From 2ebd777fdc2a70ec18b327835f5a9c1d9c1d8e2d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 20 Oct 2022 17:00:32 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2015/1xxx/CVE-2015-1197.json | 5 ++ 2020/9xxx/CVE-2020-9285.json | 48 ++++++++++++- 2021/28xxx/CVE-2021-28861.json | 5 ++ 2022/2xxx/CVE-2022-2069.json | 127 +++++++++++++++++++++++++++++++-- 2022/2xxx/CVE-2022-2852.json | 5 ++ 2022/2xxx/CVE-2022-2853.json | 5 ++ 2022/3xxx/CVE-2022-3577.json | 60 +++++++++++++++- 2022/41xxx/CVE-2022-41352.json | 5 ++ 2022/42xxx/CVE-2022-42233.json | 56 +++++++++++++-- 2022/42xxx/CVE-2022-42344.json | 90 +++++++++++++++++++++-- 10 files changed, 382 insertions(+), 24 deletions(-) diff --git a/2015/1xxx/CVE-2015-1197.json b/2015/1xxx/CVE-2015-1197.json index 32e69606f90..7adc21b9476 100644 --- a/2015/1xxx/CVE-2015-1197.json +++ b/2015/1xxx/CVE-2015-1197.json @@ -91,6 +91,11 @@ "name": "[Bug-cpio] 20150108 cpio: directory traversal vulnerability via symlinks", "refsource": "MLIST", "url": "https://lists.gnu.org/archive/html/bug-cpio/2015-01/msg00000.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/169458/Zimbra-Collaboration-Suite-TAR-Path-Traversal.html", + "url": "http://packetstormsecurity.com/files/169458/Zimbra-Collaboration-Suite-TAR-Path-Traversal.html" } ] } diff --git a/2020/9xxx/CVE-2020-9285.json b/2020/9xxx/CVE-2020-9285.json index 0fe1fcd1116..1588e549f06 100644 --- a/2020/9xxx/CVE-2020-9285.json +++ b/2020/9xxx/CVE-2020-9285.json @@ -5,13 +5,57 @@ "CVE_data_meta": { "ID": "CVE-2020-9285", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://tnpitsecurity.com/blog/gaining-root-on-sonos-speakers/", + "url": "https://tnpitsecurity.com/blog/gaining-root-on-sonos-speakers/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Some versions of Sonos One (1st and 2nd generation) allow partial or full memory access via attacker controlled hardware that can be attached to the Mini-PCI Express slot on the motherboard that hosts the WiFi card on the device." } ] } diff --git a/2021/28xxx/CVE-2021-28861.json b/2021/28xxx/CVE-2021-28861.json index 4a8bd4c42eb..e5b98a2a863 100644 --- a/2021/28xxx/CVE-2021-28861.json +++ b/2021/28xxx/CVE-2021-28861.json @@ -86,6 +86,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-a2be4bd5d8", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DISZAFSIQ7IAPAEQTC7G2Z5QUA2V2PSW/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-15f1aa7dc7", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QLE5INSVJUZJGY5OJXV6JREXWD7UDHYN/" } ] } diff --git a/2022/2xxx/CVE-2022-2069.json b/2022/2xxx/CVE-2022-2069.json index f1df0262f85..09176222776 100644 --- a/2022/2xxx/CVE-2022-2069.json +++ b/2022/2xxx/CVE-2022-2069.json @@ -1,18 +1,131 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2022-2069", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": " Datalogics APDFL library Heap-based Buffer Overflow" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "JT2Go", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "V13.3.0.5" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V13.3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "V13.3.0.5" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V14.0", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "V14.0.0.2" + } + ] + } + } + ] + }, + "vendor_name": "Siemens" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Siemens reported this vulnerability to CISA." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The APDFL.dll in Siemens JT2Go prior to V13.3.0.5 and Siemens Teamcenter Visualization prior to V14.0.0.2 contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process." } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": " CWE-122: Heap-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-829738.pdf", + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-829738.pdf" + }, + { + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-195-07", + "refsource": "CONFIRM", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-195-07" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Siemens recommends updating to the latest version:\nTeamcenter Visualization V13.3: Update to version 13.3.0.5 or later\nTeamcenter Visualization V14.0: Currently no fix available.\nJT2Go V13.3.0.5: Update to version 13.3.0.5 or later\n\nFor more information see Siemens Security Advisory SSA-829738" + } + ], + "source": { + "discovery": "INTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "Avoid opening untrusted files in JT2Go and Teamcenter Visualization\n\nAs a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u2019 and to follow the recommendations in the product manuals.\n\nAdditional information on industrial security by Siemens can be found on Siemens\u2019 Industrial Security webpage.