From 2d94f1363358c17711d5adfc368e94d8e1f63edd Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 23 Jun 2022 16:46:44 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2017/2xxx/CVE-2017-2601.json | 5 ++ 2021/26xxx/CVE-2021-26636.json | 89 +++++++++++++++++++++++++++-- 2021/26xxx/CVE-2021-26637.json | 100 +++++++++++++++++++++++++++++++-- 2021/26xxx/CVE-2021-26638.json | 81 ++++++++++++++++++++++++-- 2022/20xxx/CVE-2022-20651.json | 4 +- 2022/22xxx/CVE-2022-22967.json | 55 +++++++++++++++++- 2022/22xxx/CVE-2022-22980.json | 50 ++++++++++++++++- 2022/29xxx/CVE-2022-29526.json | 66 ++++++++++++++++++++-- 2022/2xxx/CVE-2022-2179.json | 18 ++++++ 2022/31xxx/CVE-2022-31395.json | 56 ++++++++++++++++-- 2022/31xxx/CVE-2022-31787.json | 61 ++++++++++++++++++-- 2022/32xxx/CVE-2022-32534.json | 72 +++++++++++++++++++++++- 2022/32xxx/CVE-2022-32535.json | 72 +++++++++++++++++++++++- 2022/32xxx/CVE-2022-32536.json | 72 +++++++++++++++++++++++- 2022/32xxx/CVE-2022-32549.json | 7 ++- 2022/32xxx/CVE-2022-32552.json | 56 ++++++++++++++++-- 2022/32xxx/CVE-2022-32553.json | 56 ++++++++++++++++-- 2022/32xxx/CVE-2022-32554.json | 56 ++++++++++++++++-- 2022/33xxx/CVE-2022-33024.json | 56 ++++++++++++++++-- 2022/33xxx/CVE-2022-33025.json | 56 ++++++++++++++++-- 2022/33xxx/CVE-2022-33026.json | 56 ++++++++++++++++-- 2022/33xxx/CVE-2022-33027.json | 56 ++++++++++++++++-- 2022/33xxx/CVE-2022-33028.json | 56 ++++++++++++++++-- 2022/33xxx/CVE-2022-33032.json | 56 ++++++++++++++++-- 2022/33xxx/CVE-2022-33033.json | 56 ++++++++++++++++-- 2022/33xxx/CVE-2022-33034.json | 56 ++++++++++++++++-- 2022/33xxx/CVE-2022-33067.json | 56 ++++++++++++++++-- 2022/33xxx/CVE-2022-33068.json | 61 ++++++++++++++++++-- 2022/33xxx/CVE-2022-33069.json | 56 ++++++++++++++++-- 2022/33xxx/CVE-2022-33070.json | 61 ++++++++++++++++++-- 2022/33xxx/CVE-2022-33105.json | 71 +++++++++++++++++++++-- 2022/34xxx/CVE-2022-34170.json | 8 ++- 2022/34xxx/CVE-2022-34171.json | 3 +- 2022/34xxx/CVE-2022-34172.json | 8 ++- 2022/34xxx/CVE-2022-34173.json | 3 +- 2022/34xxx/CVE-2022-34174.json | 8 ++- 2022/34xxx/CVE-2022-34175.json | 3 +- 2022/34xxx/CVE-2022-34176.json | 8 ++- 2022/34xxx/CVE-2022-34177.json | 3 +- 2022/34xxx/CVE-2022-34178.json | 3 +- 2022/34xxx/CVE-2022-34179.json | 8 ++- 2022/34xxx/CVE-2022-34180.json | 3 +- 2022/34xxx/CVE-2022-34181.json | 8 ++- 2022/34xxx/CVE-2022-34182.json | 3 +- 2022/34xxx/CVE-2022-34183.json | 8 ++- 2022/34xxx/CVE-2022-34184.json | 3 +- 2022/34xxx/CVE-2022-34185.json | 3 +- 2022/34xxx/CVE-2022-34186.json | 3 +- 2022/34xxx/CVE-2022-34187.json | 3 +- 2022/34xxx/CVE-2022-34188.json | 3 +- 2022/34xxx/CVE-2022-34189.json | 3 +- 2022/34xxx/CVE-2022-34190.json | 3 +- 2022/34xxx/CVE-2022-34191.json | 3 +- 2022/34xxx/CVE-2022-34192.json | 8 ++- 2022/34xxx/CVE-2022-34193.json | 3 +- 2022/34xxx/CVE-2022-34194.json | 8 ++- 2022/34xxx/CVE-2022-34195.json | 3 +- 2022/34xxx/CVE-2022-34196.json | 3 +- 2022/34xxx/CVE-2022-34197.json | 3 +- 2022/34xxx/CVE-2022-34198.json | 3 +- 2022/34xxx/CVE-2022-34199.json | 8 ++- 2022/34xxx/CVE-2022-34200.json | 3 +- 2022/34xxx/CVE-2022-34201.json | 8 ++- 2022/34xxx/CVE-2022-34202.json | 3 +- 2022/34xxx/CVE-2022-34203.json | 3 +- 2022/34xxx/CVE-2022-34204.json | 3 +- 2022/34xxx/CVE-2022-34205.json | 8 ++- 2022/34xxx/CVE-2022-34206.json | 8 ++- 2022/34xxx/CVE-2022-34207.json | 8 ++- 2022/34xxx/CVE-2022-34208.json | 3 +- 2022/34xxx/CVE-2022-34209.json | 3 +- 2022/34xxx/CVE-2022-34210.json | 3 +- 2022/34xxx/CVE-2022-34211.json | 8 ++- 2022/34xxx/CVE-2022-34212.json | 3 +- 2022/34xxx/CVE-2022-34213.json | 3 +- 2022/34xxx/CVE-2022-34295.json | 77 +++++++++++++++++++++++++ 2022/34xxx/CVE-2022-34298.json | 72 ++++++++++++++++++++++++ 2022/34xxx/CVE-2022-34299.json | 67 ++++++++++++++++++++++ 2022/34xxx/CVE-2022-34300.json | 62 ++++++++++++++++++++ 2022/34xxx/CVE-2022-34307.json | 18 ++++++ 2022/34xxx/CVE-2022-34311.json | 18 ++++++ 2022/34xxx/CVE-2022-34315.json | 18 ++++++ 2022/34xxx/CVE-2022-34317.json | 18 ++++++ 2022/34xxx/CVE-2022-34320.json | 18 ++++++ 2022/34xxx/CVE-2022-34321.json | 18 ++++++ 85 files changed, 2126 insertions(+), 196 deletions(-) create mode 100644 2022/2xxx/CVE-2022-2179.json create mode 100644 2022/34xxx/CVE-2022-34295.json create mode 100644 2022/34xxx/CVE-2022-34298.json create mode 100644 2022/34xxx/CVE-2022-34299.json create mode 100644 2022/34xxx/CVE-2022-34300.json create mode 100644 2022/34xxx/CVE-2022-34307.json create mode 100644 2022/34xxx/CVE-2022-34311.json create mode 100644 2022/34xxx/CVE-2022-34315.json create mode 100644 2022/34xxx/CVE-2022-34317.json create mode 100644 2022/34xxx/CVE-2022-34320.json create mode 100644 2022/34xxx/CVE-2022-34321.json diff --git a/2017/2xxx/CVE-2017-2601.json b/2017/2xxx/CVE-2017-2601.json index f8b414a92fb..d16528b05c0 100644 --- a/2017/2xxx/CVE-2017-2601.json +++ b/2017/2xxx/CVE-2017-2601.json @@ -94,6 +94,11 @@ "refsource": "MLIST", "name": "[oss-security] 20220517 Multiple vulnerabilities in Jenkins plugins", "url": "http://www.openwall.com/lists/oss-security/2022/05/17/8" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/06/22/3" } ] } diff --git a/2021/26xxx/CVE-2021-26636.json b/2021/26xxx/CVE-2021-26636.json index 4bf428bb724..b6f167491fd 100644 --- a/2021/26xxx/CVE-2021-26636.json +++ b/2021/26xxx/CVE-2021-26636.json @@ -1,18 +1,95 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "vuln@krcert.or.kr", "ID": "CVE-2021-26636", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Maxboard Remote Code Execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MaxBoard", + "version": { + "version_data": [ + { + "platform": "Linux", + "version_affected": "<=", + "version_value": "1.9.6.1" + } + ] + } + } + ] + }, + "vendor_name": "MaxBoard" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Stored XSS and SQL injection vulnerability in MaxBoard could lead to occur Remote Code Execution, which could lead to information exposure and privilege escalation." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66781", + "name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66781" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26637.json b/2021/26xxx/CVE-2021-26637.json index 4cbd0127f02..42f63716f8b 100644 --- a/2021/26xxx/CVE-2021-26637.json +++ b/2021/26xxx/CVE-2021-26637.