admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-06-23 16:46:44 +00:00
parent e1fb11eab3
commit 2d94f13633
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
85 changed files with 2126 additions and 196 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2017/2xxx/CVE-2017-2601.json
View File

@ -94,6 +94,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20220517 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/05/17/8"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/06/22/3"
}
]
}

89
2021/26xxx/CVE-2021-26636.json
View File

@ -1,18 +1,95 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"ID": "CVE-2021-26636",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Maxboard Remote Code Execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MaxBoard",
"version": {
"version_data": [
{
"platform": "Linux",
"version_affected": "<=",
"version_value": "1.9.6.1"
}
]
}
}
]
},
"vendor_name": "MaxBoard"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Stored XSS and SQL injection vulnerability in MaxBoard could lead to occur Remote Code Execution, which could lead to information exposure and privilege escalation."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66781",
"name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66781"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

100
2021/26xxx/CVE-2021-26637.json
View File

@ -1,18 +1,106 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"ID": "CVE-2021-26637",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "SiHAS Improper Authentication vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SiHAS firmware",
"version": {
"version_data": [
{
"platform": "Android, iOS",
"version_affected": "=",
"version_value": "1.xx"
}
]
}
}
]
},
"vendor_name": "Shina System Co.,Ltd"
},
{
"product": {
"product_data": [
{
"product_name": "SiHAS old app",
"version": {
"version_data": [
{
"platform": "Android, iOS",
"version_affected": "=",
"version_value": "old app"
}
]
}
}
]
},
"vendor_name": "Shina System Co.,Ltd"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is no account authentication and permission check logic in the firmware and existing apps of SiHAS's SGW-300, ACM-300, GCM-300, so unauthorized users can remotely control the device."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66782",
"name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66782"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

81
2021/26xxx/CVE-2021-26638.json
View File

@ -1,18 +1,87 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"ID": "CVE-2021-26638",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Xi Smarthome wallpad authentication bypass vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "S&D smarthome (smartcare)",
"version": {
"version_data": [
{
"platform": "Android",
"version_affected": "<=",
"version_value": "3.2.48"
}
]
}
}
]
},
"vendor_name": "Xi S&D Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Authentication vulnerability in S&D smarthome(smartcare) application can cause authentication bypass and information exposure. Remote attackers can use this vulerability to take control of the home environment including indoor control."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66783",
"name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66783"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

4
2022/20xxx/CVE-2022-20651.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "\r A vulnerability in the logging component of Cisco Adaptive Security Device Manager (ASDM) could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. Cisco ADSM must be deployed in a shared workstation environment for this issue to be exploited.\r This vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system. A successful exploit could allow the attacker to view the credentials of other users of the shared device.\r "
"value": "A vulnerability in the logging component of Cisco Adaptive Security Device Manager (ASDM) could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. Cisco ADSM must be deployed in a shared workstation environment for this issue to be exploited. This vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system. A successful exploit could allow the attacker to view the credentials of other users of the shared device."
}
]
},
@ -83,4 +83,4 @@
],
"discovery": "INTERNAL"
}
}
}

55
2022/22xxx/CVE-2022-22967.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-22967",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@vmware.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "SaltStack Salt",
"version": {
"version_data": [
{
"version_value": "SaltStack Salt prior to 3002.9, 3003.5, 3004.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "PAM auth fails to reject locked accounts."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://repo.saltproject.io/",
"url": "https://repo.saltproject.io/"
},
{
"refsource": "MISC",
"name": "https://saltproject.io/security_announcements/salt-security-advisory-release-june-21st-2022/,",
"url": "https://saltproject.io/security_announcements/salt-security-advisory-release-june-21st-2022/,"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an active session and salt-api users that authenticate via PAM eauth."
}
]
}

50
2022/22xxx/CVE-2022-22980.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-22980",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@vmware.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Spring Data MongoDB",
"version": {
"version_data": [
{
"version_value": "3.4.0, 3.3.0 to 3.3.4 and Older"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spring Data MongoDB SpEL Expression injection vulnerability through annotated repository query methods"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://tanzu.vmware.com/security/cve-2022-22980",
"url": "https://tanzu.vmware.com/security/cve-2022-22980"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized."
}
]
}

