admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-09-28 10:00:37 +00:00
parent 51ade69b8d
commit 325dd3d755
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
4 changed files with 408 additions and 324 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

188
2022/32xxx/CVE-2022-32166.json
View File

@ -1,87 +1,109 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vulnerabilitylab@mend.io",
"ID" : "CVE-2022-32166",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "Jun 1, 2022, 4:32:50 AM",
"TITLE" : "ovs - buffer over-read"
},
"affects" : {
"vendor" : {
"vendor_data" : [ {
"vendor_name" : "ovs",
"product" : {
"product_data" : [ {
"product_name" : "ovs",
"version" : {
"version_data" : [ {
"version_value" : "v0.90.0",
"version_affected" : ">="
}, {
"version_value" : "v2.5.0",
"version_affected" : "<="
} ]
}
} ]
"CVE_data_meta": {
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"ID": "CVE-2022-32166",
"STATE": "PUBLIC",
"DATE_PUBLIC": "Jun 1, 2022, 4:32:50 AM",
"TITLE": "ovs - buffer over-read"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ovs",
"product": {
"product_data": [
{
"product_name": "ovs",
"version": {
"version_data": [
{
"version_value": "v0.90.0",
"version_affected": ">="
},
{
"version_value": "v2.5.0",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
} ]
},
"credit": [
{
"lang": "eng",
"value": "Mend Vulnerability Research Team (MVR)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of \u201cminimasks\u201d function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": 3.1,
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.mend.io/vulnerability-database/CVE-2022-32166",
"name": "https://www.mend.io/vulnerability-database/CVE-2022-32166"
},
{
"refsource": "MISC",
"url": "https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73",
"name": "https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update version to v2.5.1 or later"
}
],
"source": {
"advisory": "https://www.mend.io/vulnerability-database/",
"discovery": "UNKNOWN"
}
},
"credit" : [ {
"lang" : "eng",
"value" : "Mend Vulnerability Research Team (MVR)"
} ],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [ {
"lang" : "eng",
"value" : "In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution."
} ]
},
"generator" : {
"engine" : "Vulnogram 0.0.9"
},
"impact" : {
"cvss" : {
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"version" : 3.1,
"baseScore" : 8.8,
"baseSeverity" : "HIGH"
}
},
"references" : {
"reference_data" : [ {
"refsource" : "MISC",
"url" : "https://www.mend.io/vulnerability-database/CVE-2022-32166"
}, {
"refsource" : "CONFIRM",
"url" : "https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73"
} ]
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "eng",
"value" : "CWE-125 Out-of-bounds Read"
} ]
} ]
},
"solution" : [ {
"lang" : "eng",
"value" : "Update version to v2.5.1 or later"
} ],
"source" : {
"advisory" : "https://www.mend.io/vulnerability-database/",
"discovery" : "UNKNOWN"
}
}

