diff --git a/2016/10xxx/CVE-2016-10228.json b/2016/10xxx/CVE-2016-10228.json index b82f1f800bb..658ee6b856c 100644 --- a/2016/10xxx/CVE-2016-10228.json +++ b/2016/10xxx/CVE-2016-10228.json @@ -91,6 +91,11 @@ "refsource": "CONFIRM", "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=26224", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=26224" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html" } ] } diff --git a/2017/20xxx/CVE-2017-20149.json b/2017/20xxx/CVE-2017-20149.json new file mode 100644 index 00000000000..a7a4549bc02 --- /dev/null +++ b/2017/20xxx/CVE-2017-20149.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-20149", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use this vulnerability to execute arbitrary code on the affected system, as exploited in the wild in mid-2017 and later." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/BigNerd95/Chimay-Red", + "refsource": "MISC", + "name": "https://github.com/BigNerd95/Chimay-Red" + }, + { + "url": "https://www.bleepingcomputer.com/news/security/hajime-botnet-makes-a-comeback-with-massive-scan-for-mikrotik-routers/", + "refsource": "MISC", + "name": "https://www.bleepingcomputer.com/news/security/hajime-botnet-makes-a-comeback-with-massive-scan-for-mikrotik-routers/" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7517.json b/2017/7xxx/CVE-2017-7517.json index 079413135d9..cf68b9a5062 100644 --- a/2017/7xxx/CVE-2017-7517.json +++ b/2017/7xxx/CVE-2017-7517.json @@ -1,17 +1,66 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-7517", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-7517", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Hawkular Metrics", + "version": { + "version_data": [ + { + "version_value": "Hawkular Metrics as shipped in Red Hat Openshift 3.x" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1470414", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470414" + }, + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2017-7517", + "url": "https://access.redhat.com/security/cve/CVE-2017-7517" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift. If a user creates a project called \"MyProject\", and then later deletes it another user can then create a project called \"MyProject\" and access the metrics stored from the original \"MyProject\" instance." } ] } diff --git a/2018/17xxx/CVE-2018-17954.json b/2018/17xxx/CVE-2018-17954.json index 5b9bc388c7f..a95fc5c3c43 100644 --- a/2018/17xxx/CVE-2018-17954.json +++ b/2018/17xxx/CVE-2018-17954.json @@ -92,7 +92,7 @@ "description_data": [ { "lang": "eng", - "value": "A Least Privilege Violation vulnerability in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue affects: SUSE OpenStack Cloud 7 crowbar-core versions prior to 4.0+git.1578392992.fabfd186c-9.63.1, crowbar-. SUSE OpenStack Cloud 8 ardana-cinder versions prior to 8.0+git.1579279939.ee7da88-3.39.3, ardana-. SUSE OpenStack Cloud 9 ardana-ansible versions prior to 9.0+git.1581611758.f694f7d-3.16.1, ardana-. SUSE OpenStack Cloud Crowbar 8 crowbar-core versions prior to 5.0+git.1582968668.1a55c77c5-3.35.4, crowbar-. SUSE OpenStack Cloud Crowbar 9 crowbar-core versions prior to 6.0+git.1582892022.cbd70e833-3.19.3, crowbar-." + "value": "An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue affects: SUSE OpenStack Cloud 7 crowbar-core versions prior to 4.0+git.1578392992.fabfd186c-9.63.1, crowbar-. SUSE OpenStack Cloud 8 ardana-cinder versions prior to 8.0+git.1579279939.ee7da88-3.39.3, ardana-. SUSE OpenStack Cloud 9 ardana-ansible versions prior to 9.0+git.1581611758.f694f7d-3.16.1, ardana-. SUSE OpenStack Cloud Crowbar 8 crowbar-core versions prior to 5.0+git.1582968668.1a55c77c5-3.35.4, crowbar-. SUSE OpenStack Cloud Crowbar 9 crowbar-core versions prior to 6.0+git.1582892022.cbd70e833-3.19.3, crowbar-." } ] }, @@ -121,7 +121,7 @@ "description": [ { "lang": "eng", - "value": "CWE-272: Least Privilege Violation" + "value": "CWE-269: Improper Privilege Management" } ] } @@ -143,4 +143,4 @@ ], "discovery": "INTERNAL" } -} \ No newline at end of file +} diff --git a/2018/17xxx/CVE-2018-17956.json b/2018/17xxx/CVE-2018-17956.json index c979017d5c1..10f58eb5151 100644 --- a/2018/17xxx/CVE-2018-17956.json +++ b/2018/17xxx/CVE-2018-17956.json @@ -69,7 +69,7 @@ "description": [ { "lang": "eng", - "value": "CWE-214" + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor" } ] } @@ -91,4 +91,4 @@ ], "discovery": "INTERNAL" } -} \ No newline at end of file +} diff --git a/2019/14xxx/CVE-2019-14840.json b/2019/14xxx/CVE-2019-14840.json new file mode 100644 index 00000000000..4cd79535cbf --- /dev/null +++ b/2019/14xxx/CVE-2019-14840.json @@ -0,0 +1,67 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-14840", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Business-central", + "version": { + "version_data": [ + { + "version_value": "Business-central as shipped in RHDM 7 and RHPAM 7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-522" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1748185", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1748185" + }, + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2019-14840", + "url": "https://access.redhat.com/security/cve/CVE-2019-14840" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw was found in the RHDM, where sensitive HTML form fields like Password has auto-complete enabled which may lead to leak of credentials." + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14841.json b/2019/14xxx/CVE-2019-14841.json new file mode 100644 index 00000000000..078f85ddc0c --- /dev/null +++ b/2019/14xxx/CVE-2019-14841.json @@ -0,0 +1,67 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-14841", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Business-central", + "version": { + "version_data": [ + { + "version_value": "Business-central as shipped in RHDM 7 and RHPAM 7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-281" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1744801", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1744801" + }, + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2019-14841", + "url": "https://access.redhat.com/security/cve/CVE-2019-14841" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw allows an attacker to gain admin privileges in the Business Central Console." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18899.json b/2019/18xxx/CVE-2019-18899.json index b7f4abd002d..0fc770a0d38 100644 --- a/2019/18xxx/CVE-2019-18899.json +++ b/2019/18xxx/CVE-2019-18899.json @@ -73,7 +73,7 @@ "description": [ { "lang": "eng", - "value": "CWE-250: Execution with Unnecessary Privileges" + "value": "CWE-269: Improper Privilege Management" } ] } @@ -81,11 +81,6 @@ }, "references": { "reference_data": [ - { - "name": "https://bugzilla.suse.com/show_bug.cgi?id=1157703", - "refsource": "CONFIRM", - "url": "https://bugzilla.suse.com/show_bug.cgi?id=1157703" - }, { "refsource": "SUSE", "name": "openSUSE-SU-2020:0124", @@ -95,6 +90,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0146", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00065.html" + }, + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1157703", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1157703" } ] }, diff --git a/2019/18xxx/CVE-2019-18906.json b/2019/18xxx/CVE-2019-18906.json index 195c5e5a6f9..d28d180eeef 100644 --- a/2019/18xxx/CVE-2019-18906.json +++ b/2019/18xxx/CVE-2019-18906.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A Use of Password Hash Instead of Password for Authentication vulnerability in cryptctl of SUSE Linux Enterprise Server for SAP 12-SP5, SUSE Manager Server 4.0 allows attackers with access to the hashed password to use it without having to crack it. This issue affects: SUSE Linux Enterprise Server for SAP 12-SP5 cryptctl versions prior to 2.4. SUSE Manager Server 4.0 cryptctl versions prior to 2.4." + "value": "A Improper Authentication vulnerability in cryptctl of SUSE Linux Enterprise Server for SAP 12-SP5, SUSE Manager Server 4.0 allows attackers with access to the hashed password to use it without having to crack it. This issue affects: SUSE Linux Enterprise Server for SAP 12-SP5 cryptctl versions prior to 2.4. SUSE Manager Server 4.0 cryptctl versions prior to 2.4." } ] }, @@ -85,7 +85,7 @@ "description": [ { "lang": "eng", - "value": "CWE-836: Use of Password Hash Instead of Password for Authentication" + "value": "CWE-287: Improper Authentication" } ] } @@ -107,4 +107,4 @@ ], "discovery": "INTERNAL" } -} \ No newline at end of file +} diff --git a/2019/19xxx/CVE-2019-19126.json b/2019/19xxx/CVE-2019-19126.json index 86dd2a7a1c2..487ed0db7f1 100644 --- a/2019/19xxx/CVE-2019-19126.json +++ b/2019/19xxx/CVE-2019-19126.json @@ -71,6 +71,11 @@ "refsource": "UBUNTU", "name": "USN-4416-1", "url": "https://usn.ubuntu.com/4416-1/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html" } ] } diff --git a/2019/25xxx/CVE-2019-25013.json b/2019/25xxx/CVE-2019-25013.json index 32aedebf292..41aaf0cb727 100644 --- a/2019/25xxx/CVE-2019-25013.json +++ b/2019/25xxx/CVE-2019-25013.json @@ -131,6 +131,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20210205-0004/", "url": "https://security.netapp.com/advisory/ntap-20210205-0004/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html" } ] } diff --git a/2020/10xxx/CVE-2020-10029.json b/2020/10xxx/CVE-2020-10029.json index af520bdd9f6..f3d54e102fa 100644 --- a/2020/10xxx/CVE-2020-10029.json +++ b/2020/10xxx/CVE-2020-10029.json @@ -96,6 +96,11 @@ "refsource": "UBUNTU", "name": "USN-4416-1", "url": "https://usn.ubuntu.com/4416-1/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html" } ] } diff --git a/2020/10xxx/CVE-2020-10735.json b/2020/10xxx/CVE-2020-10735.json index 1cb5f88cf1a..b7c5501b419 100644 --- a/2020/10xxx/CVE-2020-10735.json +++ b/2020/10xxx/CVE-2020-10735.json @@ -148,6 +148,16 @@ "refsource": "FEDORA", "name": "FEDORA-2022-ac82a548df", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZEOAJWGGY55QU35UM2OVZATBW5MX2OZD/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-d4570fc1a6", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NHC6IUU7CLRQ3QLPWUXLONSG3SXFTR47/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-b8b34e62ab", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TD7JDDKJXK6D26XAN3YRFNM2LAJHT5UO/" } ] }, diff --git a/2020/14xxx/CVE-2020-14339.json b/2020/14xxx/CVE-2020-14339.json index eec43a4bfa8..ae764f4876c 100644 --- a/2020/14xxx/CVE-2020-14339.json +++ b/2020/14xxx/CVE-2020-14339.json @@ -53,6 +53,11 @@ "refsource": "GENTOO", "name": "GLSA-202101-22", "url": "https://security.gentoo.org/glsa/202101-22" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-06", + "url": "https://security.gentoo.org/glsa/202210-06" } ] }, diff --git a/2020/1xxx/CVE-2020-1752.json b/2020/1xxx/CVE-2020-1752.json index 9e7ee5fff69..2bbfdde8931 100644 --- a/2020/1xxx/CVE-2020-1752.json +++ b/2020/1xxx/CVE-2020-1752.json @@ -86,6 +86,11 @@ "refsource": "MLIST", "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html" } ] }, diff --git a/2020/1xxx/CVE-2020-1968.json b/2020/1xxx/CVE-2020-1968.json index 0547a73ff75..b8520f97d63 100644 --- a/2020/1xxx/CVE-2020-1968.json +++ b/2020/1xxx/CVE-2020-1968.json @@ -111,6 +111,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2022.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-02", + "url": "https://security.gentoo.org/glsa/202210-02" } ] } diff --git a/2020/25xxx/CVE-2020-25637.json b/2020/25xxx/CVE-2020-25637.json index ca74c8c97b8..60a907a6c5a 100644 --- a/2020/25xxx/CVE-2020-25637.json +++ b/2020/25xxx/CVE-2020-25637.json @@ -58,6 +58,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:1777", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00073.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-06", + "url": "https://security.gentoo.org/glsa/202210-06" } ] }, diff --git a/2020/26xxx/CVE-2020-26839.json b/2020/26xxx/CVE-2020-26839.json index e87aa2d31c4..d120caa012c 100644 --- a/2020/26xxx/CVE-2020-26839.json +++ b/2020/26xxx/CVE-2020-26839.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-26839", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none." } ] } diff --git a/2020/26xxx/CVE-2020-26840.json b/2020/26xxx/CVE-2020-26840.json index c0ab8edfec7..ab0ef1429cb 100644 --- a/2020/26xxx/CVE-2020-26840.json +++ b/2020/26xxx/CVE-2020-26840.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-26840", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none." } ] } diff --git a/2020/26xxx/CVE-2020-26841.json b/2020/26xxx/CVE-2020-26841.json index e587e571562..8cddbc559b7 100644 --- a/2020/26xxx/CVE-2020-26841.json +++ b/2020/26xxx/CVE-2020-26841.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-26841", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none." } ] } diff --git a/2020/26xxx/CVE-2020-26842.json b/2020/26xxx/CVE-2020-26842.json index fd3c8060c88..5ad007c3b26 100644 --- a/2020/26xxx/CVE-2020-26842.json +++ b/2020/26xxx/CVE-2020-26842.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-26842", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none." } ] } diff --git a/2020/26xxx/CVE-2020-26843.json b/2020/26xxx/CVE-2020-26843.json index 95e71742138..b80a5e44e5a 100644 --- a/2020/26xxx/CVE-2020-26843.json +++ b/2020/26xxx/CVE-2020-26843.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-26843", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none." } ] } diff --git a/2020/26xxx/CVE-2020-26844.json b/2020/26xxx/CVE-2020-26844.json index c7572f9204c..59b0c3ac772 100644 --- a/2020/26xxx/CVE-2020-26844.json +++ b/2020/26xxx/CVE-2020-26844.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-26844", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none." } ] } diff --git a/2020/26xxx/CVE-2020-26845.json b/2020/26xxx/CVE-2020-26845.json index 001ee9f8a29..2cdf7617812 100644 --- a/2020/26xxx/CVE-2020-26845.json +++ b/2020/26xxx/CVE-2020-26845.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-26845", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none." } ] } diff --git a/2020/26xxx/CVE-2020-26846.json b/2020/26xxx/CVE-2020-26846.json index bc01c702302..489d051dccf 100644 --- a/2020/26xxx/CVE-2020-26846.json +++ b/2020/26xxx/CVE-2020-26846.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-26846", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none." } ] } diff --git a/2020/26xxx/CVE-2020-26847.json b/2020/26xxx/CVE-2020-26847.json index 1b680f7d98d..bbf9a0dddbc 100644 --- a/2020/26xxx/CVE-2020-26847.json +++ b/2020/26xxx/CVE-2020-26847.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-26847", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none." } ] } diff --git a/2020/26xxx/CVE-2020-26848.json b/2020/26xxx/CVE-2020-26848.json index 7a87049c5ac..88b0fdead6d 100644 --- a/2020/26xxx/CVE-2020-26848.json +++ b/2020/26xxx/CVE-2020-26848.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-26848", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none." } ] } diff --git a/2020/26xxx/CVE-2020-26849.json b/2020/26xxx/CVE-2020-26849.json index 6937b66b6ac..cdfd3f0f303 100644 --- a/2020/26xxx/CVE-2020-26849.json +++ b/2020/26xxx/CVE-2020-26849.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-26849", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none." } ] } diff --git a/2020/26xxx/CVE-2020-26850.json b/2020/26xxx/CVE-2020-26850.json index c191adc6e2d..15e1dcc048d 100644 --- a/2020/26xxx/CVE-2020-26850.json +++ b/2020/26xxx/CVE-2020-26850.