\n\nFor more information see Siemens Security Advisory SSA-829738" + } + ] } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2852.json b/2022/2xxx/CVE-2022-2852.json index 98e6d8f53f7..ff9b13078ae 100644 --- a/2022/2xxx/CVE-2022-2852.json +++ b/2022/2xxx/CVE-2022-2852.json @@ -59,6 +59,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-3f28aa88cf", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/169457/Chrome-AccountSelectionBubbleView-OnAccountImageFetched-Heap-Use-After-Free.html", + "url": "http://packetstormsecurity.com/files/169457/Chrome-AccountSelectionBubbleView-OnAccountImageFetched-Heap-Use-After-Free.html" } ] }, diff --git a/2022/2xxx/CVE-2022-2853.json b/2022/2xxx/CVE-2022-2853.json index 167fb6a2bc2..f492c0c415e 100644 --- a/2022/2xxx/CVE-2022-2853.json +++ b/2022/2xxx/CVE-2022-2853.json @@ -59,6 +59,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-3f28aa88cf", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/169459/Chrome-offline_items_collection-OfflineContentAggregator-OnItemRemoved-Heap-Buffer-Overflow.html", + "url": "http://packetstormsecurity.com/files/169459/Chrome-offline_items_collection-OfflineContentAggregator-OnItemRemoved-Heap-Buffer-Overflow.html" } ] }, diff --git a/2022/3xxx/CVE-2022-3577.json b/2022/3xxx/CVE-2022-3577.json index bdd0154d07a..aa81b63a9bd 100644 --- a/2022/3xxx/CVE-2022-3577.json +++ b/2022/3xxx/CVE-2022-3577.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3577", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "Linux kernel 5.19-rc1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-401" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fc4ef9d5724973193bfa5ebed181dba6de3a56db", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fc4ef9d5724973193bfa5ebed181dba6de3a56db" + }, + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git/commit/?h=char-misc-next&id=9d64d2405f7d30d49818f6682acd0392348f0fdb", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git/commit/?h=char-misc-next&id=9d64d2405f7d30d49818f6682acd0392348f0fdb" + }, + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=945a9a8e448b65bec055d37eba58f711b39f66f0", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=945a9a8e448b65bec055d37eba58f711b39f66f0" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds memory write flaw was found in the Linux kernel\u2019s Kid-friendly Wired Controller driver. This flaw allows a local user to crash or potentially escalate their privileges on the system. It is in bigben_probe of drivers/hid/hid-bigbenff.c. The reason is incorrect assumption - bigben devices all have inputs. However, malicious devices can break this assumption, leaking to out-of-bound write." } ] } diff --git a/2022/41xxx/CVE-2022-41352.json b/2022/41xxx/CVE-2022-41352.json index 8122c0b985b..4ca9a6f8d37 100644 --- a/2022/41xxx/CVE-2022-41352.json +++ b/2022/41xxx/CVE-2022-41352.json @@ -66,6 +66,11 @@ "url": "https://forums.zimbra.org/viewtopic.php?t=71153&p=306532", "refsource": "MISC", "name": "https://forums.zimbra.org/viewtopic.php?t=71153&p=306532" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/169458/Zimbra-Collaboration-Suite-TAR-Path-Traversal.html", + "url": "http://packetstormsecurity.com/files/169458/Zimbra-Collaboration-Suite-TAR-Path-Traversal.html" } ] } diff --git a/2022/42xxx/CVE-2022-42233.json b/2022/42xxx/CVE-2022-42233.json index 947a36484dd..fa31c4a6566 100644 --- a/2022/42xxx/CVE-2022-42233.json +++ b/2022/42xxx/CVE-2022-42233.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-42233", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-42233", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda 11N with firmware version V5.07.33_cn suffers from an Authentication Bypass vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/D0ngsec/vulns/blob/main/Tenda/Tenda_11N_Authentication_Bypass.md", + "refsource": "MISC", + "name": "https://github.com/D0ngsec/vulns/blob/main/Tenda/Tenda_11N_Authentication_Bypass.md" } ] } diff --git a/2022/42xxx/CVE-2022-42344.json b/2022/42xxx/CVE-2022-42344.json index 7eee99848c1..5ac6f4140e1 100644 --- a/2022/42xxx/CVE-2022-42344.json +++ b/2022/42xxx/CVE-2022-42344.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "NoneT23:00:00.000Z", "ID": "CVE-2022-42344", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "[CVE-2021-36032] Magento IDOR Leads to Account Takeover" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Magento Commerce", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2.4.4" + }, + { + "version_affected": "<=", + "version_value": "2.3.7-p3" + }, + { + "version_affected": "<=", + "version_value": "2.4.3-p2" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the `V1/customers/me` endpoint to achieve information exposure and privilege escalation." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "High", + "baseScore": 8.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "Low", + "scope": "Unchanged", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation (CWE-20)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/magento/apsb22-38.html", + "name": "https://helpx.adobe.com/security/products/magento/apsb22-38.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file