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "vuln@krcert.or.kr", "ID": "CVE-2021-26637", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "SiHAS Improper Authentication vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SiHAS firmware", + "version": { + "version_data": [ + { + "platform": "Android, iOS", + "version_affected": "=", + "version_value": "1.xx" + } + ] + } + } + ] + }, + "vendor_name": "Shina System Co.,Ltd" + }, + { + "product": { + "product_data": [ + { + "product_name": "SiHAS old app", + "version": { + "version_data": [ + { + "platform": "Android, iOS", + "version_affected": "=", + "version_value": "old app" + } + ] + } + } + ] + }, + "vendor_name": "Shina System Co.,Ltd" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is no account authentication and permission check logic in the firmware and existing apps of SiHAS's SGW-300, ACM-300, GCM-300, so unauthorized users can remotely control the device." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287 Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66782", + "name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66782" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26638.json b/2021/26xxx/CVE-2021-26638.json index 77578ee5855..f0ba3687f6b 100644 --- a/2021/26xxx/CVE-2021-26638.json +++ b/2021/26xxx/CVE-2021-26638.json @@ -1,18 +1,87 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "vuln@krcert.or.kr", "ID": "CVE-2021-26638", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Xi Smarthome wallpad authentication bypass vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "S&D smarthome (smartcare)", + "version": { + "version_data": [ + { + "platform": "Android", + "version_affected": "<=", + "version_value": "3.2.48" + } + ] + } + } + ] + }, + "vendor_name": "Xi S&D Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Authentication vulnerability in S&D smarthome(smartcare) application can cause authentication bypass and information exposure. Remote attackers can use this vulerability to take control of the home environment including indoor control." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287 Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66783", + "name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66783" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20651.json b/2022/20xxx/CVE-2022-20651.json index 97d9a262d8c..ccacb1d1d4e 100644 --- a/2022/20xxx/CVE-2022-20651.json +++ b/2022/20xxx/CVE-2022-20651.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "\r A vulnerability in the logging component of Cisco Adaptive Security Device Manager (ASDM) could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. Cisco ADSM must be deployed in a shared workstation environment for this issue to be exploited.\r This vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system. A successful exploit could allow the attacker to view the credentials of other users of the shared device.\r " + "value": "A vulnerability in the logging component of Cisco Adaptive Security Device Manager (ASDM) could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. Cisco ADSM must be deployed in a shared workstation environment for this issue to be exploited. This vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system. A successful exploit could allow the attacker to view the credentials of other users of the shared device." } ] }, @@ -83,4 +83,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22967.json b/2022/22xxx/CVE-2022-22967.json index 2b69303d9e3..9455655b548 100644 --- a/2022/22xxx/CVE-2022-22967.json +++ b/2022/22xxx/CVE-2022-22967.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22967", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "SaltStack Salt", + "version": { + "version_data": [ + { + "version_value": "SaltStack Salt prior to 3002.9, 3003.5, 3004.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "PAM auth fails to reject locked accounts." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://repo.saltproject.io/", + "url": "https://repo.saltproject.io/" + }, + { + "refsource": "MISC", + "name": "https://saltproject.io/security_announcements/salt-security-advisory-release-june-21st-2022/,", + "url": "https://saltproject.io/security_announcements/salt-security-advisory-release-june-21st-2022/," + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an active session and salt-api users that authenticate via PAM eauth." } ] } diff --git a/2022/22xxx/CVE-2022-22980.json b/2022/22xxx/CVE-2022-22980.json index b7e4698115a..52137f21370 100644 --- a/2022/22xxx/CVE-2022-22980.json +++ b/2022/22xxx/CVE-2022-22980.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22980", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Spring Data MongoDB", + "version": { + "version_data": [ + { + "version_value": "3.4.0, 3.3.0 to 3.3.4 and Older" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spring Data MongoDB SpEL Expression injection vulnerability through annotated repository query methods" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://tanzu.vmware.com/security/cve-2022-22980", + "url": "https://tanzu.vmware.com/security/cve-2022-22980" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized." } ] } diff --git a/2022/29xxx/CVE-2022-29526.json b/2022/29xxx/CVE-2022-29526.json index 3cb663fe60c..359c0386c2a 100644 --- a/2022/29xxx/CVE-2022-29526.json +++ b/2022/29xxx/CVE-2022-29526.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-29526", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-29526", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://groups.google.com/g/golang-announce", + "refsource": "MISC", + "name": "https://groups.google.com/g/golang-announce" + }, + { + "refsource": "MISC", + "name": "https://github.com/golang/go/issues/52313", + "url": "https://github.com/golang/go/issues/52313" + }, + { + "refsource": "MISC", + "name": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU", + "url": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU" } ] } diff --git a/2022/2xxx/CVE-2022-2179.json b/2022/2xxx/CVE-2022-2179.json new file mode 100644 index 00000000000..42a397043a0 --- /dev/null +++ b/2022/2xxx/CVE-2022-2179.