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-26850", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none." } ] } diff --git a/2020/26xxx/CVE-2020-26851.json b/2020/26xxx/CVE-2020-26851.json index 45adf6192ed..fbec9e8cc33 100644 --- a/2020/26xxx/CVE-2020-26851.json +++ b/2020/26xxx/CVE-2020-26851.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-26851", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none." } ] } diff --git a/2020/26xxx/CVE-2020-26852.json b/2020/26xxx/CVE-2020-26852.json index 8f2e3c0e827..403fd525975 100644 --- a/2020/26xxx/CVE-2020-26852.json +++ b/2020/26xxx/CVE-2020-26852.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-26852", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none." } ] } diff --git a/2020/26xxx/CVE-2020-26853.json b/2020/26xxx/CVE-2020-26853.json index 54c713781fe..ecdf16d6759 100644 --- a/2020/26xxx/CVE-2020-26853.json +++ b/2020/26xxx/CVE-2020-26853.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-26853", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none." } ] } diff --git a/2020/26xxx/CVE-2020-26854.json b/2020/26xxx/CVE-2020-26854.json index d89a844db0a..789eab87467 100644 --- a/2020/26xxx/CVE-2020-26854.json +++ b/2020/26xxx/CVE-2020-26854.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-26854", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none." } ] } diff --git a/2020/26xxx/CVE-2020-26855.json b/2020/26xxx/CVE-2020-26855.json index e94e34733cd..b4bb46454c3 100644 --- a/2020/26xxx/CVE-2020-26855.json +++ b/2020/26xxx/CVE-2020-26855.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-26855", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none." } ] } diff --git a/2020/26xxx/CVE-2020-26856.json b/2020/26xxx/CVE-2020-26856.json index 8ec46efbc70..c31fb265a23 100644 --- a/2020/26xxx/CVE-2020-26856.json +++ b/2020/26xxx/CVE-2020-26856.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-26856", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none." } ] } diff --git a/2020/26xxx/CVE-2020-26857.json b/2020/26xxx/CVE-2020-26857.json index 03ca3799f11..0b9c66fc590 100644 --- a/2020/26xxx/CVE-2020-26857.json +++ b/2020/26xxx/CVE-2020-26857.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-26857", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none." } ] } diff --git a/2020/26xxx/CVE-2020-26858.json b/2020/26xxx/CVE-2020-26858.json index b3928e79381..848bc561366 100644 --- a/2020/26xxx/CVE-2020-26858.json +++ b/2020/26xxx/CVE-2020-26858.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-26858", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none." } ] } diff --git a/2020/26xxx/CVE-2020-26859.json b/2020/26xxx/CVE-2020-26859.json index 0b905da68fa..19ead297e3f 100644 --- a/2020/26xxx/CVE-2020-26859.json +++ b/2020/26xxx/CVE-2020-26859.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-26859", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none." } ] } diff --git a/2020/26xxx/CVE-2020-26860.json b/2020/26xxx/CVE-2020-26860.json index 27aa192052f..f69cbbd5681 100644 --- a/2020/26xxx/CVE-2020-26860.json +++ b/2020/26xxx/CVE-2020-26860.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-26860", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none." } ] } diff --git a/2020/26xxx/CVE-2020-26861.json b/2020/26xxx/CVE-2020-26861.json index 3b7bbc59716..71e17f452ef 100644 --- a/2020/26xxx/CVE-2020-26861.json +++ b/2020/26xxx/CVE-2020-26861.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-26861", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none." } ] } diff --git a/2020/26xxx/CVE-2020-26862.json b/2020/26xxx/CVE-2020-26862.json index 501624859e7..dc456d608b2 100644 --- a/2020/26xxx/CVE-2020-26862.json +++ b/2020/26xxx/CVE-2020-26862.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-26862", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none." } ] } diff --git a/2020/26xxx/CVE-2020-26863.json b/2020/26xxx/CVE-2020-26863.json index ecb5d23b97d..017d7f4bd3d 100644 --- a/2020/26xxx/CVE-2020-26863.json +++ b/2020/26xxx/CVE-2020-26863.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-26863", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none." } ] } diff --git a/2020/26xxx/CVE-2020-26864.json b/2020/26xxx/CVE-2020-26864.json index 684c56ebe23..f6d553ac71a 100644 --- a/2020/26xxx/CVE-2020-26864.json +++ b/2020/26xxx/CVE-2020-26864.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-26864", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none." } ] } diff --git a/2020/26xxx/CVE-2020-26865.json b/2020/26xxx/CVE-2020-26865.json index b6fd25b7277..77ee57a9079 100644 --- a/2020/26xxx/CVE-2020-26865.json +++ b/2020/26xxx/CVE-2020-26865.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-26865", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none." } ] } diff --git a/2020/26xxx/CVE-2020-26866.json b/2020/26xxx/CVE-2020-26866.json index 995cbd031fd..55781fc27f9 100644 --- a/2020/26xxx/CVE-2020-26866.json +++ b/2020/26xxx/CVE-2020-26866.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-26866", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none." } ] } diff --git a/2020/27xxx/CVE-2020-27618.json b/2020/27xxx/CVE-2020-27618.json index 86d3f0f934e..206f8fd9e7d 100644 --- a/2020/27xxx/CVE-2020-27618.json +++ b/2020/27xxx/CVE-2020-27618.json @@ -81,6 +81,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2022.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html" } ] } diff --git a/2020/35xxx/CVE-2020-35539.json b/2020/35xxx/CVE-2020-35539.json index fc96cbfc3b8..de277bde4c1 100644 --- a/2020/35xxx/CVE-2020-35539.json +++ b/2020/35xxx/CVE-2020-35539.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-35539", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Wordpress", + "version": { + "version_data": [ + { + "version_value": "Wordpress 5.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://seclists.org/fulldisclosure/2021/Mar/24", + "url": "https://seclists.org/fulldisclosure/2021/Mar/24" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Wordpress 5.1. \"X-Forwarded-For\" is a HTTP header used to carry the client's original IP address. However, because these headers may very well be added by the client to the requests, if the systems/devices use IP addresses which decelerate at X-Forwarded-For header instead of original IP, various issues may be faced. If the data originating from these fields is trusted by the application developers and processed, any authorization checks originating IP address logging could be manipulated." } ] } diff --git a/2020/4xxx/CVE-2020-4301.json b/2020/4xxx/CVE-2020-4301.json index 5f23d3a302d..15cbfeb3041 100644 --- a/2020/4xxx/CVE-2020-4301.json +++ b/2020/4xxx/CVE-2020-4301.json @@ -20,6 +20,11 @@ "refsource": "XF", "title": "X-Force Vulnerability Report", "name": "ibm-cognos-cve20204301-csrf (176609)" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221014-0005/", + "url": "https://security.netapp.com/advisory/ntap-20221014-0005/" } ] }, diff --git a/2020/6xxx/CVE-2020-6096.json b/2020/6xxx/CVE-2020-6096.json index 88c26296892..1ac4c183391 100644 --- a/2020/6xxx/CVE-2020-6096.json +++ b/2020/6xxx/CVE-2020-6096.json @@ -73,6 +73,11 @@ "refsource": "MISC", "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1019", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1019" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html" } ] }, diff --git a/2020/7xxx/CVE-2020-7774.json b/2020/7xxx/CVE-2020-7774.json index df77dc37075..a7b4b7167cc 100644 --- a/2020/7xxx/CVE-2020-7774.json +++ b/2020/7xxx/CVE-2020-7774.json @@ -83,7 +83,7 @@ "description_data": [ { "lang": "eng", - "value": "This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require('y18n')(); y18n.setLocale('__proto__'); y18n.updateLocale({polluted: true}); console.log(polluted); // true" + "value": "The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution." } ] }, diff --git a/2020/8xxx/CVE-2020-8016.json b/2020/8xxx/CVE-2020-8016.json index 5f19f1ce4de..ae71d1f9313 100644 --- a/2020/8xxx/CVE-2020-8016.json +++ b/2020/8xxx/CVE-2020-8016.json @@ -116,7 +116,7 @@ "description": [ { "lang": "eng", - "value": "CWE-363: Race Condition Enabling Link Following" + "value": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition" } ] } @@ -124,15 +124,15 @@ }, "references": { "reference_data": [ - { - "name": "https://bugzilla.suse.com/show_bug.cgi?id=1159740", - "refsource": "CONFIRM", - "url": "https://bugzilla.suse.com/show_bug.cgi?id=1159740" - }, { "refsource": "SUSE", "name": "openSUSE-SU-2020:0804", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00021.html" + }, + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1159740", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1159740" } ] }, diff --git a/2020/8xxx/CVE-2020-8017.json b/2020/8xxx/CVE-2020-8017.json index a8c821d456c..d8bd4c00324 100644 --- a/2020/8xxx/CVE-2020-8017.json +++ b/2020/8xxx/CVE-2020-8017.json @@ -116,7 +116,7 @@ "description": [ { "lang": "eng", - "value": "CWE-363: Race Condition Enabling Link Following" + "value": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition" } ] } @@ -124,15 +124,15 @@ }, "references": { "reference_data": [ - { - "name": "https://bugzilla.suse.com/show_bug.cgi?id=1158910", - "refsource": "CONFIRM", - "url": "https://bugzilla.suse.com/show_bug.cgi?id=1158910" - }, { "refsource": "SUSE", "name": "openSUSE-SU-2020:0804", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00021.html" + }, + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1158910", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1158910" } ] }, diff --git a/2021/0xxx/CVE-2021-0699.json b/2021/0xxx/CVE-2021-0699.json index eba4ad1a00f..ca69eb8f980 100644 --- a/2021/0xxx/CVE-2021-0699.json +++ b/2021/0xxx/CVE-2021-0699.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0699", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android SoC" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2022-10-01", + "url": "https://source.android.com/security/bulletin/2022-10-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In HTBLogKM of TBD, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-242345178" } ] } diff --git a/2021/20xxx/CVE-2021-20030.json b/2021/20xxx/CVE-2021-20030.json index a127a64d0b3..b0be0bbf7e6 100644 --- a/2021/20xxx/CVE-2021-20030.json +++ b/2021/20xxx/CVE-2021-20030.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20030", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "PSIRT@sonicwall.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SonicWall GMS", + "version": { + "version_data": [ + { + "version_value": "prior GMS 9.3.2" + } + ] + } + } + ] + }, + "vendor_name": "SonicWall" + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application's binaries and configuration files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0021", + "refsource": "CONFIRM", + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0021" } ] } diff --git a/2021/20xxx/CVE-2021-20468.json b/2021/20xxx/CVE-2021-20468.json index 7b9b8314280..a3677d35d05 100644 --- a/2021/20xxx/CVE-2021-20468.json +++ b/2021/20xxx/CVE-2021-20468.json @@ -21,6 +21,11 @@ "name": "ibm-cognos-cve202120468-csrf (196825)", "title": "X-Force Vulnerability Report", "refsource": "XF" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221014-0005/", + "url": "https://security.netapp.com/advisory/ntap-20221014-0005/" } ] }, diff --git a/2021/20xxx/CVE-2021-20594.json b/2021/20xxx/CVE-2021-20594.json index a4b8cec3138..79135e663b3 100644 --- a/2021/20xxx/CVE-2021-20594.json +++ b/2021/20xxx/CVE-2021-20594.json @@ -15,14 +15,14 @@ "product": { "product_data": [ { - "product_name": "MELSEC iQ-R series CPU modules R08/16/32/120SFCPU; R08/16/32/120PSFCPU", + "product_name": "Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU", "version": { "version_data": [ { - "version_value": "all versions" + "version_value": "Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions \"26\" and prior" }, { - "version_value": "all versions" + "version_value": "Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU all versions" } ] } @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-008_en.pdf", "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-008_en.pdf" + }, + { + "refsource": "MISC", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-250-01", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-250-01" } ] }, @@ -63,7 +68,7 @@ "description_data": [ { "lang": "eng", - "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R08/16/32/120SFCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to acquire legitimate user names registered in the module via brute-force attack on user names." + "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions \"26\" and prior and Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU all versions allows a remote unauthenticated attacker to acquire legitimate user names registered in the module via brute-force attack on user names." } ] } diff --git a/2021/20xxx/CVE-2021-20597.json b/2021/20xxx/CVE-2021-20597.json index 766d79467d5..6e4093eaa1c 100644 --- a/2021/20xxx/CVE-2021-20597.json +++ b/2021/20xxx/CVE-2021-20597.json @@ -15,14 +15,14 @@ "product": { "product_data": [ { - "product_name": "MELSEC iQ-R series CPU modules R08/16/32/120SFCPU; R08/16/32/120PSFCPU", + "product_name": "Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU", "version": { "version_data": [ { - "version_value": "all versions" + "version_value": "Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions \"26\" and prior" }, { - "version_value": "all versions" + "version_value": "Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU all versions" } ] } @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://jvn.jp/vu/JVNVU98578731/index.html", "url": "https://jvn.jp/vu/JVNVU98578731/index.html" + }, + { + "refsource": "MISC", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-250-01", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-250-01" } ] }, @@ -63,7 +68,7 @@ "description_data": [ { "lang": "eng", - "value": "Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R08/16/32/120SFCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to login to the target unauthorizedly by sniffing network traffic and obtaining credentials when registering user information in the target or changing a password." + "value": "Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions \"26\" and prior and Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU all versions allows a remote unauthenticated attacker to login to the target unauthorizedly by sniffing network traffic and obtaining credentials when registering user information in the target or changing a password." } ] } diff --git a/2021/20xxx/CVE-2021-20599.json b/2021/20xxx/CVE-2021-20599.json index f128a330eb9..66a454c601e 100644 --- a/2021/20xxx/CVE-2021-20599.json +++ b/2021/20xxx/CVE-2021-20599.json @@ -15,14 +15,14 @@ "product": { "product_data": [ { - "product_name": "MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU; MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU", + "product_name": "Mitsubishi Electric MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "Mitsubishi Electric MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU Firmware versions \"26\" and prior" }, { - "version_value": "All versions" + "version_value": "Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU All versions" } ] } @@ -39,7 +39,7 @@ "description": [ { "lang": "eng", - "value": "Authorization Bypass Through User-Controlled Key" + "value": "Cleartext transmission of sensitive information" } ] } @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://jvn.jp/vu/JVNVU98578731", "url": "https://jvn.jp/vu/JVNVU98578731" + }, + { + "refsource": "MISC", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-03", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-03" } ] }, @@ -63,7 +68,7 @@ "description_data": [ { "lang": "eng", - "value": "Authorization bypass through user-controlled key vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows an remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password." + "value": "Cleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions \"26\" and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password." } ] } diff --git a/2021/22xxx/CVE-2021-22235.json b/2021/22xxx/CVE-2021-22235.json index 37fb69533d0..6dafae7fc89 100644 --- a/2021/22xxx/CVE-2021-22235.json +++ b/2021/22xxx/CVE-2021-22235.