188
2022/32xxx/CVE-2022-32168.json
View File

@ -1,87 +1,109 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vulnerabilitylab@mend.io",
"ID" : "CVE-2022-32168",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "Sep 21, 2022, 12:00:00 AM",
"TITLE" : "notepad-plus-plus - DLL Hijacking "
},
"affects" : {
"vendor" : {
"vendor_data" : [ {
"vendor_name" : "notepad-plus-plus",
"product" : {
"product_data" : [ {
"product_name" : "notepad-plus-plus",
"version" : {
"version_data" : [ {
"version_value" : "v8.3",
"version_affected" : ">="
}, {
"version_value" : "v8.4.4",
"version_affected" : "<="
} ]
}
} ]
"CVE_data_meta": {
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"ID": "CVE-2022-32168",
"STATE": "PUBLIC",
"DATE_PUBLIC": "Sep 21, 2022, 12:00:00 AM",
"TITLE": "notepad-plus-plus - DLL Hijacking "
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "notepad-plus-plus",
"product": {
"product_data": [
{
"product_name": "notepad-plus-plus",
"version": {
"version_data": [
{
"version_value": "v8.3",
"version_affected": ">="
},
{
"version_value": "v8.4.4",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
} ]
},
"credit": [
{
"lang": "eng",
"value": "Mend Vulnerability Research Team (MVR)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"version": 3.1,
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.mend.io/vulnerability-database/CVE-2022-32168",
"name": "https://www.mend.io/vulnerability-database/CVE-2022-32168"
},
{
"refsource": "MISC",
"url": "https://github.com/notepad-plus-plus/notepad-plus-plus/commit/85d7215d9b3e0d5a8433fc31aec4f2966821051e",
"name": "https://github.com/notepad-plus-plus/notepad-plus-plus/commit/85d7215d9b3e0d5a8433fc31aec4f2966821051e"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427 Uncontrolled Search Path Element"
}
]
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update version to v8.4.5 or later"
}
],
"source": {
"advisory": "https://www.mend.io/vulnerability-database/",
"discovery": "UNKNOWN"
}
},
"credit" : [ {
"lang" : "eng",
"value" : "Mend Vulnerability Research Team (MVR)"
} ],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [ {
"lang" : "eng",
"value" : "Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++."
} ]
},
"generator" : {
"engine" : "Vulnogram 0.0.9"
},
"impact" : {
"cvss" : {
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"attackComplexity" : "LOW",
"attackVector" : "LOCAL",
"availabilityImpact" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "HIGH",
"scope" : "UNCHANGED",
"userInteraction" : "REQUIRED",
"version" : 3.1,
"baseScore" : 6.5,
"baseSeverity" : "MEDIUM"
}
},
"references" : {
"reference_data" : [ {
"refsource" : "MISC",
"url" : "https://www.mend.io/vulnerability-database/CVE-2022-32168"
}, {
"refsource" : "CONFIRM",
"url" : "https://github.com/notepad-plus-plus/notepad-plus-plus/commit/85d7215d9b3e0d5a8433fc31aec4f2966821051e"
} ]
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "eng",
"value" : "CWE-427 Uncontrolled Search Path Element"
} ]
} ]
},
"solution" : [ {
"lang" : "eng",
"value" : "Update version to v8.4.5 or later"
} ],
"source" : {
"advisory" : "https://www.mend.io/vulnerability-database/",
"discovery" : "UNKNOWN"
}
}

178
2022/32xxx/CVE-2022-32169.json
View File

@ -1,83 +1,103 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vulnerabilitylab@mend.io",
"ID" : "CVE-2022-32169",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "Sep 21, 2022, 12:00:00 AM",
"TITLE" : "bytebase - Improper Authorization"
},
"affects" : {
"vendor" : {
"vendor_data" : [ {
"vendor_name" : "bytebase",
"product" : {
"product_data" : [ {
"product_name" : "bytebase",
"version" : {
"version_data" : [ {
"version_value" : "0.1.0",
"version_affected" : ">="
}, {
"version_value" : "1.0.4",
"version_affected" : "<="
} ]
}
} ]
"CVE_data_meta": {
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"ID": "CVE-2022-32169",
"STATE": "PUBLIC",
"DATE_PUBLIC": "Sep 21, 2022, 12:00:00 AM",
"TITLE": "bytebase - Improper Authorization"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "bytebase",
"product": {
"product_data": [
{
"product_name": "bytebase",
"version": {
"version_data": [
{
"version_value": "0.1.0",
"version_affected": ">="
},
{
"version_value": "1.0.4",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
} ]
},
"credit": [
{
"lang": "eng",
"value": "Mend Vulnerability Research Team (MVR)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \u201cBytebase\u201d application does not restrict low privilege user to access \u201cadmin issues\u201c for which an unauthorized user can view the \u201cOPEN\u201d and \u201cCLOSED\u201d issues by \u201cAdmin\u201d and the affected endpoint is \u201c/issue\u201d."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": 3.1,
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.mend.io/vulnerability-database/CVE-2022-32169",
"name": "https://www.mend.io/vulnerability-database/CVE-2022-32169"
},
{
"refsource": "MISC",
"url": "https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/issue.ts#L108-#L187",
"name": "https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/issue.ts#L108-#L187"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"source": {
"advisory": "https://www.mend.io/vulnerability-database/",
"discovery": "UNKNOWN"
}
},
"credit" : [ {
"lang" : "eng",
"value" : "Mend Vulnerability Research Team (MVR)"
} ],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [ {
"lang" : "eng",
"value" : "The “Bytebase” application does not restrict low privilege user to access “admin issues“ for which an unauthorized user can view the “OPEN” and “CLOSED” issues by “Admin” and the affected endpoint is “/issue”."
} ]
},
"generator" : {
"engine" : "Vulnogram 0.0.9"
},
"impact" : {
"cvss" : {
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"confidentialityImpact" : "LOW",
"integrityImpact" : "NONE",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"version" : 3.1,
"baseScore" : 4.3,
"baseSeverity" : "MEDIUM"
}
},
"references" : {
"reference_data" : [ {
"refsource" : "MISC",
"url" : "https://www.mend.io/vulnerability-database/CVE-2022-32169"
}, {
"refsource" : "CONFIRM",
"url" : "https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/issue.ts#L108-#L187"
} ]
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "eng",
"value" : "CWE-285 Improper Authorization"
} ]
} ]
},
"source" : {
"advisory" : "https://www.mend.io/vulnerability-database/",
"discovery" : "UNKNOWN"
}
}