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2179", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/31xxx/CVE-2022-31395.json b/2022/31xxx/CVE-2022-31395.json index 7fd1a362bed..98e3ce7f3d4 100644 --- a/2022/31xxx/CVE-2022-31395.json +++ b/2022/31xxx/CVE-2022-31395.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-31395", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-31395", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Algo Communication Products Ltd. 8373 IP Zone Paging Adapter Firmware 1.7.6 allows attackers to perform a directory traversal via a web request sent to /fm-data.lua." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://n0ur5sec.medium.com/achievement-unlocked-cve-2022-31395-33299f32cc00", + "url": "https://n0ur5sec.medium.com/achievement-unlocked-cve-2022-31395-33299f32cc00" } ] } diff --git a/2022/31xxx/CVE-2022-31787.json b/2022/31xxx/CVE-2022-31787.json index bf6995bdff2..f713083e569 100644 --- a/2022/31xxx/CVE-2022-31787.json +++ b/2022/31xxx/CVE-2022-31787.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-31787", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-31787", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IdeaTMS 2022 is vulnerable to SQL Injection via the PATH_INFO" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gist.github.com/This-is-Neo/c91e1a0ed5d40fbcf0dada43ea1d7479", + "refsource": "MISC", + "name": "https://gist.github.com/This-is-Neo/c91e1a0ed5d40fbcf0dada43ea1d7479" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/RNPG/ef10c0acceb650d43625a77d3472dd84", + "url": "https://gist.github.com/RNPG/ef10c0acceb650d43625a77d3472dd84" } ] } diff --git a/2022/32xxx/CVE-2022-32534.json b/2022/32xxx/CVE-2022-32534.json index 54d1b0afa6f..f93c9f75d2a 100644 --- a/2022/32xxx/CVE-2022-32534.json +++ b/2022/32xxx/CVE-2022-32534.json @@ -4,15 +4,81 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-32534", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@bosch.com", + "TITLE": "OS Command Injection ", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Bosch", + "product": { + "product_data": [ + { + "product_name": "PRA-ES8P2S", + "version": { + "version_data": [ + { + "version_value": "1.01.05", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + } + }, + "references": { + "reference_data": [ + { + "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-247052-BT.html", + "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-247052-BT.html", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 and earlier was found to be vulnerable to command injection through its diagnostics web interface. This allows execution of shell commands." } ] + }, + "source": { + "advisory": "BOSCH-SA-247052-BT ", + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2022/32xxx/CVE-2022-32535.json b/2022/32xxx/CVE-2022-32535.json index 17c6a4c7a54..cc0ada8859f 100644 --- a/2022/32xxx/CVE-2022-32535.json +++ b/2022/32xxx/CVE-2022-32535.json @@ -4,15 +4,81 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-32535", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@bosch.com", + "TITLE": "Web server runs as root", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Bosch", + "product": { + "product_data": [ + { + "product_name": "PRA-ES8P2S", + "version": { + "version_data": [ + { + "version_value": "1.01.05", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-250 Execution with Unnecessary Privileges" + } + ] + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + } + }, + "references": { + "reference_data": [ + { + "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-247052-BT.html", + "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-247052-BT.html", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 runs its web server with root privilege. In combination with CVE-2022-23534 this could give an attacker root access to the switch." } ] + }, + "source": { + "advisory": "BOSCH-SA-247052-BT ", + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2022/32xxx/CVE-2022-32536.json b/2022/32xxx/CVE-2022-32536.json index 29fd4877eb3..20d71794214 100644 --- a/2022/32xxx/CVE-2022-32536.json +++ b/2022/32xxx/CVE-2022-32536.json @@ -4,15 +4,81 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-32536", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@bosch.com", + "TITLE": "Privilege Escalation", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Bosch", + "product": { + "product_data": [ + { + "product_name": "PRA-ES8P2S", + "version": { + "version_data": [ + { + "version_value": "1.01.05", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269 Improper Privilege Management" + } + ] + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + } + }, + "references": { + "reference_data": [ + { + "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-247052-BT.html", + "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-247052-BT.html", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The user access rights validation in the web server of the Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 was insufficient. This would allow a non-administrator user to obtain administrator user access rights." } ] + }, + "source": { + "advisory": "BOSCH-SA-247052-BT ", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/32xxx/CVE-2022-32549.json b/2022/32xxx/CVE-2022-32549.json index 825d070d118..76d539904f6 100644 --- a/2022/32xxx/CVE-2022-32549.json +++ b/2022/32xxx/CVE-2022-32549.json @@ -75,12 +75,13 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://lists.apache.org/thread/7z6h3806mwcov5kx6l96pq839sn0po1v" + "refsource": "MISC", + "url": "https://lists.apache.org/thread/7z6h3806mwcov5kx6l96pq839sn0po1v", + "name": "https://lists.apache.org/thread/7z6h3806mwcov5kx6l96pq839sn0po1v" } ] }, "source": { "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2022/32xxx/CVE-2022-32552.json b/2022/32xxx/CVE-2022-32552.json index 3b83ae84125..0820d6e413a 100644 --- a/2022/32xxx/CVE-2022-32552.json +++ b/2022/32xxx/CVE-2022-32552.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-32552", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-32552", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of Python environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve \u201copt-in\u201d patch, manual patch application or a software upgrade to an unaffected version of Purity software." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04", + "url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04" } ] } diff --git a/2022/32xxx/CVE-2022-32553.json b/2022/32xxx/CVE-2022-32553.json index e9a24a45fa9..7ac5342dd26 100644 --- a/2022/32xxx/CVE-2022-32553.json +++ b/2022/32xxx/CVE-2022-32553.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-32553", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-32553", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve \u201copt-in\u201d patch, manual patch application or a software upgrade to an unaffected version of Purity software." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04", + "url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04" } ] } diff --git a/2022/32xxx/CVE-2022-32554.json b/2022/32xxx/CVE-2022-32554.json index 045176ee8f5..f388ba9736d 100644 --- a/2022/32xxx/CVE-2022-32554.json +++ b/2022/32xxx/CVE-2022-32554.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-32554", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-32554", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to possibly exposed credentials for accessing the product\u2019s management interface. The password may be known outside Pure Storage and could be used on an affected system, if reachable, to execute arbitrary instructions with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve \u201copt-in\u201d patch, manual patch application or a software upgrade to an unaffected version of Purity software." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04", + "url": "https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04" } ] } diff --git a/2022/33xxx/CVE-2022-33024.json b/2022/33xxx/CVE-2022-33024.json index 40051d7de86..9c48f6fb800 100644 --- a/2022/33xxx/CVE-2022-33024.json +++ b/2022/33xxx/CVE-2022-33024.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-33024", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-33024", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is an Assertion `int decode_preR13_entities(BITCODE_RL, BITCODE_RL, unsigned int, BITCODE_RL, BITCODE_RL, Bit_Chain *, Dwg_Data *' failed at dwg2dxf: decode.c:5801 in libredwg v0.12.4.4608." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/LibreDWG/libredwg/issues/492", + "refsource": "MISC", + "name": "https://github.com/LibreDWG/libredwg/issues/492" } ] } diff --git a/2022/33xxx/CVE-2022-33025.json b/2022/33xxx/CVE-2022-33025.json index d1b78a735b5..705a55a1412 100644 --- a/2022/33xxx/CVE-2022-33025.json +++ b/2022/33xxx/CVE-2022-33025.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-33025", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-33025", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function decode_preR13_section at decode_r11.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/LibreDWG/libredwg/issues/487", + "refsource": "MISC", + "name": "https://github.com/LibreDWG/libredwg/issues/487" } ] } diff --git a/2022/33xxx/CVE-2022-33026.json b/2022/33xxx/CVE-2022-33026.json index 45bd30e6571..d71e73aff5a 100644 --- a/2022/33xxx/CVE-2022-33026.json +++ b/2022/33xxx/CVE-2022-33026.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-33026", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-33026", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/LibreDWG/libredwg/issues/484", + "refsource": "MISC", + "name": "https://github.com/LibreDWG/libredwg/issues/484" } ] } diff --git a/2022/33xxx/CVE-2022-33027.json b/2022/33xxx/CVE-2022-33027.json index 66228f3c651..eec76082c40 100644 --- a/2022/33xxx/CVE-2022-33027.json +++ b/2022/33xxx/CVE-2022-33027.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-33027", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-33027", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function dwg_add_handleref at dwg.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/LibreDWG/libredwg/issues/490", + "refsource": "MISC", + "name": "https://github.com/LibreDWG/libredwg/issues/490" } ] } diff --git a/2022/33xxx/CVE-2022-33028.json b/2022/33xxx/CVE-2022-33028.json index 392e78c02e0..e8a2fee6fbf 100644 --- a/2022/33xxx/CVE-2022-33028.json +++ b/2022/33xxx/CVE-2022-33028.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-33028", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-33028", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function dwg_add_object at decode.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/LibreDWG/libredwg/issues/489", + "refsource": "MISC", + "name": "https://github.com/LibreDWG/libredwg/issues/489" } ] } diff --git a/2022/33xxx/CVE-2022-33032.json b/2022/33xxx/CVE-2022-33032.json index 0531ac27adf..25985cce278 100644 --- a/2022/33xxx/CVE-2022-33032.json +++ b/2022/33xxx/CVE-2022-33032.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-33032", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-33032", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "LibreDWG v0.12.4.4608 was discovered to contain a heap-buffer-overflow via the function decode_preR13_section_hdr at decode_r11.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/LibreDWG/libredwg/issues/488", + "refsource": "MISC", + "name": "https://github.com/LibreDWG/libredwg/issues/488" } ] } diff --git a/2022/33xxx/CVE-2022-33033.json b/2022/33xxx/CVE-2022-33033.json index e5b897446ad..8b5a66aa9a9 100644 --- a/2022/33xxx/CVE-2022-33033.json +++ b/2022/33xxx/CVE-2022-33033.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-33033", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-33033", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "LibreDWG v0.12.4.4608 was discovered to contain a double-free via the function dwg_read_file at dwg.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/LibreDWG/libredwg/issues/493", + "refsource": "MISC", + "name": "https://github.com/LibreDWG/libredwg/issues/493" } ] } diff --git a/2022/33xxx/CVE-2022-33034.json b/2022/33xxx/CVE-2022-33034.json index 45d313e40c6..65806ef789a 100644 --- a/2022/33xxx/CVE-2022-33034.json +++ b/2022/33xxx/CVE-2022-33034.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-33034", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-33034", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "LibreDWG v0.12.4.4608 was discovered to contain a stack overflow via the function copy_bytes at decode_r2007.