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2849-1] wireshark security update", "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-04", + "url": "https://security.gentoo.org/glsa/202210-04" } ] }, diff --git a/2021/22xxx/CVE-2021-22685.json b/2021/22xxx/CVE-2021-22685.json index 1bd09a79057..28e361c17fa 100644 --- a/2021/22xxx/CVE-2021-22685.json +++ b/2021/22xxx/CVE-2021-22685.json @@ -1,18 +1,103 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2021-22685", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cassia Networks Access Controller Path Traversal" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Access Controller", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Cassia Networks" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Amir Preminger and Sharon Brizinov of Claroty reported this vulnerability to CISA." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An attacker may be able to use minify route with a relative path to view any file on the Cassia Networks Access Controller prior to 2.0.1." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 6.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-119-02", + "refsource": "CONFIRM", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-119-02" + }, + { + "name": "https://www.cassianetworks.com/support/knowledge-base/", + "refsource": "CONFIRM", + "url": "https://www.cassianetworks.com/support/knowledge-base/" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Cassia Networks has released a patch (https://www.cassianetworks.com/support/knowledge-base/) that mitigates the reported vulnerability." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/27xxx/CVE-2021-27406.json b/2021/27xxx/CVE-2021-27406.json index 268fb5b765b..bf862cffb5b 100644 --- a/2021/27xxx/CVE-2021-27406.json +++ b/2021/27xxx/CVE-2021-27406.json @@ -1,18 +1,98 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2021-27406", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "PerFact OpenVPN-Client" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OpenVPN-Client", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "1.4.1.0" + } + ] + } + } + ] + }, + "vendor_name": "PerFact" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Sharon Brizinov of Claroty reported this vulnerability to CISA." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. This could result in the attacker achieving execution with privileges of a SYSTEM user." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-15 External Control of System or Configuration Setting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-056-01", + "refsource": "CONFIRM", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-056-01" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "PerFact has released Version 1.6.0, which mitigates this vulnerability." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/27xxx/CVE-2021-27597.json b/2021/27xxx/CVE-2021-27597.json index 524017ffbc9..b12a11dbbd1 100644 --- a/2021/27xxx/CVE-2021-27597.json +++ b/2021/27xxx/CVE-2021-27597.json @@ -128,7 +128,7 @@ "description": [ { "lang": "eng", - "value": "Improper Input Validation (CWE-20)" + "value": "Improper Input Validation (CWE-125)" } ] } @@ -145,16 +145,6 @@ "url": "https://launchpad.support.sap.com/#/notes/3020209", "refsource": "MISC", "name": "https://launchpad.support.sap.com/#/notes/3020209" - }, - { - "refsource": "FULLDISC", - "name": "20211022 Onapsis Security Advisory 2021-0018: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP Gateway service", - "url": "http://seclists.org/fulldisclosure/2021/Oct/30" - }, - { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/164596/SAP-NetWeaver-ABAP-Gateway-Memory-Corruption.html", - "url": "http://packetstormsecurity.com/files/164596/SAP-NetWeaver-ABAP-Gateway-Memory-Corruption.html" } ] } diff --git a/2021/27xxx/CVE-2021-27606.json b/2021/27xxx/CVE-2021-27606.json index e35386f367f..3de458a7a4d 100644 --- a/2021/27xxx/CVE-2021-27606.json +++ b/2021/27xxx/CVE-2021-27606.json @@ -112,7 +112,7 @@ "description": [ { "lang": "eng", - "value": "Improper Input Validation (CWE-20)" + "value": "Improper Input Validation (CWE-125)" } ] } @@ -129,16 +129,6 @@ "url": "https://launchpad.support.sap.com/#/notes/3020104", "refsource": "MISC", "name": "https://launchpad.support.sap.com/#/notes/3020104" - }, - { - "refsource": "FULLDISC", - "name": "20211022 Onapsis Security Advisory 2021-0017: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP Enqueue service", - "url": "http://seclists.org/fulldisclosure/2021/Oct/29" - }, - { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/164595/SAP-NetWeaver-ABAP-Enqueue-Memory-Corruption.html", - "url": "http://packetstormsecurity.com/files/164595/SAP-NetWeaver-ABAP-Enqueue-Memory-Corruption.html" } ] } diff --git a/2021/27xxx/CVE-2021-27607.json b/2021/27xxx/CVE-2021-27607.json index 1a38bcbb81b..68278aabe00 100644 --- a/2021/27xxx/CVE-2021-27607.json +++ b/2021/27xxx/CVE-2021-27607.json @@ -136,7 +136,7 @@ "description": [ { "lang": "eng", - "value": "Improper Input Validation (CWE-20)" + "value": "Improper Input Validation (CWE-476)" } ] } @@ -153,16 +153,6 @@ "url": "https://launchpad.support.sap.com/#/notes/3021197", "refsource": "MISC", "name": "https://launchpad.support.sap.com/#/notes/3021197" - }, - { - "refsource": "FULLDISC", - "name": "20211022 Onapsis Security Advisory 2021-0015: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP Dispatcher service", - "url": "http://seclists.org/fulldisclosure/2021/Oct/27" - }, - { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/164591/SAP-NetWeaver-ABAP-Dispatcher-Service-Memory-Corruption.html", - "url": "http://packetstormsecurity.com/files/164591/SAP-NetWeaver-ABAP-Dispatcher-Service-Memory-Corruption.html" } ] } diff --git a/2021/27xxx/CVE-2021-27620.json b/2021/27xxx/CVE-2021-27620.json index 8a4f672d82d..7fe1503f979 100644 --- a/2021/27xxx/CVE-2021-27620.json +++ b/2021/27xxx/CVE-2021-27620.json @@ -68,7 +68,7 @@ "description": [ { "lang": "eng", - "value": "Improper Input Validation (CWE-20)" + "value": "Improper Input Validation (CWE-787)" } ] } @@ -85,16 +85,6 @@ "url": "https://launchpad.support.sap.com/#/notes/3021050", "refsource": "MISC", "name": "https://launchpad.support.sap.com/#/notes/3021050" - }, - { - "refsource": "FULLDISC", - "name": "20211022 Onapsis Security Advisory 2021-0019: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP IGS service", - "url": "http://seclists.org/fulldisclosure/2021/Oct/31" - }, - { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/164598/SAP-NetWeaver-ABAP-IGS-Memory-Corruption.html", - "url": "http://packetstormsecurity.com/files/164598/SAP-NetWeaver-ABAP-IGS-Memory-Corruption.html" } ] } diff --git a/2021/27xxx/CVE-2021-27622.json b/2021/27xxx/CVE-2021-27622.json index 873328c1e47..3135411ae40 100644 --- a/2021/27xxx/CVE-2021-27622.json +++ b/2021/27xxx/CVE-2021-27622.json @@ -68,7 +68,7 @@ "description": [ { "lang": "eng", - "value": "Improper Input Validation (CWE-20)" + "value": "Improper Input Validation (CWE-787)" } ] } @@ -85,16 +85,6 @@ "url": "https://launchpad.support.sap.com/#/notes/3021050", "refsource": "MISC", "name": "https://launchpad.support.sap.com/#/notes/3021050" - }, - { - "refsource": "FULLDISC", - "name": "20211022 Onapsis Security Advisory 2021-0019: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP IGS service", - "url": "http://seclists.org/fulldisclosure/2021/Oct/31" - }, - { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/164598/SAP-NetWeaver-ABAP-IGS-Memory-Corruption.html", - "url": "http://packetstormsecurity.com/files/164598/SAP-NetWeaver-ABAP-IGS-Memory-Corruption.html" } ] } diff --git a/2021/27xxx/CVE-2021-27623.json b/2021/27xxx/CVE-2021-27623.json index 3f48ec40d08..68bd5532a3b 100644 --- a/2021/27xxx/CVE-2021-27623.json +++ b/2021/27xxx/CVE-2021-27623.json @@ -68,7 +68,7 @@ "description": [ { "lang": "eng", - "value": "Improper Input Validation (CWE-20)" + "value": "Improper Input Validation (CWE-787)" } ] } diff --git a/2021/27xxx/CVE-2021-27624.json b/2021/27xxx/CVE-2021-27624.json index 7cb7299203e..fe2cbc488df 100644 --- a/2021/27xxx/CVE-2021-27624.json +++ b/2021/27xxx/CVE-2021-27624.json @@ -68,7 +68,7 @@ "description": [ { "lang": "eng", - "value": "Improper Input Validation (CWE-20)" + "value": "Improper Input Validation (CWE-787)" } ] } @@ -85,16 +85,6 @@ "url": "https://launchpad.support.sap.com/#/notes/3021050", "refsource": "MISC", "name": "https://launchpad.support.sap.com/#/notes/3021050" - }, - { - "refsource": "FULLDISC", - "name": "20211022 Onapsis Security Advisory 2021-0019: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP IGS service", - "url": "http://seclists.org/fulldisclosure/2021/Oct/31" - }, - { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/164598/SAP-NetWeaver-ABAP-IGS-Memory-Corruption.html", - "url": "http://packetstormsecurity.com/files/164598/SAP-NetWeaver-ABAP-IGS-Memory-Corruption.html" } ] } diff --git a/2021/27xxx/CVE-2021-27625.json b/2021/27xxx/CVE-2021-27625.json index 95cde8f4934..bec0aa21fac 100644 --- a/2021/27xxx/CVE-2021-27625.json +++ b/2021/27xxx/CVE-2021-27625.json @@ -68,7 +68,7 @@ "description": [ { "lang": "eng", - "value": "Improper Input Validation (CWE-20)" + "value": "Improper Input Validation (CWE-787)" } ] } @@ -85,16 +85,6 @@ "url": "https://launchpad.support.sap.com/#/notes/3021050", "refsource": "MISC", "name": "https://launchpad.support.sap.com/#/notes/3021050" - }, - { - "refsource": "FULLDISC", - "name": "20211022 Onapsis Security Advisory 2021-0019: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP IGS service", - "url": "http://seclists.org/fulldisclosure/2021/Oct/31" - }, - { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/164598/SAP-NetWeaver-ABAP-IGS-Memory-Corruption.html", - "url": "http://packetstormsecurity.com/files/164598/SAP-NetWeaver-ABAP-IGS-Memory-Corruption.html" } ] } diff --git a/2021/27xxx/CVE-2021-27626.json b/2021/27xxx/CVE-2021-27626.json index 1f1675f7cbf..db7cd2ac9d1 100644 --- a/2021/27xxx/CVE-2021-27626.json +++ b/2021/27xxx/CVE-2021-27626.json @@ -68,7 +68,7 @@ "description": [ { "lang": "eng", - "value": "Improper Input Validation (CWE-20)" + "value": "Improper Input Validation (CWE-787)" } ] } @@ -85,16 +85,6 @@ "url": "https://launchpad.support.sap.com/#/notes/3021050", "refsource": "MISC", "name": "https://launchpad.support.sap.com/#/notes/3021050" - }, - { - "refsource": "FULLDISC", - "name": "20211022 Onapsis Security Advisory 2021-0019: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP IGS service", - "url": "http://seclists.org/fulldisclosure/2021/Oct/31" - }, - { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/164598/SAP-NetWeaver-ABAP-IGS-Memory-Corruption.html", - "url": "http://packetstormsecurity.com/files/164598/SAP-NetWeaver-ABAP-IGS-Memory-Corruption.html" } ] } diff --git a/2021/27xxx/CVE-2021-27627.json b/2021/27xxx/CVE-2021-27627.json index 63bc305641c..d04d8c29cb6 100644 --- a/2021/27xxx/CVE-2021-27627.json +++ b/2021/27xxx/CVE-2021-27627.json @@ -68,7 +68,7 @@ "description": [ { "lang": "eng", - "value": "Improper Input Validation (CWE-20)" + "value": "Improper Input Validation (CWE-787)" } ] } @@ -85,16 +85,6 @@ "url": "https://launchpad.support.sap.com/#/notes/3021050", "refsource": "MISC", "name": "https://launchpad.support.sap.com/#/notes/3021050" - }, - { - "refsource": "FULLDISC", - "name": "20211022 Onapsis Security Advisory 2021-0019: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP IGS service", - "url": "http://seclists.org/fulldisclosure/2021/Oct/31" - }, - { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/164598/SAP-NetWeaver-ABAP-IGS-Memory-Corruption.html", - "url": "http://packetstormsecurity.com/files/164598/SAP-NetWeaver-ABAP-IGS-Memory-Corruption.html" } ] } diff --git a/2021/27xxx/CVE-2021-27628.json b/2021/27xxx/CVE-2021-27628.json index 4e58808682b..1bc84e67d3f 100644 --- a/2021/27xxx/CVE-2021-27628.json +++ b/2021/27xxx/CVE-2021-27628.json @@ -136,7 +136,7 @@ "description": [ { "lang": "eng", - "value": "Improper Input Validation (CWE-20)" + "value": "Improper Input Validation (CWE-787)" } ] } @@ -153,16 +153,6 @@ "url": "https://launchpad.support.sap.com/#/notes/3021197", "refsource": "MISC", "name": "https://launchpad.support.sap.com/#/notes/3021197" - }, - { - "refsource": "FULLDISC", - "name": "20211022 Onapsis Security Advisory 2021-0015: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP Dispatcher service", - "url": "http://seclists.org/fulldisclosure/2021/Oct/27" - }, - { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/164591/SAP-NetWeaver-ABAP-Dispatcher-Service-Memory-Corruption.html", - "url": "http://packetstormsecurity.com/files/164591/SAP-NetWeaver-ABAP-Dispatcher-Service-Memory-Corruption.html" } ] } diff --git a/2021/27xxx/CVE-2021-27629.json b/2021/27xxx/CVE-2021-27629.json index d4c85771ea4..1735d5514e8 100644 --- a/2021/27xxx/CVE-2021-27629.json +++ b/2021/27xxx/CVE-2021-27629.json @@ -112,7 +112,7 @@ "description": [ { "lang": "eng", - "value": "Improper Input Validation (CWE-20)" + "value": "Improper Input Validation (CWE-125)" } ] } @@ -129,16 +129,6 @@ "url": "https://launchpad.support.sap.com/#/notes/3020104", "refsource": "MISC", "name": "https://launchpad.support.sap.com/#/notes/3020104" - }, - { - "refsource": "FULLDISC", - "name": "20211022 Onapsis Security Advisory 2021-0017: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP Enqueue service", - "url": "http://seclists.org/fulldisclosure/2021/Oct/29" - }, - { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/164595/SAP-NetWeaver-ABAP-Enqueue-Memory-Corruption.html", - "url": "http://packetstormsecurity.com/files/164595/SAP-NetWeaver-ABAP-Enqueue-Memory-Corruption.html" } ] } diff --git a/2021/27xxx/CVE-2021-27630.json b/2021/27xxx/CVE-2021-27630.json index f6e56fef01f..1add297e04b 100644 --- a/2021/27xxx/CVE-2021-27630.json +++ b/2021/27xxx/CVE-2021-27630.json @@ -112,7 +112,7 @@ "description": [ { "lang": "eng", - "value": "Improper Input Validation (CWE-20)" + "value": "Improper Input Validation (CWE-476)" } ] } @@ -129,16 +129,6 @@ "url": "https://launchpad.support.sap.com/#/notes/3020104", "refsource": "MISC", "name": "https://launchpad.support.sap.com/#/notes/3020104" - }, - { - "refsource": "FULLDISC", - "name": "20211022 Onapsis Security Advisory 2021-0017: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP Enqueue service", - "url": "http://seclists.org/fulldisclosure/2021/Oct/29" - }, - { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/164595/SAP-NetWeaver-ABAP-Enqueue-Memory-Corruption.html", - "url": "http://packetstormsecurity.com/files/164595/SAP-NetWeaver-ABAP-Enqueue-Memory-Corruption.html" } ] } diff --git a/2021/27xxx/CVE-2021-27631.json b/2021/27xxx/CVE-2021-27631.json index c8887c0ef63..4616160dc56 100644 --- a/2021/27xxx/CVE-2021-27631.json +++ b/2021/27xxx/CVE-2021-27631.json @@ -112,7 +112,7 @@ "description": [ { "lang": "eng", - "value": "Improper Input Validation (CWE-20)" + "value": "Improper Input Validation (CWE-476)" } ] } @@ -129,16 +129,6 @@ "url": "https://launchpad.support.sap.com/#/notes/3020104", "refsource": "MISC", "name": "https://launchpad.support.sap.com/#/notes/3020104" - }, - { - "refsource": "FULLDISC", - "name": "20211022 Onapsis Security Advisory 2021-0017: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP Enqueue service", - "url": "http://seclists.org/fulldisclosure/2021/Oct/29" - }, - { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/164595/SAP-NetWeaver-ABAP-Enqueue-Memory-Corruption.html", - "url": "http://packetstormsecurity.com/files/164595/SAP-NetWeaver-ABAP-Enqueue-Memory-Corruption.html" } ] } diff --git a/2021/27xxx/CVE-2021-27632.json b/2021/27xxx/CVE-2021-27632.json index b9941779c2c..5e4a9f6f090 100644 --- a/2021/27xxx/CVE-2021-27632.json +++ b/2021/27xxx/CVE-2021-27632.json @@ -112,7 +112,7 @@ "description": [ { "lang": "eng", - "value": "Improper Input Validation (CWE-20)" + "value": "Improper Input Validation (CWE-476)" } ] } @@ -129,16 +129,6 @@ "url": "https://launchpad.support.sap.com/#/notes/3020104", "refsource": "MISC", "name": "https://launchpad.support.sap.com/#/notes/3020104" - }, - { - "refsource": "FULLDISC", - "name": "20211022 Onapsis Security Advisory 2021-0017: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP Enqueue service", - "url": "http://seclists.org/fulldisclosure/2021/Oct/29" - }, - { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/164595/SAP-NetWeaver-ABAP-Enqueue-Memory-Corruption.html", - "url": "http://packetstormsecurity.com/files/164595/SAP-NetWeaver-ABAP-Enqueue-Memory-Corruption.html" } ] } diff --git a/2021/27xxx/CVE-2021-27633.json b/2021/27xxx/CVE-2021-27633.json index 0fde84cd25f..8ea97d6e46c 100644 --- a/2021/27xxx/CVE-2021-27633.json +++ b/2021/27xxx/CVE-2021-27633.json @@ -128,7 +128,7 @@ "description": [ { "lang": "eng", - "value": "Improper Input Validation (CWE-20)" + "value": "Improper Input Validation (CWE-787)" } ] } @@ -145,16 +145,6 @@ "url": "https://launchpad.support.sap.com/#/notes/3020209", "refsource": "MISC", "name": "https://launchpad.support.sap.com/#/notes/3020209" - }, - { - "refsource": "FULLDISC", - "name": "20211022 Onapsis Security Advisory 2021-0018: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP Gateway service", - "url": "http://seclists.org/fulldisclosure/2021/Oct/30" - }, - { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/164596/SAP-NetWeaver-ABAP-Gateway-Memory-Corruption.html", - "url": "http://packetstormsecurity.com/files/164596/SAP-NetWeaver-ABAP-Gateway-Memory-Corruption.html" } ] } diff --git a/2021/27xxx/CVE-2021-27634.json b/2021/27xxx/CVE-2021-27634.json index 6411cb59889..d1658fd151e 100644 --- a/2021/27xxx/CVE-2021-27634.json +++ b/2021/27xxx/CVE-2021-27634.json @@ -128,7 +128,7 @@ "description": [ { "lang": "eng", - "value": "Improper Input Validation (CWE-20)" + "value": "Improper Input Validation (CWE-787)" } ] } @@ -145,16 +145,6 @@ "url": "https://launchpad.support.sap.com/#/notes/3020209", "refsource": "MISC", "name": "https://launchpad.support.sap.com/#/notes/3020209" - }, - { - "refsource": "FULLDISC", - "name": "20211022 Onapsis Security Advisory 2021-0018: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP Gateway service", - "url": "http://seclists.org/fulldisclosure/2021/Oct/30" - }, - { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/164596/SAP-NetWeaver-ABAP-Gateway-Memory-Corruption.html", - "url": "http://packetstormsecurity.com/files/164596/SAP-NetWeaver-ABAP-Gateway-Memory-Corruption.html" } ] } diff --git a/2021/27xxx/CVE-2021-27645.json b/2021/27xxx/CVE-2021-27645.json index f27bffd63a2..65bb5d92755 100644 --- a/2021/27xxx/CVE-2021-27645.json +++ b/2021/27xxx/CVE-2021-27645.json @@ -71,6 +71,11 @@ "refsource": "GENTOO", "name": "GLSA-202107-07", "url": "https://security.gentoo.org/glsa/202107-07" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html" } ] } diff --git a/2021/28xxx/CVE-2021-28875.json b/2021/28xxx/CVE-2021-28875.json index 71af262831d..38519c1ad53 100644 --- a/2021/28xxx/CVE-2021-28875.json +++ b/2021/28xxx/CVE-2021-28875.json @@ -61,6 +61,11 @@ "url": "https://github.com/rust-lang/rust/pull/80895", "refsource": "MISC", "name": "https://github.com/rust-lang/rust/pull/80895" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-09", + "url": "https://security.gentoo.org/glsa/202210-09" } ] } diff --git a/2021/28xxx/CVE-2021-28876.json b/2021/28xxx/CVE-2021-28876.json index 1b6e8acf047..bc2bc707a3c 100644 --- a/2021/28xxx/CVE-2021-28876.json +++ b/2021/28xxx/CVE-2021-28876.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-d7f74f0250", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFUO3URYCO73D2Q4WYJBWAMJWGGVXQO4/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-09", + "url": "https://security.gentoo.org/glsa/202210-09" } ] } diff --git a/2021/28xxx/CVE-2021-28877.json b/2021/28xxx/CVE-2021-28877.json index 109f1093d8e..e06ca605d75 100644 --- a/2021/28xxx/CVE-2021-28877.json +++ b/2021/28xxx/CVE-2021-28877.json @@ -56,6 +56,11 @@ "url": "https://github.com/rust-lang/rust/pull/80670", "refsource": "MISC", "name": "https://github.com/rust-lang/rust/pull/80670" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-09", + "url": "https://security.gentoo.org/glsa/202210-09" } ] } diff --git a/2021/28xxx/CVE-2021-28878.json b/2021/28xxx/CVE-2021-28878.json index 3c8c6949dd6..1b9c685b113 100644 --- a/2021/28xxx/CVE-2021-28878.json +++ b/2021/28xxx/CVE-2021-28878.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-d7f74f0250", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFUO3URYCO73D2Q4WYJBWAMJWGGVXQO4/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-09", + "url": "https://security.gentoo.org/glsa/202210-09" } ] } diff --git a/2021/28xxx/CVE-2021-28879.json b/2021/28xxx/CVE-2021-28879.json index 81a84280307..c6f369dedf6 100644 --- a/2021/28xxx/CVE-2021-28879.json +++ b/2021/28xxx/CVE-2021-28879.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-d7f74f0250", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFUO3URYCO73D2Q4WYJBWAMJWGGVXQO4/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-09", + "url": "https://security.gentoo.org/glsa/202210-09" } ] } diff --git a/2021/29xxx/CVE-2021-29823.json b/2021/29xxx/CVE-2021-29823.json index 04ea08ed036..3d7ff48924e 100644 --- a/2021/29xxx/CVE-2021-29823.json +++ b/2021/29xxx/CVE-2021-29823.json @@ -20,6 +20,11 @@ "refsource": "XF", "name": "ibm-cognos-cve202129823-csrf (204465)", "title": "X-Force Vulnerability Report" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221014-0005/", + "url": "https://security.netapp.com/advisory/ntap-20221014-0005/" } ] }, diff --git a/2021/29xxx/CVE-2021-29922.json b/2021/29xxx/CVE-2021-29922.json index cf1031b2d91..51d182c05f8 100644 --- a/2021/29xxx/CVE-2021-29922.json +++ b/2021/29xxx/CVE-2021-29922.json @@ -76,6 +76,11 @@ "refsource": "MISC", "name": "https://defcon.org/html/defcon-29/dc-29-speakers.html#kaoudis", "url": "https://defcon.org/html/defcon-29/dc-29-speakers.html#kaoudis" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-09", + "url": "https://security.gentoo.org/glsa/202210-09" } ] } diff --git a/2021/30xxx/CVE-2021-30496.json b/2021/30xxx/CVE-2021-30496.json index b970b0bf2dd..b3952a1f06d 100644 --- a/2021/30xxx/CVE-2021-30496.json +++ b/2021/30xxx/CVE-2021-30496.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "The Telegram app 7.6.2 for iOS allows remote authenticated users to cause a denial of service (application crash) if the victim pastes an attacker-supplied message (e.g., in the Persian language) into a channel or group. The crash occurs in MtProtoKitFramework." + "value": "** DISPUTED ** The Telegram app 7.6.2 for iOS allows remote authenticated users to cause a denial of service (application crash) if the victim pastes an attacker-supplied message (e.g., in the Persian language) into a channel or group. The crash occurs in MtProtoKitFramework. NOTE: the vendor's perspective is that \"this behavior can't be considered a vulnerability.\"" } ] }, diff --git a/2021/31xxx/CVE-2021-31162.json b/2021/31xxx/CVE-2021-31162.json index ba693d60c2b..1ea7522d0b5 100644 --- a/2021/31xxx/CVE-2021-31162.json +++ b/2021/31xxx/CVE-2021-31162.json @@ -81,6 +81,11 @@ "refsource": "CONFIRM", "name": "https://github.com/rust-lang/rust/pull/84603", "url": "https://github.com/rust-lang/rust/pull/84603" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-09", + "url": "https://security.gentoo.org/glsa/202210-09" } ] } diff --git a/2021/31xxx/CVE-2021-31997.json b/2021/31xxx/CVE-2021-31997.json index e13fbbb3379..ca5bb30b4c3 100644 --- a/2021/31xxx/CVE-2021-31997.json +++ b/2021/31xxx/CVE-2021-31997.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "a UNIX Symbolic Link (Symlink) Following vulnerability in python-postorius of openSUSE Leap 15.2, Factory allows local attackers to escalate from users postorius or postorius-admin to root. This issue affects: openSUSE Leap 15.2 python-postorius version 1.3.2-lp152.1.2 and prior versions. openSUSE Factory python-postorius version 1.3.4-2.1 and prior versions." + "value": "A UNIX Symbolic Link (Symlink) Following vulnerability in python-postorius of openSUSE Leap 15.2, Factory allows local attackers to escalate from users postorius or postorius-admin to root. This issue affects: openSUSE Leap 15.2 python-postorius version 1.3.2-lp152.1.2 and prior versions. openSUSE Factory python-postorius version 1.3.4-2.1 and prior versions." } ] }, @@ -85,7 +85,7 @@ "description": [ { "lang": "eng", - "value": "CWE-61: UNIX Symbolic Link (Symlink) Following" + "value": "CWE-59: Improper Link Resolution Before File Access ('Link Following')" } ] } @@ -107,4 +107,4 @@ ], "discovery": "INTERNAL" } -} \ No newline at end of file +} diff --git a/2021/32xxx/CVE-2021-32000.json b/2021/32xxx/CVE-2021-32000.json index a7358e181e3..d86a9edad92 100644 --- a/2021/32xxx/CVE-2021-32000.json +++ b/2021/32xxx/CVE-2021-32000.json @@ -104,7 +104,7 @@ "description": [ { "lang": "eng", - "value": "CWE-61: UNIX Symbolic Link (Symlink) Following" + "value": "Improper Link Resolution Before File Access ('Link Following')" } ] } @@ -126,4 +126,4 @@ ], "discovery": "INTERNAL" } -} \ No newline at end of file +} diff --git a/2021/33xxx/CVE-2021-33574.json b/2021/33xxx/CVE-2021-33574.json index 398dad8c722..51211be1b2b 100644 --- a/2021/33xxx/CVE-2021-33574.json +++ b/2021/33xxx/CVE-2021-33574.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-f29b4643c7", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJYYIMDDYOHTP2PORLABTOHYQYYREZDD/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html" } ] } diff --git a/2021/35xxx/CVE-2021-35942.json b/2021/35xxx/CVE-2021-35942.json index b99962ab5b0..92bf1fe98da 100644 --- a/2021/35xxx/CVE-2021-35942.json +++ b/2021/35xxx/CVE-2021-35942.json @@ -76,6 +76,11 @@ "refsource": "GENTOO", "name": "GLSA-202208-24", "url": "https://security.gentoo.org/glsa/202208-24" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html" } ] } diff --git a/2021/36xxx/CVE-2021-36201.json b/2021/36xxx/CVE-2021-36201.json index fee7210b4ce..d10509097f1 100644 --- a/2021/36xxx/CVE-2021-36201.json +++ b/2021/36xxx/CVE-2021-36201.json @@ -44,7 +44,7 @@ "description_data": [ { "lang": "eng", - "value": "Under certain circumstances a C\u2022CURE Portal user could enumerate user accounts in C\u2022CURE 9000 version 2.90 and prior versions. This issue affects: C\u2022CURE 9000 2.90 and earlier version 2.90 and prior versions." + "value": "Under certain circumstances a CCURE Portal user could enumerate user accounts in CCURE 9000 version 2.90 and prior versions." } ] }, diff --git a/2021/36xxx/CVE-2021-36317.json b/2021/36xxx/CVE-2021-36317.json index 4e6ca36b0b9..ee1233e4cc2 100644 --- a/2021/36xxx/CVE-2021-36317.json +++ b/2021/36xxx/CVE-2021-36317.json @@ -66,6 +66,11 @@ "refsource": "MISC", "url": "https://www.dell.com/support/kbdoc/000193369", "name": "https://www.dell.com/support/kbdoc/000193369" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-09", + "url": "https://security.gentoo.org/glsa/202210-09" } ] } diff --git a/2021/36xxx/CVE-2021-36318.json b/2021/36xxx/CVE-2021-36318.json index 8d2d9c20d38..45b24453345 100644 --- a/2021/36xxx/CVE-2021-36318.json +++ b/2021/36xxx/CVE-2021-36318.json @@ -66,6 +66,11 @@ "refsource": "MISC", "url": "https://www.dell.com/support/kbdoc/000193369", "name": "https://www.dell.com/support/kbdoc/000193369" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-09", + "url": "https://security.gentoo.org/glsa/202210-09" } ] } diff --git a/2021/36xxx/CVE-2021-36778.json b/2021/36xxx/CVE-2021-36778.json index 93d01cd20e5..bd0736f2373 100644 --- a/2021/36xxx/CVE-2021-36778.json +++ b/2021/36xxx/CVE-2021-36778.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE Rancher allows administrators of third-party repositories to gather credentials that are sent to their servers. This issue affects: SUSE Rancher Rancher versions prior to 2.5.12; Rancher versions prior to 2.6.3." + "value": "A Incorrect Authorization vulnerability in SUSE Rancher allows administrators of third-party repositories to gather credentials that are sent to their servers. This issue affects: SUSE Rancher Rancher versions prior to 2.5.12; Rancher versions prior to 2.6.3." } ] }, @@ -85,7 +85,7 @@ "description": [ { "lang": "eng", - "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor" + "value": "CWE-863: Incorrect Authorization" } ] } @@ -107,4 +107,4 @@ ], "discovery": "EXTERNAL" } -} \ No newline at end of file +} diff --git a/2021/39xxx/CVE-2021-39009.json b/2021/39xxx/CVE-2021-39009.json index 0915403babe..00b2893b33d 100644 --- a/2021/39xxx/CVE-2021-39009.json +++ b/2021/39xxx/CVE-2021-39009.json @@ -90,6 +90,11 @@ "title": "X-Force Vulnerability Report", "name": "ibm-cognos-cve202139009-info-disc (213554)", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213554" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221014-0005/", + "url": "https://security.netapp.com/advisory/ntap-20221014-0005/" } ] } diff --git a/2021/39xxx/CVE-2021-39045.json b/2021/39xxx/CVE-2021-39045.json index c39502bfa5d..c289b46dd36 100644 --- a/2021/39xxx/CVE-2021-39045.json +++ b/2021/39xxx/CVE-2021-39045.json @@ -90,6 +90,11 @@ "name": "ibm-cognos-cve202139045-info-disc (214345)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/214345" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221014-0005/", + "url": "https://security.netapp.com/advisory/ntap-20221014-0005/" } ] } diff --git a/2021/39xxx/CVE-2021-39920.json b/2021/39xxx/CVE-2021-39920.json index 2b14869fc9d..243b8e648f4 100644 --- a/2021/39xxx/CVE-2021-39920.json +++ b/2021/39xxx/CVE-2021-39920.json @@ -73,6 +73,11 @@ "refsource": "DEBIAN", "name": "DSA-5019", "url": "https://www.debian.org/security/2021/dsa-5019" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-04", + "url": "https://security.gentoo.org/glsa/202210-04" } ] }, diff --git a/2021/39xxx/CVE-2021-39921.json b/2021/39xxx/CVE-2021-39921.json index 6b3302e3739..d42811c2fc5 100644 --- a/2021/39xxx/CVE-2021-39921.json +++ b/2021/39xxx/CVE-2021-39921.