66
2022/29xxx/CVE-2022-29526.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-29526",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-29526",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://groups.google.com/g/golang-announce",
"refsource": "MISC",
"name": "https://groups.google.com/g/golang-announce"
},
{
"refsource": "MISC",
"name": "https://github.com/golang/go/issues/52313",
"url": "https://github.com/golang/go/issues/52313"
},
{
"refsource": "MISC",
"name": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU",
"url": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU"
}
]
}

18
2022/2xxx/CVE-2022-2179.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2179",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

56
2022/31xxx/CVE-2022-31395.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-31395",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-31395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Algo Communication Products Ltd. 8373 IP Zone Paging Adapter Firmware 1.7.6 allows attackers to perform a directory traversal via a web request sent to /fm-data.lua."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://n0ur5sec.medium.com/achievement-unlocked-cve-2022-31395-33299f32cc00",
"url": "https://n0ur5sec.medium.com/achievement-unlocked-cve-2022-31395-33299f32cc00"
}
]
}

61
2022/31xxx/CVE-2022-31787.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-31787",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-31787",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IdeaTMS 2022 is vulnerable to SQL Injection via the PATH_INFO"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gist.github.com/This-is-Neo/c91e1a0ed5d40fbcf0dada43ea1d7479",
"refsource": "MISC",
"name": "https://gist.github.com/This-is-Neo/c91e1a0ed5d40fbcf0dada43ea1d7479"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/RNPG/ef10c0acceb650d43625a77d3472dd84",
"url": "https://gist.github.com/RNPG/ef10c0acceb650d43625a77d3472dd84"
}
]
}

72
2022/32xxx/CVE-2022-32534.json
View File

@ -4,15 +4,81 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-32534",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@bosch.com",
"TITLE": "OS Command Injection ",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Bosch",
"product": {
"product_data": [
{
"product_name": "PRA-ES8P2S",
"version": {
"version_data": [
{
"version_value": "1.01.05",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
},
"references": {
"reference_data": [
{
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-247052-BT.html",
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-247052-BT.html",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 and earlier was found to be vulnerable to command injection through its diagnostics web interface. This allows execution of shell commands."
}
]
},
"source": {
"advisory": "BOSCH-SA-247052-BT ",
"discovery": "INTERNAL"
}
}

72
2022/32xxx/CVE-2022-32535.json
View File

@ -4,15 +4,81 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-32535",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@bosch.com",
"TITLE": "Web server runs as root",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Bosch",
"product": {
"product_data": [
{
"product_name": "PRA-ES8P2S",
"version": {
"version_data": [
{
"version_value": "1.01.05",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-250 Execution with Unnecessary Privileges"
}
]
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
}
},
"references": {
"reference_data": [
{
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-247052-BT.html",
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-247052-BT.html",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 runs its web server with root privilege. In combination with CVE-2022-23534 this could give an attacker root access to the switch."
}
]
},
"source": {
"advisory": "BOSCH-SA-247052-BT ",
"discovery": "INTERNAL"
}
}

72
2022/32xxx/CVE-2022-32536.json
View File

@ -4,15 +4,81 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-32536",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@bosch.com",
"TITLE": "Privilege Escalation",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Bosch",
"product": {
"product_data": [
{
"product_name": "PRA-ES8P2S",
"version": {
"version_data": [
{
"version_value": "1.01.05",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
},
"references": {
"reference_data": [
{
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-247052-BT.html",
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-247052-BT.html",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The user access rights validation in the web server of the Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 was insufficient. This would allow a non-administrator user to obtain administrator user access rights."
}
]
},
"source": {
"advisory": "BOSCH-SA-247052-BT ",
"discovery": "UNKNOWN"
}
}

7
2022/32xxx/CVE-2022-32549.json
View File

@ -75,12 +75,13 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://lists.apache.org/thread/7z6h3806mwcov5kx6l96pq839sn0po1v"
"refsource": "MISC",
"url": "https://lists.apache.org/thread/7z6h3806mwcov5kx6l96pq839sn0po1v",
"name": "https://lists.apache.org/thread/7z6h3806mwcov5kx6l96pq839sn0po1v"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}

56
2022/32xxx/CVE-2022-32552.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-32552",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-32552",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of Python environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve \u201copt-in\u201d patch, manual patch application or a software upgrade to an unaffected version of Purity software."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04",
"url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04"
}
]
}