178
2022/32xxx/CVE-2022-32170.json
View File

@ -1,83 +1,103 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vulnerabilitylab@mend.io",
"ID" : "CVE-2022-32170",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "Sep 21, 2022, 12:00:00 AM",
"TITLE" : "bytebase - Improper Authorization"
},
"affects" : {
"vendor" : {
"vendor_data" : [ {
"vendor_name" : "bytebase",
"product" : {
"product_data" : [ {
"product_name" : "bytebase",
"version" : {
"version_data" : [ {
"version_value" : "0.1.0",
"version_affected" : ">="
}, {
"version_value" : "1.0.4",
"version_affected" : "<="
} ]
}
} ]
"CVE_data_meta": {
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"ID": "CVE-2022-32170",
"STATE": "PUBLIC",
"DATE_PUBLIC": "Sep 21, 2022, 12:00:00 AM",
"TITLE": "bytebase - Improper Authorization"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "bytebase",
"product": {
"product_data": [
{
"product_name": "bytebase",
"version": {
"version_data": [
{
"version_value": "0.1.0",
"version_affected": ">="
},
{
"version_value": "1.0.4",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
} ]
},
"credit": [
{
"lang": "eng",
"value": "Mend Vulnerability Research Team (MVR)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \u201cBytebase\u201d application does not restrict low privilege user to access admin \u201cprojects\u201c for which an unauthorized user can view the \u201cprojects\u201c created by \u201cAdmin\u201d and the affected endpoint is \u201c/api/project?user=${userId}\u201d."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": 3.1,
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.mend.io/vulnerability-database/CVE-2022-32170",
"name": "https://www.mend.io/vulnerability-database/CVE-2022-32170"
},
{
"refsource": "MISC",
"url": "https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/project.ts#L166-#L197",
"name": "https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/project.ts#L166-#L197"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"source": {
"advisory": "https://www.mend.io/vulnerability-database/",
"discovery": "UNKNOWN"
}
},
"credit" : [ {
"lang" : "eng",
"value" : "Mend Vulnerability Research Team (MVR)"
} ],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [ {
"lang" : "eng",
"value" : "The “Bytebase” application does not restrict low privilege user to access admin “projects“ for which an unauthorized user can view the “projects“ created by “Admin” and the affected endpoint is “/api/project?user=${userId}”."
} ]
},
"generator" : {
"engine" : "Vulnogram 0.0.9"
},
"impact" : {
"cvss" : {
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"confidentialityImpact" : "LOW",
"integrityImpact" : "NONE",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"version" : 3.1,
"baseScore" : 4.3,
"baseSeverity" : "MEDIUM"
}
},
"references" : {
"reference_data" : [ {
"refsource" : "MISC",
"url" : "https://www.mend.io/vulnerability-database/CVE-2022-32170"
}, {
"refsource" : "CONFIRM",
"url" : "https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/project.ts#L166-#L197"
} ]
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "eng",
"value" : "CWE-285 Improper Authorization"
} ]
} ]
},
"source" : {
"advisory" : "https://www.mend.io/vulnerability-database/",
"discovery" : "UNKNOWN"
}
}