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2849-1] wireshark security update", "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-04", + "url": "https://security.gentoo.org/glsa/202210-04" } ] }, diff --git a/2021/39xxx/CVE-2021-39922.json b/2021/39xxx/CVE-2021-39922.json index 6c777d1723a..d7405de60e8 100644 --- a/2021/39xxx/CVE-2021-39922.json +++ b/2021/39xxx/CVE-2021-39922.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2849-1] wireshark security update", "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-04", + "url": "https://security.gentoo.org/glsa/202210-04" } ] }, diff --git a/2021/39xxx/CVE-2021-39924.json b/2021/39xxx/CVE-2021-39924.json index 7f0865044dc..ac53e447d51 100644 --- a/2021/39xxx/CVE-2021-39924.json +++ b/2021/39xxx/CVE-2021-39924.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2849-1] wireshark security update", "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-04", + "url": "https://security.gentoo.org/glsa/202210-04" } ] }, diff --git a/2021/39xxx/CVE-2021-39925.json b/2021/39xxx/CVE-2021-39925.json index 466231cec8e..7fb1f9b04e9 100644 --- a/2021/39xxx/CVE-2021-39925.json +++ b/2021/39xxx/CVE-2021-39925.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2849-1] wireshark security update", "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-04", + "url": "https://security.gentoo.org/glsa/202210-04" } ] }, diff --git a/2021/39xxx/CVE-2021-39926.json b/2021/39xxx/CVE-2021-39926.json index d76a573565f..178b57582a4 100644 --- a/2021/39xxx/CVE-2021-39926.json +++ b/2021/39xxx/CVE-2021-39926.json @@ -73,6 +73,11 @@ "refsource": "DEBIAN", "name": "DSA-5019", "url": "https://www.debian.org/security/2021/dsa-5019" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-04", + "url": "https://security.gentoo.org/glsa/202210-04" } ] }, diff --git a/2021/39xxx/CVE-2021-39928.json b/2021/39xxx/CVE-2021-39928.json index 2a4a4934815..9c7c7cb195b 100644 --- a/2021/39xxx/CVE-2021-39928.json +++ b/2021/39xxx/CVE-2021-39928.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2849-1] wireshark security update", "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-04", + "url": "https://security.gentoo.org/glsa/202210-04" } ] }, diff --git a/2021/39xxx/CVE-2021-39929.json b/2021/39xxx/CVE-2021-39929.json index d403b5224b6..1a06cfc0f58 100644 --- a/2021/39xxx/CVE-2021-39929.json +++ b/2021/39xxx/CVE-2021-39929.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2849-1] wireshark security update", "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-04", + "url": "https://security.gentoo.org/glsa/202210-04" } ] }, diff --git a/2021/3xxx/CVE-2021-3326.json b/2021/3xxx/CVE-2021-3326.json index 3032238bb0b..d7d6db5f809 100644 --- a/2021/3xxx/CVE-2021-3326.json +++ b/2021/3xxx/CVE-2021-3326.json @@ -86,6 +86,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2022.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html" } ] } diff --git a/2021/3xxx/CVE-2021-3427.json b/2021/3xxx/CVE-2021-3427.json index d9a3f5352c0..d5a4078063e 100644 --- a/2021/3xxx/CVE-2021-3427.json +++ b/2021/3xxx/CVE-2021-3427.json @@ -53,6 +53,11 @@ "refsource": "MISC", "name": "https://groups.google.com/g/deluge-dev/c/e5zh7wT0rEg", "url": "https://groups.google.com/g/deluge-dev/c/e5zh7wT0rEg" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-07", + "url": "https://security.gentoo.org/glsa/202210-07" } ] }, diff --git a/2021/3xxx/CVE-2021-3631.json b/2021/3xxx/CVE-2021-3631.json index 36ac01ca15b..b4b5fa452c3 100644 --- a/2021/3xxx/CVE-2021-3631.json +++ b/2021/3xxx/CVE-2021-3631.json @@ -68,6 +68,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20220331-0010/", "url": "https://security.netapp.com/advisory/ntap-20220331-0010/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-06", + "url": "https://security.gentoo.org/glsa/202210-06" } ] }, diff --git a/2021/3xxx/CVE-2021-3667.json b/2021/3xxx/CVE-2021-3667.json index 0631dd92350..7c9b6bd69c4 100644 --- a/2021/3xxx/CVE-2021-3667.json +++ b/2021/3xxx/CVE-2021-3667.json @@ -63,6 +63,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20220331-0005/", "url": "https://security.netapp.com/advisory/ntap-20220331-0005/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-06", + "url": "https://security.gentoo.org/glsa/202210-06" } ] }, diff --git a/2021/3xxx/CVE-2021-3711.json b/2021/3xxx/CVE-2021-3711.json index a88793177e4..f1f024fa315 100644 --- a/2021/3xxx/CVE-2021-3711.json +++ b/2021/3xxx/CVE-2021-3711.json @@ -141,6 +141,11 @@ "refsource": "GENTOO", "name": "GLSA-202209-02", "url": "https://security.gentoo.org/glsa/202209-02" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-02", + "url": "https://security.gentoo.org/glsa/202210-02" } ] } diff --git a/2021/3xxx/CVE-2021-3712.json b/2021/3xxx/CVE-2021-3712.json index ba00d936379..ea365bfc769 100644 --- a/2021/3xxx/CVE-2021-3712.json +++ b/2021/3xxx/CVE-2021-3712.json @@ -164,6 +164,11 @@ "refsource": "GENTOO", "name": "GLSA-202209-02", "url": "https://security.gentoo.org/glsa/202209-02" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-02", + "url": "https://security.gentoo.org/glsa/202210-02" } ] } diff --git a/2021/3xxx/CVE-2021-3807.json b/2021/3xxx/CVE-2021-3807.json index 408d5cf7625..b9fdd724edb 100644 --- a/2021/3xxx/CVE-2021-3807.json +++ b/2021/3xxx/CVE-2021-3807.json @@ -92,6 +92,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2022.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221014-0002/", + "url": "https://security.netapp.com/advisory/ntap-20221014-0002/" } ] }, diff --git a/2021/3xxx/CVE-2021-3999.json b/2021/3xxx/CVE-2021-3999.json index 22dc424e826..d364a8dbdb5 100644 --- a/2021/3xxx/CVE-2021-3999.json +++ b/2021/3xxx/CVE-2021-3999.json @@ -73,6 +73,11 @@ "refsource": "MISC", "name": "https://security-tracker.debian.org/tracker/CVE-2021-3999", "url": "https://security-tracker.debian.org/tracker/CVE-2021-3999" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html" } ] }, diff --git a/2021/40xxx/CVE-2021-40017.json b/2021/40xxx/CVE-2021-40017.json index c0b012ed0c4..663ec5f31dd 100644 --- a/2021/40xxx/CVE-2021-40017.json +++ b/2021/40xxx/CVE-2021-40017.json @@ -1,44 +1,38 @@ { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-40017", + "ASSIGNER": "psirt@huawei.com", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "HarmonyOS", + "product_name": "HarmonyOS;EMUI", "version": { "version_data": [ { - "version_affected": "=", - "version_value": "2.0" + "version_value": "HarmonyOS 2.0" + }, + { + "version_value": "EMUI 12.0.0,EMUI 11.0.1" } ] } } ] - }, - "vendor_name": "Huawei" + } } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The HW_KEYMASTER module lacks the validity check of the key format. Successful exploitation of this vulnerability may result in out-of-bounds memory access." - } - ] - }, "problemtype": { "problemtype_data": [ { @@ -54,9 +48,22 @@ "references": { "reference_data": [ { - "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202209-0000001392278845", "refsource": "MISC", - "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202209-0000001392278845" + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202209-0000001392278845", + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202209-0000001392278845" + }, + { + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/10/", + "url": "https://consumer.huawei.com/en/support/bulletin/2022/10/" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HW_KEYMASTER module lacks the validity check of the key format. Successful exploitation of this vulnerability may result in out-of-bounds memory access." } ] } diff --git a/2021/42xxx/CVE-2021-42574.json b/2021/42xxx/CVE-2021-42574.json index 05f27ffeeef..7fbfbaa8f50 100644 --- a/2021/42xxx/CVE-2021-42574.json +++ b/2021/42xxx/CVE-2021-42574.json @@ -136,6 +136,11 @@ "refsource": "MISC", "name": "https://www.starwindsoftware.com/security/sw-20220804-0002/", "url": "https://www.starwindsoftware.com/security/sw-20220804-0002/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-09", + "url": "https://security.gentoo.org/glsa/202210-09" } ] } diff --git a/2021/42xxx/CVE-2021-42694.json b/2021/42xxx/CVE-2021-42694.json index a41ca22bd8a..7dd6cbebd40 100644 --- a/2021/42xxx/CVE-2021-42694.json +++ b/2021/42xxx/CVE-2021-42694.json @@ -96,6 +96,11 @@ "refsource": "MISC", "name": "https://cwe.mitre.org/data/definitions/1007.html", "url": "https://cwe.mitre.org/data/definitions/1007.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-09", + "url": "https://security.gentoo.org/glsa/202210-09" } ] } diff --git a/2021/43xxx/CVE-2021-43466.json b/2021/43xxx/CVE-2021-43466.json index 2f63cf4f1b0..56f632596ae 100644 --- a/2021/43xxx/CVE-2021-43466.json +++ b/2021/43xxx/CVE-2021-43466.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://vuldb.com/?id.186365", "url": "https://vuldb.com/?id.186365" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221014-0001/", + "url": "https://security.netapp.com/advisory/ntap-20221014-0001/" } ] } diff --git a/2021/43xxx/CVE-2021-43618.json b/2021/43xxx/CVE-2021-43618.json index b486b04ea7d..47357d180a1 100644 --- a/2021/43xxx/CVE-2021-43618.json +++ b/2021/43xxx/CVE-2021-43618.json @@ -71,6 +71,16 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20211202 [SECURITY] [DLA 2837-1] gmp security update", "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00001.html" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221013 Re: sagemath denial of service with abort() in gmp: overflow in mpz type", + "url": "http://www.openwall.com/lists/oss-security/2022/10/13/3" + }, + { + "refsource": "FULLDISC", + "name": "20221016 Re: over 2000 packages depend on abort()ing libgmp", + "url": "http://seclists.org/fulldisclosure/2022/Oct/8" } ] } diff --git a/2021/45xxx/CVE-2021-45386.json b/2021/45xxx/CVE-2021-45386.json index 52079a67a00..450ac7d5c08 100644 --- a/2021/45xxx/CVE-2021-45386.json +++ b/2021/45xxx/CVE-2021-45386.json @@ -56,6 +56,11 @@ "url": "https://github.com/appneta/tcpreplay/issues/687", "refsource": "MISC", "name": "https://github.com/appneta/tcpreplay/issues/687" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-08", + "url": "https://security.gentoo.org/glsa/202210-08" } ] } diff --git a/2021/45xxx/CVE-2021-45387.json b/2021/45xxx/CVE-2021-45387.json index a7d6f3cd5c7..e533876799b 100644 --- a/2021/45xxx/CVE-2021-45387.json +++ b/2021/45xxx/CVE-2021-45387.json @@ -56,6 +56,11 @@ "url": "https://github.com/appneta/tcpreplay/issues/687", "refsource": "MISC", "name": "https://github.com/appneta/tcpreplay/issues/687" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-08", + "url": "https://security.gentoo.org/glsa/202210-08" } ] } diff --git a/2021/45xxx/CVE-2021-45948.json b/2021/45xxx/CVE-2021-45948.json index 9324842a9da..8c1c587345a 100644 --- a/2021/45xxx/CVE-2021-45948.json +++ b/2021/45xxx/CVE-2021-45948.json @@ -61,6 +61,11 @@ "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34416", "refsource": "MISC", "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34416" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-01", + "url": "https://security.gentoo.org/glsa/202210-01" } ] } diff --git a/2021/46xxx/CVE-2021-46839.json b/2021/46xxx/CVE-2021-46839.json index 9ada699a240..65c0aa7caae 100644 --- a/2021/46xxx/CVE-2021-46839.json +++ b/2021/46xxx/CVE-2021-46839.json @@ -1,17 +1,82 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-46839", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The HW_KEYMASTER module has a vulnerability of missing bounds check on length.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Lack of length check vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/10/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/10/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697" } ] } diff --git a/2021/46xxx/CVE-2021-46840.json b/2021/46xxx/CVE-2021-46840.json index 46c4e54c833..98ce137e852 100644 --- a/2021/46xxx/CVE-2021-46840.json +++ b/2021/46xxx/CVE-2021-46840.json @@ -1,17 +1,82 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-46840", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The HW_KEYMASTER module has an out-of-bounds access vulnerability in parameter set verification.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds access vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/10/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/10/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697" } ] } diff --git a/2021/4xxx/CVE-2021-4160.json b/2021/4xxx/CVE-2021-4160.json index 90873da2b4b..38b539bed8e 100644 --- a/2021/4xxx/CVE-2021-4160.json +++ b/2021/4xxx/CVE-2021-4160.json @@ -112,6 +112,11 @@ "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-02", + "url": "https://security.gentoo.org/glsa/202210-02" } ] } diff --git a/2021/4xxx/CVE-2021-4181.json b/2021/4xxx/CVE-2021-4181.json index c92ea7fbc90..d4067dead21 100644 --- a/2021/4xxx/CVE-2021-4181.json +++ b/2021/4xxx/CVE-2021-4181.json @@ -81,6 +81,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2022.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-04", + "url": "https://security.gentoo.org/glsa/202210-04" } ] }, diff --git a/2021/4xxx/CVE-2021-4182.json b/2021/4xxx/CVE-2021-4182.json index 19d69f032ed..509f8281e41 100644 --- a/2021/4xxx/CVE-2021-4182.json +++ b/2021/4xxx/CVE-2021-4182.json @@ -76,6 +76,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2022.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-04", + "url": "https://security.gentoo.org/glsa/202210-04" } ] }, diff --git a/2021/4xxx/CVE-2021-4183.json b/2021/4xxx/CVE-2021-4183.json index 64f43a1d963..0ce149006b7 100644 --- a/2021/4xxx/CVE-2021-4183.json +++ b/2021/4xxx/CVE-2021-4183.json @@ -73,6 +73,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2022.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-04", + "url": "https://security.gentoo.org/glsa/202210-04" } ] }, diff --git a/2021/4xxx/CVE-2021-4184.json b/2021/4xxx/CVE-2021-4184.json index 0abb6c4f9e2..ca64c92c0a1 100644 --- a/2021/4xxx/CVE-2021-4184.json +++ b/2021/4xxx/CVE-2021-4184.json @@ -81,6 +81,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2022.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-04", + "url": "https://security.gentoo.org/glsa/202210-04" } ] }, diff --git a/2021/4xxx/CVE-2021-4185.json b/2021/4xxx/CVE-2021-4185.json index 1b6cbb2560f..5e0a85540ba 100644 --- a/2021/4xxx/CVE-2021-4185.json +++ b/2021/4xxx/CVE-2021-4185.json @@ -81,6 +81,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2022.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-04", + "url": "https://security.gentoo.org/glsa/202210-04" } ] }, diff --git a/2021/4xxx/CVE-2021-4186.json b/2021/4xxx/CVE-2021-4186.json index b07f9544f66..ddf27946307 100644 --- a/2021/4xxx/CVE-2021-4186.json +++ b/2021/4xxx/CVE-2021-4186.json @@ -78,6 +78,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-48b86d586f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-04", + "url": "https://security.gentoo.org/glsa/202210-04" } ] }, diff --git a/2021/4xxx/CVE-2021-4190.json b/2021/4xxx/CVE-2021-4190.json index 6ec424d9098..4246c3689f6 100644 --- a/2021/4xxx/CVE-2021-4190.json +++ b/2021/4xxx/CVE-2021-4190.json @@ -68,6 +68,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-30411cb3c4", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q6XGBKWSQFCVYUN4ZK3O3NJIFP3OAFVT/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-04", + "url": "https://security.gentoo.org/glsa/202210-04" } ] }, diff --git a/2022/0xxx/CVE-2022-0135.json b/2022/0xxx/CVE-2022-0135.json index 92039bd90af..a01efe47a7c 100644 --- a/2022/0xxx/CVE-2022-0135.json +++ b/2022/0xxx/CVE-2022-0135.