56
2022/32xxx/CVE-2022-32553.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-32553",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-32553",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve \u201copt-in\u201d patch, manual patch application or a software upgrade to an unaffected version of Purity software."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04",
"url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04"
}
]
}

56
2022/32xxx/CVE-2022-32554.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-32554",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-32554",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to possibly exposed credentials for accessing the product\u2019s management interface. The password may be known outside Pure Storage and could be used on an affected system, if reachable, to execute arbitrary instructions with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve \u201copt-in\u201d patch, manual patch application or a software upgrade to an unaffected version of Purity software."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04",
"url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04"
}
]
}

56
2022/33xxx/CVE-2022-33024.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-33024",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-33024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is an Assertion `int decode_preR13_entities(BITCODE_RL, BITCODE_RL, unsigned int, BITCODE_RL, BITCODE_RL, Bit_Chain *, Dwg_Data *' failed at dwg2dxf: decode.c:5801 in libredwg v0.12.4.4608."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/LibreDWG/libredwg/issues/492",
"refsource": "MISC",
"name": "https://github.com/LibreDWG/libredwg/issues/492"
}
]
}

56
2022/33xxx/CVE-2022-33025.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-33025",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-33025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function decode_preR13_section at decode_r11.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/LibreDWG/libredwg/issues/487",
"refsource": "MISC",
"name": "https://github.com/LibreDWG/libredwg/issues/487"
}
]
}

56
2022/33xxx/CVE-2022-33026.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-33026",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-33026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/LibreDWG/libredwg/issues/484",
"refsource": "MISC",
"name": "https://github.com/LibreDWG/libredwg/issues/484"
}
]
}

56
2022/33xxx/CVE-2022-33027.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-33027",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-33027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function dwg_add_handleref at dwg.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/LibreDWG/libredwg/issues/490",
"refsource": "MISC",
"name": "https://github.com/LibreDWG/libredwg/issues/490"
}
]
}

56
2022/33xxx/CVE-2022-33028.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-33028",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-33028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function dwg_add_object at decode.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/LibreDWG/libredwg/issues/489",
"refsource": "MISC",
"name": "https://github.com/LibreDWG/libredwg/issues/489"
}
]
}

56
2022/33xxx/CVE-2022-33032.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-33032",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-33032",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "LibreDWG v0.12.4.4608 was discovered to contain a heap-buffer-overflow via the function decode_preR13_section_hdr at decode_r11.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/LibreDWG/libredwg/issues/488",
"refsource": "MISC",
"name": "https://github.com/LibreDWG/libredwg/issues/488"
}
]
}

56
2022/33xxx/CVE-2022-33033.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-33033",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-33033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "LibreDWG v0.12.4.4608 was discovered to contain a double-free via the function dwg_read_file at dwg.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/LibreDWG/libredwg/issues/493",
"refsource": "MISC",
"name": "https://github.com/LibreDWG/libredwg/issues/493"
}
]
}

56
2022/33xxx/CVE-2022-33034.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-33034",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-33034",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "LibreDWG v0.12.4.4608 was discovered to contain a stack overflow via the function copy_bytes at decode_r2007.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/LibreDWG/libredwg/issues/494",
"refsource": "MISC",
"name": "https://github.com/LibreDWG/libredwg/issues/494"
}
]
}

56
2022/33xxx/CVE-2022-33067.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-33067",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-33067",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Lrzip v0.651 was discovered to contain multiple invalid arithmetic shifts via the functions get_magic in lrzip.c and Predictor::init in libzpaq/libzpaq.cpp. These vulnerabilities allow attackers to cause a Denial of Service via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/ckolivas/lrzip/issues/224",
"refsource": "MISC",
"name": "https://github.com/ckolivas/lrzip/issues/224"
}
]
}

61
2022/33xxx/CVE-2022-33068.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-33068",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-33068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/harfbuzz/harfbuzz/issues/3557",
"refsource": "MISC",
"name": "https://github.com/harfbuzz/harfbuzz/issues/3557"
},
{
"url": "https://github.com/harfbuzz/harfbuzz/commit/62e803b36173fd096d7ad460dd1d1db9be542593",
"refsource": "MISC",
"name": "https://github.com/harfbuzz/harfbuzz/commit/62e803b36173fd096d7ad460dd1d1db9be542593"
}
]
}