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/LibreDWG/libredwg/issues/494", + "refsource": "MISC", + "name": "https://github.com/LibreDWG/libredwg/issues/494" } ] } diff --git a/2022/33xxx/CVE-2022-33067.json b/2022/33xxx/CVE-2022-33067.json index 63980a81c62..665007f898e 100644 --- a/2022/33xxx/CVE-2022-33067.json +++ b/2022/33xxx/CVE-2022-33067.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-33067", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-33067", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Lrzip v0.651 was discovered to contain multiple invalid arithmetic shifts via the functions get_magic in lrzip.c and Predictor::init in libzpaq/libzpaq.cpp. These vulnerabilities allow attackers to cause a Denial of Service via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ckolivas/lrzip/issues/224", + "refsource": "MISC", + "name": "https://github.com/ckolivas/lrzip/issues/224" } ] } diff --git a/2022/33xxx/CVE-2022-33068.json b/2022/33xxx/CVE-2022-33068.json index f56a1a06fbe..eb52ef94c42 100644 --- a/2022/33xxx/CVE-2022-33068.json +++ b/2022/33xxx/CVE-2022-33068.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-33068", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-33068", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/harfbuzz/harfbuzz/issues/3557", + "refsource": "MISC", + "name": "https://github.com/harfbuzz/harfbuzz/issues/3557" + }, + { + "url": "https://github.com/harfbuzz/harfbuzz/commit/62e803b36173fd096d7ad460dd1d1db9be542593", + "refsource": "MISC", + "name": "https://github.com/harfbuzz/harfbuzz/commit/62e803b36173fd096d7ad460dd1d1db9be542593" } ] } diff --git a/2022/33xxx/CVE-2022-33069.json b/2022/33xxx/CVE-2022-33069.json index 394c94fc559..b7e65107262 100644 --- a/2022/33xxx/CVE-2022-33069.json +++ b/2022/33xxx/CVE-2022-33069.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-33069", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-33069", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Ethereum Solidity v0.8.14 contains an assertion failure via SMTEncoder::indexOrMemberAssignment() at SMTEncoder.cpp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ethereum/solidity/issues/12973", + "refsource": "MISC", + "name": "https://github.com/ethereum/solidity/issues/12973" } ] } diff --git a/2022/33xxx/CVE-2022-33070.json b/2022/33xxx/CVE-2022-33070.json index 8d01bf8e8ca..7e154ce010c 100644 --- a/2022/33xxx/CVE-2022-33070.json +++ b/2022/33xxx/CVE-2022-33070.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-33070", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-33070", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/protobuf-c/protobuf-c/issues/506", + "refsource": "MISC", + "name": "https://github.com/protobuf-c/protobuf-c/issues/506" + }, + { + "url": "https://github.com/protobuf-c/protobuf-c/pull/508", + "refsource": "MISC", + "name": "https://github.com/protobuf-c/protobuf-c/pull/508" } ] } diff --git a/2022/33xxx/CVE-2022-33105.json b/2022/33xxx/CVE-2022-33105.json index b7309b58462..d7208d8e9b8 100644 --- a/2022/33xxx/CVE-2022-33105.json +++ b/2022/33xxx/CVE-2022-33105.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-33105", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-33105", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Redis v7.0 was discovered to contain a memory leak via the component streamGetEdgeID." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/redis/redis/commit/4a7a4e42db8ff757cdf3f4a824f66426036034ef", + "refsource": "MISC", + "name": "https://github.com/redis/redis/commit/4a7a4e42db8ff757cdf3f4a824f66426036034ef" + }, + { + "url": "https://github.com/redis/redis/pull/10753", + "refsource": "MISC", + "name": "https://github.com/redis/redis/pull/10753" + }, + { + "url": "https://raw.githubusercontent.com/redis/redis/7.0.1/00-RELEASENOTES", + "refsource": "MISC", + "name": "https://raw.githubusercontent.com/redis/redis/7.0.1/00-RELEASENOTES" + }, + { + "url": "https://github.com/redis/redis/pull/10829", + "refsource": "MISC", + "name": "https://github.com/redis/redis/pull/10829" } ] } diff --git a/2022/34xxx/CVE-2022-34170.json b/2022/34xxx/CVE-2022-34170.json index 754b9b27565..0ed18db4244 100644 --- a/2022/34xxx/CVE-2022-34170.json +++ b/2022/34xxx/CVE-2022-34170.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2022-34170", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -68,6 +69,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781", "url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/06/22/3" } ] } diff --git a/2022/34xxx/CVE-2022-34171.json b/2022/34xxx/CVE-2022-34171.json index 69aecb50e03..568e64b48ce 100644 --- a/2022/34xxx/CVE-2022-34171.json +++ b/2022/34xxx/CVE-2022-34171.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2022-34171", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2022/34xxx/CVE-2022-34172.json b/2022/34xxx/CVE-2022-34172.json index ac10cec16c8..60d85284b65 100644 --- a/2022/34xxx/CVE-2022-34172.json +++ b/2022/34xxx/CVE-2022-34172.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2022-34172", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -60,6 +61,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781", "url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/06/22/3" } ] } diff --git a/2022/34xxx/CVE-2022-34173.json b/2022/34xxx/CVE-2022-34173.json index d02eca6fad3..11cfddbf860 100644 --- a/2022/34xxx/CVE-2022-34173.json +++ b/2022/34xxx/CVE-2022-34173.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2022-34173", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2022/34xxx/CVE-2022-34174.json b/2022/34xxx/CVE-2022-34174.json index 728e21037ae..4744f762643 100644 --- a/2022/34xxx/CVE-2022-34174.json +++ b/2022/34xxx/CVE-2022-34174.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2022-34174", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -60,6 +61,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2566", "url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2566", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/06/22/3" } ] } diff --git a/2022/34xxx/CVE-2022-34175.json b/2022/34xxx/CVE-2022-34175.json index e24878b32e6..5d3f0050869 100644 --- a/2022/34xxx/CVE-2022-34175.json +++ b/2022/34xxx/CVE-2022-34175.