000..2cbdcc3ab0f --- /dev/null +++ b/2022/36xxx/CVE-2022-36372.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-36372", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file