56
2022/33xxx/CVE-2022-33069.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-33069",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-33069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Ethereum Solidity v0.8.14 contains an assertion failure via SMTEncoder::indexOrMemberAssignment() at SMTEncoder.cpp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/ethereum/solidity/issues/12973",
"refsource": "MISC",
"name": "https://github.com/ethereum/solidity/issues/12973"
}
]
}

61
2022/33xxx/CVE-2022-33070.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-33070",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-33070",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/protobuf-c/protobuf-c/issues/506",
"refsource": "MISC",
"name": "https://github.com/protobuf-c/protobuf-c/issues/506"
},
{
"url": "https://github.com/protobuf-c/protobuf-c/pull/508",
"refsource": "MISC",
"name": "https://github.com/protobuf-c/protobuf-c/pull/508"
}
]
}

71
2022/33xxx/CVE-2022-33105.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-33105",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-33105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Redis v7.0 was discovered to contain a memory leak via the component streamGetEdgeID."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/redis/redis/commit/4a7a4e42db8ff757cdf3f4a824f66426036034ef",
"refsource": "MISC",
"name": "https://github.com/redis/redis/commit/4a7a4e42db8ff757cdf3f4a824f66426036034ef"
},
{
"url": "https://github.com/redis/redis/pull/10753",
"refsource": "MISC",
"name": "https://github.com/redis/redis/pull/10753"
},
{
"url": "https://raw.githubusercontent.com/redis/redis/7.0.1/00-RELEASENOTES",
"refsource": "MISC",
"name": "https://raw.githubusercontent.com/redis/redis/7.0.1/00-RELEASENOTES"
},
{
"url": "https://github.com/redis/redis/pull/10829",
"refsource": "MISC",
"name": "https://github.com/redis/redis/pull/10829"
}
]
}

8
2022/34xxx/CVE-2022-34170.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-34170",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -68,6 +69,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/06/22/3"
}
]
}

3
2022/34xxx/CVE-2022-34171.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-34171",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

8
2022/34xxx/CVE-2022-34172.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-34172",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -60,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/06/22/3"
}
]
}

3
2022/34xxx/CVE-2022-34173.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-34173",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

8
2022/34xxx/CVE-2022-34174.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-34174",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -60,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2566",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2566",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/06/22/3"
}
]
}

3
2022/34xxx/CVE-2022-34175.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-34175",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

8
2022/34xxx/CVE-2022-34176.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-34176",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -60,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2760",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2760",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/06/22/3"
}
]
}

3
2022/34xxx/CVE-2022-34177.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-34177",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

3
2022/34xxx/CVE-2022-34178.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-34178",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

8
2022/34xxx/CVE-2022-34179.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-34179",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -56,6 +57,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2792",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2792",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/06/22/3"
}
]
}

3
2022/34xxx/CVE-2022-34180.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-34180",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

8
2022/34xxx/CVE-2022-34181.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-34181",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -56,6 +57,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2549",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2549",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/06/22/3"
}
]
}

3
2022/34xxx/CVE-2022-34182.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-34182",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

8
2022/34xxx/CVE-2022-34183.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-34183",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -60,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/06/22/3"
}
]
}

3
2022/34xxx/CVE-2022-34184.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-34184",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

3
2022/34xxx/CVE-2022-34185.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-34185",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

3
2022/34xxx/CVE-2022-34186.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-34186",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

3
2022/34xxx/CVE-2022-34187.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-34187",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

3
2022/34xxx/CVE-2022-34188.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-34188",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

3
2022/34xxx/CVE-2022-34189.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-34189",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

3
2022/34xxx/CVE-2022-34190.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-34190",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

3
2022/34xxx/CVE-2022-34191.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-34191",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

8
2022/34xxx/CVE-2022-34192.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-34192",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -60,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/06/22/3"
}
]
}

3
2022/34xxx/CVE-2022-34193.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-34193",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

8
2022/34xxx/CVE-2022-34194.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-34194",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -60,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/06/22/3"
}
]
}

3
2022/34xxx/CVE-2022-34195.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-34195",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

3
2022/34xxx/CVE-2022-34196.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-34196",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

3
2022/34xxx/CVE-2022-34197.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-34197",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

3
2022/34xxx/CVE-2022-34198.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-34198",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

8
2022/34xxx/CVE-2022-34199.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-34199",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -60,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2064",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2064",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/06/22/3"
}
]
}

3
2022/34xxx/CVE-2022-34200.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-34200",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