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2022-34175", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2022/34xxx/CVE-2022-34176.json b/2022/34xxx/CVE-2022-34176.json index d957ddc25a0..969aab73b48 100644 --- a/2022/34xxx/CVE-2022-34176.json +++ b/2022/34xxx/CVE-2022-34176.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2022-34176", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -60,6 +61,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2760", "url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2760", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/06/22/3" } ] } diff --git a/2022/34xxx/CVE-2022-34177.json b/2022/34xxx/CVE-2022-34177.json index 7d429952b32..7f2d0b50ce1 100644 --- a/2022/34xxx/CVE-2022-34177.json +++ b/2022/34xxx/CVE-2022-34177.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2022-34177", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2022/34xxx/CVE-2022-34178.json b/2022/34xxx/CVE-2022-34178.json index 5ac2d2c5f91..c7dd4da7ffb 100644 --- a/2022/34xxx/CVE-2022-34178.json +++ b/2022/34xxx/CVE-2022-34178.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2022-34178", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2022/34xxx/CVE-2022-34179.json b/2022/34xxx/CVE-2022-34179.json index 64bec7407f6..d7691a2a5f8 100644 --- a/2022/34xxx/CVE-2022-34179.json +++ b/2022/34xxx/CVE-2022-34179.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2022-34179", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -56,6 +57,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2792", "url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2792", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/06/22/3" } ] } diff --git a/2022/34xxx/CVE-2022-34180.json b/2022/34xxx/CVE-2022-34180.json index 6f04f88832d..e5782b0806b 100644 --- a/2022/34xxx/CVE-2022-34180.json +++ b/2022/34xxx/CVE-2022-34180.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2022-34180", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2022/34xxx/CVE-2022-34181.json b/2022/34xxx/CVE-2022-34181.json index 412fd883c81..fd520dcfd8a 100644 --- a/2022/34xxx/CVE-2022-34181.json +++ b/2022/34xxx/CVE-2022-34181.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2022-34181", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -56,6 +57,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2549", "url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2549", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/06/22/3" } ] } diff --git a/2022/34xxx/CVE-2022-34182.json b/2022/34xxx/CVE-2022-34182.json index e027d5d1fc6..687e07b07fc 100644 --- a/2022/34xxx/CVE-2022-34182.json +++ b/2022/34xxx/CVE-2022-34182.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2022-34182", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2022/34xxx/CVE-2022-34183.json b/2022/34xxx/CVE-2022-34183.json index d063d38ccea..0f85644087a 100644 --- a/2022/34xxx/CVE-2022-34183.json +++ b/2022/34xxx/CVE-2022-34183.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2022-34183", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -60,6 +61,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784", "url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/06/22/3" } ] } diff --git a/2022/34xxx/CVE-2022-34184.json b/2022/34xxx/CVE-2022-34184.json index 672af997500..b1f7e6f2e4d 100644 --- a/2022/34xxx/CVE-2022-34184.json +++ b/2022/34xxx/CVE-2022-34184.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2022-34184", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2022/34xxx/CVE-2022-34185.json b/2022/34xxx/CVE-2022-34185.json index 49dff03906f..3ed8a65b395 100644 --- a/2022/34xxx/CVE-2022-34185.json +++ b/2022/34xxx/CVE-2022-34185.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2022-34185", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2022/34xxx/CVE-2022-34186.json b/2022/34xxx/CVE-2022-34186.json index bd41dad3083..f7e4d7042f5 100644 --- a/2022/34xxx/CVE-2022-34186.json +++ b/2022/34xxx/CVE-2022-34186.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2022-34186", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2022/34xxx/CVE-2022-34187.json b/2022/34xxx/CVE-2022-34187.json index c4f0a099619..44a16e4cf8d 100644 --- a/2022/34xxx/CVE-2022-34187.json +++ b/2022/34xxx/CVE-2022-34187.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2022-34187", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2022/34xxx/CVE-2022-34188.json b/2022/34xxx/CVE-2022-34188.json index a6c05d061bd..fa2a611266c 100644 --- a/2022/34xxx/CVE-2022-34188.json +++ b/2022/34xxx/CVE-2022-34188.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2022-34188", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2022/34xxx/CVE-2022-34189.json b/2022/34xxx/CVE-2022-34189.json index 593bd694025..60f79e2dd49 100644 --- a/2022/34xxx/CVE-2022-34189.json +++ b/2022/34xxx/CVE-2022-34189.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2022-34189", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2022/34xxx/CVE-2022-34190.json b/2022/34xxx/CVE-2022-34190.json index 96d7e28723a..e2d438b2b00 100644 --- a/2022/34xxx/CVE-2022-34190.json +++ b/2022/34xxx/CVE-2022-34190.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2022-34190", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2022/34xxx/CVE-2022-34191.json b/2022/34xxx/CVE-2022-34191.json index c7ca1bdac88..fa6bd5e4489 100644 --- a/2022/34xxx/CVE-2022-34191.json +++ b/2022/34xxx/CVE-2022-34191.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2022-34191", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2022/34xxx/CVE-2022-34192.json b/2022/34xxx/CVE-2022-34192.json index 14392c029dc..bdd1606afaf 100644 --- a/2022/34xxx/CVE-2022-34192.json +++ b/2022/34xxx/CVE-2022-34192.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2022-34192", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -60,6 +61,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784", "url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/06/22/3" } ] } diff --git a/2022/34xxx/CVE-2022-34193.json b/2022/34xxx/CVE-2022-34193.json index eabcb83b01c..ce494f32a1f 100644 --- a/2022/34xxx/CVE-2022-34193.json +++ b/2022/34xxx/CVE-2022-34193.