admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-10-20 17:00:32 +00:00
parent 76a4b29cc1
commit 2ebd777fdc
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
10 changed files with 382 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2015/1xxx/CVE-2015-1197.json
View File

@ -91,6 +91,11 @@
"name": "[Bug-cpio] 20150108 cpio: directory traversal vulnerability via symlinks",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/bug-cpio/2015-01/msg00000.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/169458/Zimbra-Collaboration-Suite-TAR-Path-Traversal.html",
"url": "http://packetstormsecurity.com/files/169458/Zimbra-Collaboration-Suite-TAR-Path-Traversal.html"
}
]
}

48
2020/9xxx/CVE-2020-9285.json
View File

@ -5,13 +5,57 @@
"CVE_data_meta": {
"ID": "CVE-2020-9285",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://tnpitsecurity.com/blog/gaining-root-on-sonos-speakers/",
"url": "https://tnpitsecurity.com/blog/gaining-root-on-sonos-speakers/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Some versions of Sonos One (1st and 2nd generation) allow partial or full memory access via attacker controlled hardware that can be attached to the Mini-PCI Express slot on the motherboard that hosts the WiFi card on the device."
}
]
}

5
2021/28xxx/CVE-2021-28861.json
View File

@ -86,6 +86,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2022-a2be4bd5d8",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DISZAFSIQ7IAPAEQTC7G2Z5QUA2V2PSW/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-15f1aa7dc7",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QLE5INSVJUZJGY5OJXV6JREXWD7UDHYN/"
}
]
}

127
2022/2xxx/CVE-2022-2069.json
View File

@ -1,18 +1,131 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2022-2069",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": " Datalogics APDFL library Heap-based Buffer Overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "V13.3.0.5"
}
]
}
},
{
"product_name": "Teamcenter Visualization V13.3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "V13.3.0.5"
}
]
}
},
{
"product_name": "Teamcenter Visualization V14.0",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "V14.0.0.2"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Siemens reported this vulnerability to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The APDFL.dll in Siemens JT2Go prior to V13.3.0.5 and Siemens Teamcenter Visualization prior to V14.0.0.2 contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process."
}
]
}
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": " CWE-122: Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-829738.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-829738.pdf"
},
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-195-07",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-195-07"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Siemens recommends updating to the latest version:\nTeamcenter Visualization V13.3: Update to version 13.3.0.5 or later\nTeamcenter Visualization V14.0: Currently no fix available.\nJT2Go V13.3.0.5: Update to version 13.3.0.5 or later\n\nFor more information see Siemens Security Advisory SSA-829738"
}
],
"source": {
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Avoid opening untrusted files in JT2Go and Teamcenter Visualization\n\nAs a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u2019 and to follow the recommendations in the product manuals.\n\nAdditional information on industrial security by Siemens can be found on Siemens\u2019 Industrial Security webpage.\n\nFor more information see Siemens Security Advisory SSA-829738"
}
]
}

5
2022/2xxx/CVE-2022-2852.json
View File

@ -59,6 +59,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2022-3f28aa88cf",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/169457/Chrome-AccountSelectionBubbleView-OnAccountImageFetched-Heap-Use-After-Free.html",
"url": "http://packetstormsecurity.com/files/169457/Chrome-AccountSelectionBubbleView-OnAccountImageFetched-Heap-Use-After-Free.html"
}
]
},

5
2022/2xxx/CVE-2022-2853.json
View File

@ -59,6 +59,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2022-3f28aa88cf",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/169459/Chrome-offline_items_collection-OfflineContentAggregator-OnItemRemoved-Heap-Buffer-Overflow.html",
"url": "http://packetstormsecurity.com/files/169459/Chrome-offline_items_collection-OfflineContentAggregator-OnItemRemoved-Heap-Buffer-Overflow.html"
}
]
},

60
2022/3xxx/CVE-2022-3577.json
View File

@ -4,14 +4,68 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3577",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Kernel",
"version": {
"version_data": [
{
"version_value": "Linux kernel 5.19-rc1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fc4ef9d5724973193bfa5ebed181dba6de3a56db",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fc4ef9d5724973193bfa5ebed181dba6de3a56db"
},
{
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git/commit/?h=char-misc-next&id=9d64d2405f7d30d49818f6682acd0392348f0fdb",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git/commit/?h=char-misc-next&id=9d64d2405f7d30d49818f6682acd0392348f0fdb"
},
{
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=945a9a8e448b65bec055d37eba58f711b39f66f0",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=945a9a8e448b65bec055d37eba58f711b39f66f0"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An out-of-bounds memory write flaw was found in the Linux kernel\u2019s Kid-friendly Wired Controller driver. This flaw allows a local user to crash or potentially escalate their privileges on the system. It is in bigben_probe of drivers/hid/hid-bigbenff.c. The reason is incorrect assumption - bigben devices all have inputs. However, malicious devices can break this assumption, leaking to out-of-bound write."
}
]
}

5
2022/41xxx/CVE-2022-41352.json
View File

@ -66,6 +66,11 @@
"url": "https://forums.zimbra.org/viewtopic.php?t=71153&p=306532",
"refsource": "MISC",
"name": "https://forums.zimbra.org/viewtopic.php?t=71153&p=306532"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/169458/Zimbra-Collaboration-Suite-TAR-Path-Traversal.html",
"url": "http://packetstormsecurity.com/files/169458/Zimbra-Collaboration-Suite-TAR-Path-Traversal.html"
}
]
}

56
2022/42xxx/CVE-2022-42233.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42233",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-42233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tenda 11N with firmware version V5.07.33_cn suffers from an Authentication Bypass vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/D0ngsec/vulns/blob/main/Tenda/Tenda_11N_Authentication_Bypass.md",
"refsource": "MISC",
"name": "https://github.com/D0ngsec/vulns/blob/main/Tenda/Tenda_11N_Authentication_Bypass.md"
}
]
}

90
2022/42xxx/CVE-2022-42344.json
View File

@ -1,18 +1,96 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "NoneT23:00:00.000Z",
"ID": "CVE-2022-42344",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "[CVE-2021-36032] Magento IDOR Leads to Account Takeover"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Magento Commerce",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "2.4.4"
},
{
"version_affected": "<=",
"version_value": "2.3.7-p3"
},
{
"version_affected": "<=",
"version_value": "2.4.3-p2"
},
{
"version_affected": "<=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the `V1/customers/me` endpoint to achieve information exposure and privilege escalation."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Network",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation (CWE-20)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/magento/apsb22-38.html",
"name": "https://helpx.adobe.com/security/products/magento/apsb22-38.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}