8
2022/34xxx/CVE-2022-34201.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-34201",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -60,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2276",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2276",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/06/22/3"
}
]
}

3
2022/34xxx/CVE-2022-34202.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-34202",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

3
2022/34xxx/CVE-2022-34203.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-34203",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

3
2022/34xxx/CVE-2022-34204.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-34204",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

8
2022/34xxx/CVE-2022-34205.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-34205",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -60,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2240",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2240",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/06/22/3"
}
]
}

8
2022/34xxx/CVE-2022-34206.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-34206",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -60,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2240",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2240",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/06/22/3"
}
]
}

8
2022/34xxx/CVE-2022-34207.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-34207",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -60,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2248",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2248",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/06/22/3"
}
]
}

3
2022/34xxx/CVE-2022-34208.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-34208",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

3
2022/34xxx/CVE-2022-34209.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-34209",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

3
2022/34xxx/CVE-2022-34210.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-34210",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

8
2022/34xxx/CVE-2022-34211.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-34211",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -60,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2279",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2279",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/06/22/3"
}
]
}

3
2022/34xxx/CVE-2022-34212.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-34212",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

3
2022/34xxx/CVE-2022-34213.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-34213",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

77
2022/34xxx/CVE-2022-34295.json Normal file
View File

@ -0,0 +1,77 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-34295",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "totd before 1.5.3 does not properly randomize mesg IDs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner",
"refsource": "MISC",
"name": "https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner"
},
{
"url": "http://www.hit.bme.hu/~lencse/publications/JCST-Apr14-2.pdf",
"refsource": "MISC",
"name": "http://www.hit.bme.hu/~lencse/publications/JCST-Apr14-2.pdf"
},
{
"url": "https://github.com/fwdillema/totd/commit/afd8a10a6a21f82a70940d1b43cff48143250399",
"refsource": "MISC",
"name": "https://github.com/fwdillema/totd/commit/afd8a10a6a21f82a70940d1b43cff48143250399"
},
{
"url": "https://github.com/fwdillema/totd/releases/tag/1.5.3",
"refsource": "MISC",
"name": "https://github.com/fwdillema/totd/releases/tag/1.5.3"
}
]
}
}

72
2022/34xxx/CVE-2022-34298.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-34298",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NT auth module in OpenAM before 14.6.6 allows a \"replace Samba username attack.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/OpenIdentityPlatform/OpenAM/pull/514",
"refsource": "MISC",
"name": "https://github.com/OpenIdentityPlatform/OpenAM/pull/514"
},
{
"url": "https://github.com/OpenIdentityPlatform/OpenAM/compare/14.6.5...14.6.6",
"refsource": "MISC",
"name": "https://github.com/OpenIdentityPlatform/OpenAM/compare/14.6.5...14.6.6"
},
{
"url": "https://github.com/OpenIdentityPlatform/OpenAM/releases/tag/14.6.6",
"refsource": "MISC",
"name": "https://github.com/OpenIdentityPlatform/OpenAM/releases/tag/14.6.6"
}
]
}
}

67
2022/34xxx/CVE-2022-34299.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-34299",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a heap-based buffer over-read in libdwarf 0.4.0. This issue is related to dwarf_global_formref_b."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/davea42/libdwarf-code/issues/119",
"refsource": "MISC",
"name": "https://github.com/davea42/libdwarf-code/issues/119"
},
{
"url": "https://github.com/davea42/libdwarf-code/commit/7ef09e1fc9ba07653dd078edb2408631c7969162",
"refsource": "MISC",
"name": "https://github.com/davea42/libdwarf-code/commit/7ef09e1fc9ba07653dd078edb2408631c7969162"
}
]
}
}

62
2022/34xxx/CVE-2022-34300.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-34300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In tinyexr 1.0.1, there is a heap-based buffer over-read in tinyexr::DecodePixelData."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/syoyo/tinyexr/issues/167",
"refsource": "MISC",
"name": "https://github.com/syoyo/tinyexr/issues/167"
}
]
}
}

18
2022/34xxx/CVE-2022-34307.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34307",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/34xxx/CVE-2022-34311.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34311",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/34xxx/CVE-2022-34315.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34315",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/34xxx/CVE-2022-34317.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34317",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/34xxx/CVE-2022-34320.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34320",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/34xxx/CVE-2022-34321.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34321",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}