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2022-34193", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2022/34xxx/CVE-2022-34194.json b/2022/34xxx/CVE-2022-34194.json index 512fbf79288..2bd77564599 100644 --- a/2022/34xxx/CVE-2022-34194.json +++ b/2022/34xxx/CVE-2022-34194.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2022-34194", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -60,6 +61,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784", "url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/06/22/3" } ] } diff --git a/2022/34xxx/CVE-2022-34195.json b/2022/34xxx/CVE-2022-34195.json index ab67e358723..704e10636fa 100644 --- a/2022/34xxx/CVE-2022-34195.json +++ b/2022/34xxx/CVE-2022-34195.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2022-34195", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2022/34xxx/CVE-2022-34196.json b/2022/34xxx/CVE-2022-34196.json index 94dd9c59739..6d04e074e6e 100644 --- a/2022/34xxx/CVE-2022-34196.json +++ b/2022/34xxx/CVE-2022-34196.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2022-34196", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2022/34xxx/CVE-2022-34197.json b/2022/34xxx/CVE-2022-34197.json index bac7e51700d..28a4c464dfb 100644 --- a/2022/34xxx/CVE-2022-34197.json +++ b/2022/34xxx/CVE-2022-34197.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2022-34197", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2022/34xxx/CVE-2022-34198.json b/2022/34xxx/CVE-2022-34198.json index d161239a08c..c997c1053ec 100644 --- a/2022/34xxx/CVE-2022-34198.json +++ b/2022/34xxx/CVE-2022-34198.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2022-34198", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2022/34xxx/CVE-2022-34199.json b/2022/34xxx/CVE-2022-34199.json index 9a4ee63c0e5..5b031a8c7f6 100644 --- a/2022/34xxx/CVE-2022-34199.json +++ b/2022/34xxx/CVE-2022-34199.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2022-34199", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -60,6 +61,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2064", "url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2064", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/06/22/3" } ] } diff --git a/2022/34xxx/CVE-2022-34200.json b/2022/34xxx/CVE-2022-34200.json index 6b3101f78aa..e3161b0081d 100644 --- a/2022/34xxx/CVE-2022-34200.json +++ b/2022/34xxx/CVE-2022-34200.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2022-34200", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2022/34xxx/CVE-2022-34201.json b/2022/34xxx/CVE-2022-34201.json index 83bbe9e44af..45eba26b6ce 100644 --- a/2022/34xxx/CVE-2022-34201.json +++ b/2022/34xxx/CVE-2022-34201.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2022-34201", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -60,6 +61,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2276", "url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2276", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/06/22/3" } ] } diff --git a/2022/34xxx/CVE-2022-34202.json b/2022/34xxx/CVE-2022-34202.json index d965f1f8c9d..609cc7987b2 100644 --- a/2022/34xxx/CVE-2022-34202.json +++ b/2022/34xxx/CVE-2022-34202.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2022-34202", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2022/34xxx/CVE-2022-34203.json b/2022/34xxx/CVE-2022-34203.json index 99d19bee3e0..b97e08ffea7 100644 --- a/2022/34xxx/CVE-2022-34203.json +++ b/2022/34xxx/CVE-2022-34203.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2022-34203", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2022/34xxx/CVE-2022-34204.json b/2022/34xxx/CVE-2022-34204.json index 315f6d08be5..b8d207e2608 100644 --- a/2022/34xxx/CVE-2022-34204.json +++ b/2022/34xxx/CVE-2022-34204.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2022-34204", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2022/34xxx/CVE-2022-34205.json b/2022/34xxx/CVE-2022-34205.json index cf48ec65376..eace30e5182 100644 --- a/2022/34xxx/CVE-2022-34205.json +++ b/2022/34xxx/CVE-2022-34205.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2022-34205", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -60,6 +61,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2240", "url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2240", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/06/22/3" } ] } diff --git a/2022/34xxx/CVE-2022-34206.json b/2022/34xxx/CVE-2022-34206.json index 927a5b9524f..469b9e42b30 100644 --- a/2022/34xxx/CVE-2022-34206.json +++ b/2022/34xxx/CVE-2022-34206.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2022-34206", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -60,6 +61,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2240", "url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2240", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/06/22/3" } ] } diff --git a/2022/34xxx/CVE-2022-34207.json b/2022/34xxx/CVE-2022-34207.json index 16f7cef936d..90a453f8a0c 100644 --- a/2022/34xxx/CVE-2022-34207.json +++ b/2022/34xxx/CVE-2022-34207.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2022-34207", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -60,6 +61,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2248", "url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2248", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/06/22/3" } ] } diff --git a/2022/34xxx/CVE-2022-34208.json b/2022/34xxx/CVE-2022-34208.json index c79d93abe47..cd179e09e2b 100644 --- a/2022/34xxx/CVE-2022-34208.json +++ b/2022/34xxx/CVE-2022-34208.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2022-34208", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2022/34xxx/CVE-2022-34209.json b/2022/34xxx/CVE-2022-34209.json index 1e7ac9eba75..45dbeb44411 100644 --- a/2022/34xxx/CVE-2022-34209.json +++ b/2022/34xxx/CVE-2022-34209.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2022-34209", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2022/34xxx/CVE-2022-34210.json b/2022/34xxx/CVE-2022-34210.json index 98a8f0099f2..55e566d9578 100644 --- a/2022/34xxx/CVE-2022-34210.json +++ b/2022/34xxx/CVE-2022-34210.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2022-34210", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2022/34xxx/CVE-2022-34211.json b/2022/34xxx/CVE-2022-34211.json index 8ce63fcdbef..b72aeae37a6 100644 --- a/2022/34xxx/CVE-2022-34211.json +++ b/2022/34xxx/CVE-2022-34211.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2022-34211", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -60,6 +61,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2279", "url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2279", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20220622 Multiple vulnerabilities in Jenkins and Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/06/22/3" } ] } diff --git a/2022/34xxx/CVE-2022-34212.json b/2022/34xxx/CVE-2022-34212.json index 986d7ba2503..934ce1afde1 100644 --- a/2022/34xxx/CVE-2022-34212.json +++ b/2022/34xxx/CVE-2022-34212.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2022-34212", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2022/34xxx/CVE-2022-34213.json b/2022/34xxx/CVE-2022-34213.json index 429580932a9..be84fa79c8b 100644 --- a/2022/34xxx/CVE-2022-34213.json +++ b/2022/34xxx/CVE-2022-34213.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2022-34213", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2022/34xxx/CVE-2022-34295.json b/2022/34xxx/CVE-2022-34295.json new file mode 100644 index 00000000000..34a2759e657 --- /dev/null +++ b/2022/34xxx/CVE-2022-34295.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2022-34295", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "totd before 1.5.3 does not properly randomize mesg IDs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner", + "refsource": "MISC", + "name": "https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner" + }, + { + "url": "http://www.hit.bme.hu/~lencse/publications/JCST-Apr14-2.pdf", + "refsource": "MISC", + "name": "http://www.hit.bme.hu/~lencse/publications/JCST-Apr14-2.pdf" + }, + { + "url": "https://github.com/fwdillema/totd/commit/afd8a10a6a21f82a70940d1b43cff48143250399", + "refsource": "MISC", + "name": "https://github.com/fwdillema/totd/commit/afd8a10a6a21f82a70940d1b43cff48143250399" + }, + { + "url": "https://github.com/fwdillema/totd/releases/tag/1.5.3", + "refsource": "MISC", + "name": "https://github.com/fwdillema/totd/releases/tag/1.5.3" + } + ] + } +} \ No newline at end of file diff --git a/2022/34xxx/CVE-2022-34298.json b/2022/34xxx/CVE-2022-34298.json new file mode 100644 index 00000000000..1a6182640f4 --- /dev/null +++ b/2022/34xxx/CVE-2022-34298.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2022-34298", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NT auth module in OpenAM before 14.6.6 allows a \"replace Samba username attack.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/OpenIdentityPlatform/OpenAM/pull/514", + "refsource": "MISC", + "name": "https://github.com/OpenIdentityPlatform/OpenAM/pull/514" + }, + { + "url": "https://github.com/OpenIdentityPlatform/OpenAM/compare/14.6.5...14.6.6", + "refsource": "MISC", + "name": "https://github.com/OpenIdentityPlatform/OpenAM/compare/14.6.5...14.6.6" + }, + { + "url": "https://github.com/OpenIdentityPlatform/OpenAM/releases/tag/14.6.6", + "refsource": "MISC", + "name": "https://github.com/OpenIdentityPlatform/OpenAM/releases/tag/14.6.6" + } + ] + } +} \ No newline at end of file diff --git a/2022/34xxx/CVE-2022-34299.json b/2022/34xxx/CVE-2022-34299.json new file mode 100644 index 00000000000..3582130bad4 --- /dev/null +++ b/2022/34xxx/CVE-2022-34299.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2022-34299", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a heap-based buffer over-read in libdwarf 0.4.0. This issue is related to dwarf_global_formref_b." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/davea42/libdwarf-code/issues/119", + "refsource": "MISC", + "name": "https://github.com/davea42/libdwarf-code/issues/119" + }, + { + "url": "https://github.com/davea42/libdwarf-code/commit/7ef09e1fc9ba07653dd078edb2408631c7969162", + "refsource": "MISC", + "name": "https://github.com/davea42/libdwarf-code/commit/7ef09e1fc9ba07653dd078edb2408631c7969162" + } + ] + } +} \ No newline at end of file diff --git a/2022/34xxx/CVE-2022-34300.json b/2022/34xxx/CVE-2022-34300.json new file mode 100644 index 00000000000..209c087ea73 --- /dev/null +++ b/2022/34xxx/CVE-2022-34300.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2022-34300", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In tinyexr 1.0.1, there is a heap-based buffer over-read in tinyexr::DecodePixelData." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/syoyo/tinyexr/issues/167", + "refsource": "MISC", + "name": "https://github.com/syoyo/tinyexr/issues/167" + } + ] + } +} \ No newline at end of file diff --git a/2022/34xxx/CVE-2022-34307.json b/2022/34xxx/CVE-2022-34307.json new file mode 100644 index 00000000000..2032db13b75 --- /dev/null +++ b/2022/34xxx/CVE-2022-34307.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-34307", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/34xxx/CVE-2022-34311.json b/2022/34xxx/CVE-2022-34311.json new file mode 100644 index 00000000000..efb351fad78 --- /dev/null +++ b/2022/34xxx/CVE-2022-34311.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-34311", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/34xxx/CVE-2022-34315.json b/2022/34xxx/CVE-2022-34315.json new file mode 100644 index 00000000000..f2c1001617f --- /dev/null +++ b/2022/34xxx/CVE-2022-34315.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-34315", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/34xxx/CVE-2022-34317.json b/2022/34xxx/CVE-2022-34317.json new file mode 100644 index 00000000000..f92e7a45f3e --- /dev/null +++ b/2022/34xxx/CVE-2022-34317.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-34317", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/34xxx/CVE-2022-34320.json b/2022/34xxx/CVE-2022-34320.json new file mode 100644 index 00000000000..5236de6eb3e --- /dev/null +++ b/2022/34xxx/CVE-2022-34320.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-34320", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/34xxx/CVE-2022-34321.json b/2022/34xxx/CVE-2022-34321.json new file mode 100644 index 00000000000..fc6d463def0 --- /dev/null +++ b/2022/34xxx/CVE-2022-34321.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-34321", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file