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2037790", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2037790" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-05", + "url": "https://security.gentoo.org/glsa/202210-05" } ] }, diff --git a/2022/0xxx/CVE-2022-0175.json b/2022/0xxx/CVE-2022-0175.json index b6237229c6e..dd2300372ed 100644 --- a/2022/0xxx/CVE-2022-0175.json +++ b/2022/0xxx/CVE-2022-0175.json @@ -68,6 +68,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/security/cve/CVE-2022-0175", "url": "https://access.redhat.com/security/cve/CVE-2022-0175" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-05", + "url": "https://security.gentoo.org/glsa/202210-05" } ] }, diff --git a/2022/0xxx/CVE-2022-0581.json b/2022/0xxx/CVE-2022-0581.json index c873b5ef487..48dfaeb7990 100644 --- a/2022/0xxx/CVE-2022-0581.json +++ b/2022/0xxx/CVE-2022-0581.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20220331 [SECURITY] [DLA 2967-1] wireshark security update", "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00041.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-04", + "url": "https://security.gentoo.org/glsa/202210-04" } ] }, diff --git a/2022/0xxx/CVE-2022-0582.json b/2022/0xxx/CVE-2022-0582.json index d3b853c484a..fa2d43db283 100644 --- a/2022/0xxx/CVE-2022-0582.json +++ b/2022/0xxx/CVE-2022-0582.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20220331 [SECURITY] [DLA 2967-1] wireshark security update", "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00041.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-04", + "url": "https://security.gentoo.org/glsa/202210-04" } ] }, diff --git a/2022/0xxx/CVE-2022-0583.json b/2022/0xxx/CVE-2022-0583.json index 55aa4187eec..e702846c6dd 100644 --- a/2022/0xxx/CVE-2022-0583.json +++ b/2022/0xxx/CVE-2022-0583.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20220331 [SECURITY] [DLA 2967-1] wireshark security update", "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00041.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-04", + "url": "https://security.gentoo.org/glsa/202210-04" } ] }, diff --git a/2022/0xxx/CVE-2022-0585.json b/2022/0xxx/CVE-2022-0585.json index 67187b47513..f2874db27c2 100644 --- a/2022/0xxx/CVE-2022-0585.json +++ b/2022/0xxx/CVE-2022-0585.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20220331 [SECURITY] [DLA 2967-1] wireshark security update", "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00041.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-04", + "url": "https://security.gentoo.org/glsa/202210-04" } ] }, diff --git a/2022/0xxx/CVE-2022-0586.json b/2022/0xxx/CVE-2022-0586.json index fa60a6c6827..0e6718bf90b 100644 --- a/2022/0xxx/CVE-2022-0586.json +++ b/2022/0xxx/CVE-2022-0586.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20220331 [SECURITY] [DLA 2967-1] wireshark security update", "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00041.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-04", + "url": "https://security.gentoo.org/glsa/202210-04" } ] }, diff --git a/2022/0xxx/CVE-2022-0699.json b/2022/0xxx/CVE-2022-0699.json index b4e23c8b031..d2742eca257 100644 --- a/2022/0xxx/CVE-2022-0699.json +++ b/2022/0xxx/CVE-2022-0699.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-0699", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "patrick@puiterwijk.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "shapelib", + "version": { + "version_data": [ + { + "version_value": "shapelib 1.5.0 and older releases" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/OSGeo/shapelib/issues/39", + "url": "https://github.com/OSGeo/shapelib/issues/39" + }, + { + "refsource": "MISC", + "name": "https://github.com/OSGeo/shapelib/commit/c75b9281a5b9452d92e1682bdfe6019a13ed819f", + "url": "https://github.com/OSGeo/shapelib/commit/c75b9281a5b9452d92e1682bdfe6019a13ed819f" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have other unspecified impact via control over malloc." } ] } diff --git a/2022/0xxx/CVE-2022-0778.json b/2022/0xxx/CVE-2022-0778.json index 9d66b4c3f5e..aaefa71ab6a 100644 --- a/2022/0xxx/CVE-2022-0778.json +++ b/2022/0xxx/CVE-2022-0778.json @@ -207,6 +207,11 @@ "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-02", + "url": "https://security.gentoo.org/glsa/202210-02" } ] } diff --git a/2022/0xxx/CVE-2022-0897.json b/2022/0xxx/CVE-2022-0897.json index cdfa4a8e1ba..78685241840 100644 --- a/2022/0xxx/CVE-2022-0897.json +++ b/2022/0xxx/CVE-2022-0897.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2063883", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063883" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-06", + "url": "https://security.gentoo.org/glsa/202210-06" } ] }, diff --git a/2022/1xxx/CVE-2022-1259.json b/2022/1xxx/CVE-2022-1259.json index 74a6a272e73..74d8144ba60 100644 --- a/2022/1xxx/CVE-2022-1259.json +++ b/2022/1xxx/CVE-2022-1259.json @@ -53,6 +53,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/security/cve/CVE-2022-1259", "url": "https://access.redhat.com/security/cve/CVE-2022-1259" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221014-0006/", + "url": "https://security.netapp.com/advisory/ntap-20221014-0006/" } ] }, diff --git a/2022/1xxx/CVE-2022-1292.json b/2022/1xxx/CVE-2022-1292.json index d9f496f6cc5..079c9b82560 100644 --- a/2022/1xxx/CVE-2022-1292.json +++ b/2022/1xxx/CVE-2022-1292.json @@ -132,6 +132,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20220729-0004/", "url": "https://security.netapp.com/advisory/ntap-20220729-0004/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-02", + "url": "https://security.gentoo.org/glsa/202210-02" } ] } diff --git a/2022/1xxx/CVE-2022-1319.json b/2022/1xxx/CVE-2022-1319.json index bcb707d4072..60af7c71ef5 100644 --- a/2022/1xxx/CVE-2022-1319.json +++ b/2022/1xxx/CVE-2022-1319.json @@ -68,6 +68,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/security/cve/CVE-2022-1319", "url": "https://access.redhat.com/security/cve/CVE-2022-1319" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221014-0006/", + "url": "https://security.netapp.com/advisory/ntap-20221014-0006/" } ] }, diff --git a/2022/1xxx/CVE-2022-1354.json b/2022/1xxx/CVE-2022-1354.json index b4883ecdfae..733efeef447 100644 --- a/2022/1xxx/CVE-2022-1354.json +++ b/2022/1xxx/CVE-2022-1354.json @@ -63,6 +63,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/security/cve/CVE-2022-1354", "url": "https://access.redhat.com/security/cve/CVE-2022-1354" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221014-0007/", + "url": "https://security.netapp.com/advisory/ntap-20221014-0007/" } ] }, diff --git a/2022/1xxx/CVE-2022-1355.json b/2022/1xxx/CVE-2022-1355.json index eed62c5ea21..1e329cb4696 100644 --- a/2022/1xxx/CVE-2022-1355.json +++ b/2022/1xxx/CVE-2022-1355.json @@ -63,6 +63,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/security/cve/CVE-2022-1355", "url": "https://access.redhat.com/security/cve/CVE-2022-1355" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221014-0007/", + "url": "https://security.netapp.com/advisory/ntap-20221014-0007/" } ] }, diff --git a/2022/1xxx/CVE-2022-1473.json b/2022/1xxx/CVE-2022-1473.json index 42b67924186..17f6068a5c5 100644 --- a/2022/1xxx/CVE-2022-1473.json +++ b/2022/1xxx/CVE-2022-1473.json @@ -81,6 +81,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20220602-0009/", "url": "https://security.netapp.com/advisory/ntap-20220602-0009/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-02", + "url": "https://security.gentoo.org/glsa/202210-02" } ] } diff --git a/2022/20xxx/CVE-2022-20231.json b/2022/20xxx/CVE-2022-20231.json index a8fcbfc26a0..f0b7a950b2b 100644 --- a/2022/20xxx/CVE-2022-20231.json +++ b/2022/20xxx/CVE-2022-20231.json @@ -46,8 +46,8 @@ "reference_data": [ { "refsource": "MISC", - "name": "https://source.android.com/security/bulletin/pixel/2022-09-01", - "url": "https://source.android.com/security/bulletin/pixel/2022-09-01" + "name": "https://source.android.com/security/bulletin/pixel/2022-10-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-10-01" } ] }, diff --git a/2022/20xxx/CVE-2022-20364.json b/2022/20xxx/CVE-2022-20364.json index 11944d177cf..ce1dd23eb5c 100644 --- a/2022/20xxx/CVE-2022-20364.json +++ b/2022/20xxx/CVE-2022-20364.json @@ -46,8 +46,8 @@ "reference_data": [ { "refsource": "MISC", - "name": "https://source.android.com/security/bulletin/pixel/2022-09-01", - "url": "https://source.android.com/security/bulletin/pixel/2022-09-01" + "name": "https://source.android.com/security/bulletin/pixel/2022-10-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-10-01" } ] }, diff --git a/2022/20xxx/CVE-2022-20397.json b/2022/20xxx/CVE-2022-20397.json index d30aae9b67a..08e1014e39f 100644 --- a/2022/20xxx/CVE-2022-20397.json +++ b/2022/20xxx/CVE-2022-20397.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20397", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-10-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-10-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In SitRilClient_OnResponse of SitRilSe.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223086933References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20464.json b/2022/20xxx/CVE-2022-20464.json index 534b2308238..d8cfd9327de 100644 --- a/2022/20xxx/CVE-2022-20464.json +++ b/2022/20xxx/CVE-2022-20464.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20464", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-10-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-10-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In various functions of ap_input_processor.c, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-236042696References: N/A" } ] } diff --git a/2022/21xxx/CVE-2022-21658.json b/2022/21xxx/CVE-2022-21658.json index abd36edfb9b..2428c6e5685 100644 --- a/2022/21xxx/CVE-2022-21658.json +++ b/2022/21xxx/CVE-2022-21658.json @@ -146,6 +146,11 @@ "refsource": "CONFIRM", "name": "https://support.apple.com/kb/HT213193", "url": "https://support.apple.com/kb/HT213193" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-09", + "url": "https://security.gentoo.org/glsa/202210-09" } ] }, diff --git a/2022/21xxx/CVE-2022-21944.json b/2022/21xxx/CVE-2022-21944.json index 59c2fac42a4..41cadc5171f 100644 --- a/2022/21xxx/CVE-2022-21944.json +++ b/2022/21xxx/CVE-2022-21944.json @@ -85,7 +85,7 @@ "description": [ { "lang": "eng", - "value": "CWE-61: UNIX Symbolic Link (Symlink) Following" + "value": "CWE-59: Improper Link Resolution Before File Access ('Link Following')" } ] } @@ -107,4 +107,4 @@ ], "discovery": "INTERNAL" } -} \ No newline at end of file +} diff --git a/2022/22xxx/CVE-2022-22128.json b/2022/22xxx/CVE-2022-22128.json index 99d41f55532..4d571a797c4 100644 --- a/2022/22xxx/CVE-2022-22128.json +++ b/2022/22xxx/CVE-2022-22128.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22128", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@salesforce.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Tableau Server", + "version": { + "version_data": [ + { + "version_value": "2022.1 - 2022.1.42021.4 - 2021.4.92021.3 - 2021.3.142021.2 - 2021.2.152021.1 - 2021.1.172020.4 - 2020.4.20" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://help.salesforce.com/s/articleView?id=000367027&type=1", + "url": "https://help.salesforce.com/s/articleView?id=000367027&type=1" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tableau discovered a path traversal vulnerability affecting Tableau Server Administration Agent\u2019s internal file transfer service that could allow remote code execution.Tableau only supports product versions for 24 months after release. Older versions have reached their End of Life and are no longer supported. They are also not assessed for potential security issues and do not receive security updates." } ] } diff --git a/2022/22xxx/CVE-2022-22818.json b/2022/22xxx/CVE-2022-22818.json index 0eaca8d96ab..2b0e6cb7cc3 100644 --- a/2022/22xxx/CVE-2022-22818.json +++ b/2022/22xxx/CVE-2022-22818.json @@ -76,6 +76,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20220221-0003/", "url": "https://security.netapp.com/advisory/ntap-20220221-0003/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5254", + "url": "https://www.debian.org/security/2022/dsa-5254" } ] } diff --git a/2022/22xxx/CVE-2022-22947.json b/2022/22xxx/CVE-2022-22947.json index 295909507b0..cfe09c53784 100644 --- a/2022/22xxx/CVE-2022-22947.json +++ b/2022/22xxx/CVE-2022-22947.json @@ -63,6 +63,11 @@ "url": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujul2022.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/168742/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/168742/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.html" } ] }, diff --git a/2022/23xxx/CVE-2022-23218.json b/2022/23xxx/CVE-2022-23218.json index 92aa624ad17..12b5e7ef4b6 100644 --- a/2022/23xxx/CVE-2022-23218.json +++ b/2022/23xxx/CVE-2022-23218.json @@ -66,6 +66,11 @@ "refsource": "GENTOO", "name": "GLSA-202208-24", "url": "https://security.gentoo.org/glsa/202208-24" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html" } ] } diff --git a/2022/23xxx/CVE-2022-23219.json b/2022/23xxx/CVE-2022-23219.json index f60fa04e455..0561d8b1793 100644 --- a/2022/23xxx/CVE-2022-23219.json +++ b/2022/23xxx/CVE-2022-23219.json @@ -66,6 +66,11 @@ "refsource": "GENTOO", "name": "GLSA-202208-24", "url": "https://security.gentoo.org/glsa/202208-24" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html" } ] } diff --git a/2022/23xxx/CVE-2022-23308.json b/2022/23xxx/CVE-2022-23308.json index 1c28e30da48..be7f40f1438 100644 --- a/2022/23xxx/CVE-2022-23308.json +++ b/2022/23xxx/CVE-2022-23308.json @@ -141,6 +141,11 @@ "refsource": "CONFIRM", "name": "https://support.apple.com/kb/HT213254", "url": "https://support.apple.com/kb/HT213254" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-03", + "url": "https://security.gentoo.org/glsa/202210-03" } ] } diff --git a/2022/23xxx/CVE-2022-23769.json b/2022/23xxx/CVE-2022-23769.json index dcf3b4cfc43..cc52cd374b3 100644 --- a/2022/23xxx/CVE-2022-23769.json +++ b/2022/23xxx/CVE-2022-23769.json @@ -1,18 +1,87 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "vuln@krcert.or.kr", "ID": "CVE-2022-23769", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Secuever reverseWall-MDS Remote Code Execution Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "reverseWall-MDS", + "version": { + "version_data": [ + { + "platform": "Windows", + "version_affected": "<=", + "version_value": "3.8 A007" + } + ] + } + } + ] + }, + "vendor_name": "Secuever Co.,Ltd" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Remote code execution vulnerability due to insufficient user privilege verification in reverseWall-MDS. Remote attackers can exploit the vulnerability such as stealing account, through remote code execution." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287 Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66962", + "name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66962" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/23xxx/CVE-2022-23770.json b/2022/23xxx/CVE-2022-23770.json index f0437128167..18adbe7b5c8 100644 --- a/2022/23xxx/CVE-2022-23770.json +++ b/2022/23xxx/CVE-2022-23770.json @@ -1,18 +1,87 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "vuln@krcert.or.kr", "ID": "CVE-2022-23770", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WISA Smart Wing CMS Remote Command Execution Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Smart Wing CMS", + "version": { + "version_data": [ + { + "platform": "Linux", + "version_affected": "<", + "version_value": "ver.19051" + } + ] + } + } + ] + }, + "vendor_name": "WISA corp." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This vulnerability could allow a remote attacker to execute remote commands with improper validation of parameters of certain API constructors. Remote attackers could use this vulnerability to execute malicious commands such as directory traversal." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66963", + "name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66963" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/23xxx/CVE-2022-23771.json b/2022/23xxx/CVE-2022-23771.json index 21e86b2c3bb..9f439c20fc0 100644 --- a/2022/23xxx/CVE-2022-23771.json +++ b/2022/23xxx/CVE-2022-23771.json @@ -1,18 +1,87 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "vuln@krcert.or.kr", "ID": "CVE-2022-23771", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "IPTIME NAS1DUAL CSRF Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NAS1dual, NAS2dual, NAS4dual", + "version": { + "version_data": [ + { + "platform": "Linux, Windows and etc..", + "version_affected": "<", + "version_value": "1.4.86" + } + ] + } + } + ] + }, + "vendor_name": "EFM Networks Co., Ltd" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This vulnerability occurs in user accounts creation and deleteion related pages of IPTIME NAS products. The vulnerability could be exploited by a lack of validation when a POST request is made to this page. An attacker can use this vulnerability to or delete user accounts, or to escalate arbitrary user privileges." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66964", + "name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66964" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/23xxx/CVE-2022-23833.json b/2022/23xxx/CVE-2022-23833.json index c9bf2eb4ce8..e1fae756ad3 100644 --- a/2022/23xxx/CVE-2022-23833.json +++ b/2022/23xxx/CVE-2022-23833.json @@ -76,6 +76,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20220221-0003/", "url": "https://security.netapp.com/advisory/ntap-20220221-0003/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5254", + "url": "https://www.debian.org/security/2022/dsa-5254" } ] } diff --git a/2022/24xxx/CVE-2022-24697.json b/2022/24xxx/CVE-2022-24697.json index cf285a620dc..4deae1957df 100644 --- a/2022/24xxx/CVE-2022-24697.json +++ b/2022/24xxx/CVE-2022-24697.json @@ -1,18 +1,98 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@apache.org", "ID": "CVE-2022-24697", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Apache Kylin prior to 4.0.2 allows command injection when the configuration overwrites function overwrites system parameters" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Kylin", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Apache Kylin 2", + "version_value": "2.6.6" + }, + { + "version_affected": "<=", + "version_name": "Apache Kylin 3", + "version_value": "3.1.2" + }, + { + "version_affected": "<=", + "version_name": "Apache Kylin 4", + "version_value": "4.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Kylin Team would like to thanks Kai Zhao of ToTU Secruity Team." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of \u201c-- conf=\u201d to inject any operating system command into the command line parameters. This vulnerability affects Kylin 2 version 2.6.5 and earlier, Kylin 3 version 3.1.2 and earlier, and Kylin 4 version 4.0.1 and earlier." } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": [ + { + "other": "important" + } + ], + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://lists.apache.org/thread/07mnn9c7o314wrhrwjr10w9j5s82voj4", + "name": "https://lists.apache.org/thread/07mnn9c7o314wrhrwjr10w9j5s82voj4" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + }, + "work_around": [ + { + "lang": "eng", + "value": "Users of Kylin 2.x & Kylin 3.x & 4.x should upgrade to 4.0.2 or apply patch https://github.com/apache/kylin/pull/1811 ." + } + ] } \ No newline at end of file diff --git a/2022/26xxx/CVE-2022-26375.json b/2022/26xxx/CVE-2022-26375.json index 31db37e30a0..78cbc1ea0fb 100644 --- a/2022/26xxx/CVE-2022-26375.json +++ b/2022/26xxx/CVE-2022-26375.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-10-12T16:31:00.000Z", "ID": "CVE-2022-26375", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress AB Press Optimizer plugin <= 1.1.1 - Auth. Stored Cross-Site Scripting (XSS) vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AB Press Optimizer (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 1.1.1", + "version_value": "1.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Mammothology" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by ptsfence (Patchstack Alliance)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mammothology AB Press Optimizer plugin <= 1.1.1 on WordPress." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://patchstack.com/database/vulnerability/ab-press-optimizer-lite/wordpress-ab-press-optimizer-plugin-1-1-1-auth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/ab-press-optimizer-lite/wordpress-ab-press-optimizer-plugin-1-1-1-auth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + }, + { + "name": "https://wordpress.org/plugins/ab-press-optimizer-lite/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/ab-press-optimizer-lite/" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/27xxx/CVE-2022-27416.json b/2022/27xxx/CVE-2022-27416.json index bc856cb496f..0e4de187b6d 100644 --- a/2022/27xxx/CVE-2022-27416.json +++ b/2022/27xxx/CVE-2022-27416.json @@ -56,6 +56,11 @@ "url": "https://github.com/appneta/tcpreplay/issues/702", "refsource": "MISC", "name": "https://github.com/appneta/tcpreplay/issues/702" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-08", + "url": "https://security.gentoo.org/glsa/202210-08" } ] } diff --git a/2022/27xxx/CVE-2022-27418.json b/2022/27xxx/CVE-2022-27418.json index 76cc699f6de..abdf6008c13 100644 --- a/2022/27xxx/CVE-2022-27418.json +++ b/2022/27xxx/CVE-2022-27418.json @@ -56,6 +56,11 @@ "url": "https://github.com/appneta/tcpreplay/issues/703", "refsource": "MISC", "name": "https://github.com/appneta/tcpreplay/issues/703" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-08", + "url": "https://security.gentoo.org/glsa/202210-08" } ] } diff --git a/2022/27xxx/CVE-2022-27939.json b/2022/27xxx/CVE-2022-27939.json index 878b10cdec6..7768614fb47 100644 --- a/2022/27xxx/CVE-2022-27939.json +++ b/2022/27xxx/CVE-2022-27939.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-d31a521866", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWRZO7BG6DHA5NAC3COB45WFXLYRIERC/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-08", + "url": "https://security.gentoo.org/glsa/202210-08" } ] } diff --git a/2022/27xxx/CVE-2022-27940.json b/2022/27xxx/CVE-2022-27940.json index 5cd6086a383..d4c10d9a183 100644 --- a/2022/27xxx/CVE-2022-27940.json +++ b/2022/27xxx/CVE-2022-27940.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-d31a521866", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWRZO7BG6DHA5NAC3COB45WFXLYRIERC/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-08", + "url": "https://security.gentoo.org/glsa/202210-08" } ] } diff --git a/2022/27xxx/CVE-2022-27941.json b/2022/27xxx/CVE-2022-27941.json index f73e30b8f13..e419bed633b 100644 --- a/2022/27xxx/CVE-2022-27941.json +++ b/2022/27xxx/CVE-2022-27941.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-d31a521866", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWRZO7BG6DHA5NAC3COB45WFXLYRIERC/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-08", + "url": "https://security.gentoo.org/glsa/202210-08" } ] } diff --git a/2022/27xxx/CVE-2022-27942.json b/2022/27xxx/CVE-2022-27942.json index c7910454efb..f6cb7c12e5a 100644 --- a/2022/27xxx/CVE-2022-27942.json +++ b/2022/27xxx/CVE-2022-27942.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-d31a521866", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWRZO7BG6DHA5NAC3COB45WFXLYRIERC/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-08", + "url": "https://security.gentoo.org/glsa/202210-08" } ] } diff --git a/2022/28xxx/CVE-2022-28291.json b/2022/28xxx/CVE-2022-28291.json index 80decdfbc17..82f25d315eb 100644 --- a/2022/28xxx/CVE-2022-28291.json +++ b/2022/28xxx/CVE-2022-28291.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-28291", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "disclose@cybersecurityworks.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Nessus Professional ", + "version": { + "version_data": [ + { + "version_value": "Version 10.1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-522" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://cybersecurityworks.com/blog/zero-days/csw-expert-discovers-a-zero-day-vulnerability-in-tenables-nessus-scanner.html", + "url": "https://cybersecurityworks.com/blog/zero-days/csw-expert-discovers-a-zero-day-vulnerability-in-tenables-nessus-scanner.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the \u201cnessusd\u201d process in cleartext via process dumping. The affected products are all versions of Nessus Essentials and Professional. The vulnerability allows an attacker to access credentials stored in Nessus scanners, potentially compromising its customers\u2019 network of assets." } ] } diff --git a/2022/28xxx/CVE-2022-28346.json b/2022/28xxx/CVE-2022-28346.json index 1ca43eac281..18b5b2518da 100644 --- a/2022/28xxx/CVE-2022-28346.json +++ b/2022/28xxx/CVE-2022-28346.json @@ -81,6 +81,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20220609-0002/", "url": "https://security.netapp.com/advisory/ntap-20220609-0002/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5254", + "url": "https://www.debian.org/security/2022/dsa-5254" } ] } diff --git a/2022/28xxx/CVE-2022-28347.json b/2022/28xxx/CVE-2022-28347.json index efb3ddac029..e5a2c8d69e1 100644 --- a/2022/28xxx/CVE-2022-28347.json +++ b/2022/28xxx/CVE-2022-28347.json @@ -71,6 +71,11 @@ "refsource": "MISC", "name": "https://www.djangoproject.com/weblog/2022/apr/11/security-releases/", "url": "https://www.djangoproject.com/weblog/2022/apr/11/security-releases/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5254", + "url": "https://www.debian.org/security/2022/dsa-5254" } ] } diff --git a/2022/28xxx/CVE-2022-28487.json b/2022/28xxx/CVE-2022-28487.json index 17f56225f76..51fcd101918 100644 --- a/2022/28xxx/CVE-2022-28487.json +++ b/2022/28xxx/CVE-2022-28487.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-d31a521866", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWRZO7BG6DHA5NAC3COB45WFXLYRIERC/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-08", + "url": "https://security.gentoo.org/glsa/202210-08" } ] } diff --git a/2022/28xxx/CVE-2022-28697.json b/2022/28xxx/CVE-2022-28697.json index 6e5afe321a3..b1e964d50b9 100644 --- a/2022/28xxx/CVE-2022-28697.json +++ b/2022/28xxx/CVE-2022-28697.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00709.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00709.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221014-0004/", + "url": "https://security.netapp.com/advisory/ntap-20221014-0004/" } ] }, diff --git a/2022/28xxx/CVE-2022-28759.json b/2022/28xxx/CVE-2022-28759.json index 11efae9d3d7..e78cb132153 100644 --- a/2022/28xxx/CVE-2022-28759.json +++ b/2022/28xxx/CVE-2022-28759.json @@ -1,18 +1,87 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@zoom.us", + "DATE_PUBLIC": "2022-09-13", "ID": "CVE-2022-28759", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Zoom On-Premise Deployments: Improper Access Control" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Zoom On-Premise Meeting Connector MMR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "4.8.20220815.130" + } + ] + } + } + ] + }, + "vendor_name": "Zoom Video Communications Inc" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://explore.zoom.us/en/trust/security/security-bulletin/", + "name": "https://explore.zoom.us/en/trust/security/security-bulletin/" + } + ] + }, + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2022/28xxx/CVE-2022-28760.json b/2022/28xxx/CVE-2022-28760.json index 910f71754d9..5d6c366fc34 100644 --- a/2022/28xxx/CVE-2022-28760.json +++ b/2022/28xxx/CVE-2022-28760.json @@ -1,18 +1,87 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@zoom.us", + "DATE_PUBLIC": "2022-09-13", "ID": "CVE-2022-28760", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Zoom On-Premise Deployments: Improper Access Control" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Zoom On-Premise Meeting Connector MMR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "4.8.20220815.130" + } + ] + } + } + ] + }, + "vendor_name": "Zoom Video Communications Inc" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://explore.zoom.us/en/trust/security/security-bulletin/", + "name": "https://explore.zoom.us/en/trust/security/security-bulletin/" + } + ] + }, + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2022/28xxx/CVE-2022-28761.json b/2022/28xxx/CVE-2022-28761.json index d7118f2fbf4..25ddfb7b6f0 100644 --- a/2022/28xxx/CVE-2022-28761.json +++ b/2022/28xxx/CVE-2022-28761.json @@ -1,18 +1,87 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@zoom.us", + "DATE_PUBLIC": "2022-10-11", "ID": "CVE-2022-28761", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Zoom On-Premise Deployments: Improper Access Control" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Zoom On-Premise Meeting Connector MMR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "4.8.20220916.131" + } + ] + } + } + ] + }, + "vendor_name": "Zoom Video Communications Inc" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zoom On-Premise Meeting Connector MMR before version 4.8.20220916.131 contains an improper access control vulnerability. As a result, a malicious actor in a meeting or webinar they are authorized to join could prevent participants from receiving audio and video causing meeting disruptions." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://explore.zoom.us/en/trust/security/security-bulletin/", + "name": "https://explore.zoom.us/en/trust/security/security-bulletin/" + } + ] + }, + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2022/28xxx/CVE-2022-28762.json b/2022/28xxx/CVE-2022-28762.json index f8b6f014b87..74f5cd97e92 100644 --- a/2022/28xxx/CVE-2022-28762.json +++ b/2022/28xxx/CVE-2022-28762.json @@ -1,18 +1,91 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@zoom.us", + "DATE_PUBLIC": "2022-10-11", "ID": "CVE-2022-28762", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Debugging port misconfiguration in Zoom Apps in the Zoom Client for Meetings for macOS" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Zoom Client for Meetings for MacOS", + "version": { + "version_data": [ + { + "version_affected": ">", + "version_value": "5.10.6" + }, + { + "version_affected": "<", + "version_value": "5.12.0" + } + ] + } + } + ] + }, + "vendor_name": "Zoom Video Communications Inc" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0 contains a debugging port misconfiguration. When camera mode rendering context is enabled as part of the Zoom App Layers API by running certain Zoom Apps, a local debugging port is opened by the Zoom client. A local malicious user could use this debugging port to connect to and control the Zoom Apps running in the Zoom client." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-16 Misconfiguration" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://explore.zoom.us/en/trust/security/security-bulletin/", + "name": "https://explore.zoom.us/en/trust/security/security-bulletin/" + } + ] + }, + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2022/29xxx/CVE-2022-29824.json b/2022/29xxx/CVE-2022-29824.json index ea7ae43aed1..5abfc329d18 100644 --- a/2022/29xxx/CVE-2022-29824.json +++ b/2022/29xxx/CVE-2022-29824.json @@ -111,6 +111,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20220715-0006/", "url": "https://security.netapp.com/advisory/ntap-20220715-0006/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-03", + "url": "https://security.gentoo.org/glsa/202210-03" } ] } diff --git a/2022/2xxx/CVE-2022-2052.json b/2022/2xxx/CVE-2022-2052.json index 32d4a9c35b7..0c8f9554c15 100644 --- a/2022/2xxx/CVE-2022-2052.json +++ b/2022/2xxx/CVE-2022-2052.json @@ -1,18 +1,146 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "info@cert.vde.com", + "DATE_PUBLIC": "2022-10-17T08:00:00.000Z", "ID": "CVE-2022-2052", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "TRUMPF TruTops default user accounts vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TruTops Monitor", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All Versions" + } + ] + } + }, + { + "product_name": "TruTops Fab", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All Versions" + } + ] + } + }, + { + "product_name": "Oseon", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "1.6" + } + ] + } + }, + { + "product_name": "Job Order Interface", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All Versions" + } + ] + } + }, + { + "product_name": "TruTops Boost with option Inventory of sheets and remainder sheets", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All Versions" + } + ] + } + }, + { + "product_name": "TruTops Boost with option Graphic separation of cut parts", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All Versions" + } + ] + } + } + ] + }, + "vendor_name": "TRUMPF Werkzeugmaschinen SE + Co. KG" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords. An adversary may use these accounts to remotely gain full access to the system." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://cert.vde.com/en/advisories/VDE-2022-023/", + "refsource": "CONFIRM", + "url": "https://cert.vde.com/en/advisories/VDE-2022-023/" + } + ] + }, + "source": { + "advisory": "VDE-2022-023", + "defect": [ + "CERT@VDE#64131" + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2097.json b/2022/2xxx/CVE-2022-2097.json index ca848a9c979..477cdcc5028 100644 --- a/2022/2xxx/CVE-2022-2097.json +++ b/2022/2xxx/CVE-2022-2097.json @@ -104,6 +104,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-41890e9e44", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-02", + "url": "https://security.gentoo.org/glsa/202210-02" } ] } diff --git a/2022/2xxx/CVE-2022-2428.json b/2022/2xxx/CVE-2022-2428.json index ed682f23a34..5f32c944889 100644 --- a/2022/2xxx/CVE-2022-2428.json +++ b/2022/2xxx/CVE-2022-2428.json @@ -4,15 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2428", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=15.0, <15.1.6" + }, + { + "version_value": ">=15.2, <15.2.4" + }, + { + "version_value": ">=15.3, <15.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper neutralization of input during web page generation ('cross-site scripting') in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/362272", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/362272", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/1563379", + "url": "https://hackerone.com/reports/1563379", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2428.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2428.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting all versions before 15.1.6, 15.2 to 15.2.4, and 15.3 to 15.3.2 allows an attacker to issue arbitrary HTTP requests" } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N", + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks [yvvdwf](https://hackerone.com/yvvdwf) for reporting this vulnerability through our HackerOne bug bounty program" + } + ] } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2455.json b/2022/2xxx/CVE-2022-2455.json index 1aac81f8496..82627190ceb 100644 --- a/2022/2xxx/CVE-2022-2455.json +++ b/2022/2xxx/CVE-2022-2455.json @@ -4,15 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2455", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=10.0, <15.1.6" + }, + { + "version_value": ">=15.2, <15.2.4" + }, + { + "version_value": ">=15.3, <15.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Uncontrolled resource consumption in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/359964", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/359964", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/1542230", + "url": "https://hackerone.com/reports/1542230", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2455.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2455.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A business logic issue in the handling of large repositories in all versions of GitLab CE/EE from 10.0 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2 allowed an authenticated and authorized user to exhaust server resources by importing a malicious project." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks [0xn3va](https://hackerone.com/0xn3va) for reporting this vulnerability through our HackerOne bug bounty program" + } + ] } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2527.json b/2022/2xxx/CVE-2022-2527.json index cc5a15fe952..3a30ff9c263 100644 --- a/2022/2xxx/CVE-2022-2527.json +++ b/2022/2xxx/CVE-2022-2527.json @@ -4,15 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2527", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=15.3, <15.3.2" + }, + { + "version_value": ">=15.2, <15.2.4" + }, + { + "version_value": ">=14.9, <15.1.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper neutralization of input during web page generation ('cross-site scripting') in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/368676", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/368676", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/1647446", + "url": "https://hackerone.com/reports/1647446", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2527.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2527.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in Incident Timelines has been discovered in GitLab CE/EE affecting all versions starting from 14.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2.which allowed an authenticated attacker to inject arbitrary content. A victim interacting with this content could lead to arbitrary requests." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1", + "baseScore": 7.2, + "baseSeverity": "HIGH" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks [yvvdwf](https://hackerone.com/yvvdwf) for reporting this vulnerability through our HackerOne bug bounty program" + } + ] } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2533.json b/2022/2xxx/CVE-2022-2533.json index 891767ba675..800138b9389 100644 --- a/2022/2xxx/CVE-2022-2533.json +++ b/2022/2xxx/CVE-2022-2533.json @@ -4,15 +4,92 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2533", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=12.10, <15.1.6" + }, + { + "version_value": ">=15.2, <15.2.4" + }, + { + "version_value": ">=15.3, <15.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper access control in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/363863", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/363863", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2533.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2533.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue has been discovered in GitLab affecting all versions starting from 12.10 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a valid Deploy Token to misuse it from any location." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "This vulnerability has been discovered internally by the GitLab team." + } + ] } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2563.json b/2022/2xxx/CVE-2022-2563.json index 95d7cd25731..3726e7625d5 100644 --- a/2022/2xxx/CVE-2022-2563.json +++ b/2022/2xxx/CVE-2022-2563.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-2563", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-2563", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Tutor LMS < 2.0.10 - Admin+ Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Tutor LMS – eLearning and online course solution", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.0.10", + "version_value": "2.0.10" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Tutor LMS WordPress plugin before 2.0.10 does not escape some course parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/98cd761c-7527-4224-965d-d34472b5c19f", + "name": "https://wpscan.com/vulnerability/98cd761c-7527-4224-965d-d34472b5c19f" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-Site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "lucy" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2574.json b/2022/2xxx/CVE-2022-2574.json index 8404152c074..78edd3aaa46 100644 --- a/2022/2xxx/CVE-2022-2574.json +++ b/2022/2xxx/CVE-2022-2574.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-2574", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-2574", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Meks Easy Social Share < 1.2.8 - Admin+ Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Meks Easy Social Share", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.2.8", + "version_value": "1.2.8" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Meks Easy Social Share WordPress plugin before 1.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/9dec8ac7-befd-4c9d-9a9e-7da9e395dbf2", + "name": "https://wpscan.com/vulnerability/9dec8ac7-befd-4c9d-9a9e-7da9e395dbf2" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-Site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Asif Nawaz Minhas" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2592.json b/2022/2xxx/CVE-2022-2592.json index 25abdaa72d1..911fd410e16 100644 --- a/2022/2xxx/CVE-2022-2592.json +++ b/2022/2xxx/CVE-2022-2592.json @@ -4,15 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2592", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=12.9.8, <15.1.6" + }, + { + "version_value": ">=15.2, <15.2.4" + }, + { + "version_value": ">=15.3, <15.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Uncontrolled resource consumption in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/362566", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/362566", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/1544507", + "url": "https://hackerone.com/reports/1544507", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2592.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2592.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a maliciously large Snippet which when requested with or without authentication places excessive load on the server, potential leading to Denial of Service." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks [cryptopone](https://hackerone.com/cryptopone) for reporting this vulnerability through our HackerOne bug bounty program" + } + ] } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2630.json b/2022/2xxx/CVE-2022-2630.json index 81b11171409..0abc4399307 100644 --- a/2022/2xxx/CVE-2022-2630.json +++ b/2022/2xxx/CVE-2022-2630.json @@ -4,15 +4,94 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2630", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=15.2, <15.2.4" + }, + { + "version_value": ">=15.3, <15.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper access control in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/369429", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/369429", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/1652853", + "url": "https://hackerone.com/reports/1652853", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2630.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2630.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper access control issue in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of confidential information via the Incident timeline events." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 4.2, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks [yvvdwf](https://hackerone.com/yvvdwf) for reporting this vulnerability through our HackerOne bug bounty program" + } + ] } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2720.json b/2022/2xxx/CVE-2022-2720.json index 31625d3f113..091ddcea718 100644 --- a/2022/2xxx/CVE-2022-2720.json +++ b/2022/2xxx/CVE-2022-2720.json @@ -23,7 +23,7 @@ "version_affected": ">=" }, { - "version_value": "2022.1.3180", + "version_value": "2022.1.3134", "version_affected": "<" }, { @@ -31,7 +31,7 @@ "version_affected": ">=" }, { - "version_value": "2022.2.7965", + "version_value": "2022.2.7934", "version_affected": "<" }, { diff --git a/2022/2xxx/CVE-2022-2764.json b/2022/2xxx/CVE-2022-2764.json index 62d245491ee..42b76aec25a 100644 --- a/2022/2xxx/CVE-2022-2764.json +++ b/2022/2xxx/CVE-2022-2764.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2117506", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117506" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221014-0006/", + "url": "https://security.netapp.com/advisory/ntap-20221014-0006/" } ] }, diff --git a/2022/2xxx/CVE-2022-2780.json b/2022/2xxx/CVE-2022-2780.json index fca4f069238..a2053b99774 100644 --- a/2022/2xxx/CVE-2022-2780.json +++ b/2022/2xxx/CVE-2022-2780.json @@ -4,14 +4,79 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2780", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@octopus.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Octopus Deploy", + "product": { + "product_data": [ + { + "product_name": "Octopus Server", + "version": { + "version_data": [ + { + "version_value": "2021.2.994", + "version_affected": ">=" + }, + { + "version_value": "2022.1.3180", + "version_affected": "<" + }, + { + "version_value": "2022.2.6729", + "version_affected": ">=" + }, + { + "version_value": "2022.2.7965", + "version_affected": "<" + }, + { + "version_value": "2022.3.348", + "version_affected": ">=" + }, + { + "version_value": "2022.3.10586", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authentication Bypass by Capture-Replay" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://advisories.octopus.com/post/2022/sa2022-20/", + "refsource": "MISC", + "name": "https://advisories.octopus.com/post/2022/sa2022-20/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In affected versions of Octopus Server it is possible to use the Git Connectivity test function on the VCS project to initiate an SMB request resulting in the potential for an NTLM relay attack." } ] } diff --git a/2022/2xxx/CVE-2022-2828.json b/2022/2xxx/CVE-2022-2828.json index cc85b1f9385..25c32af5740 100644 --- a/2022/2xxx/CVE-2022-2828.json +++ b/2022/2xxx/CVE-2022-2828.json @@ -4,14 +4,79 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2828", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@octopus.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Octopus Deploy", + "product": { + "product_data": [ + { + "product_name": "Octopus Server", + "version": { + "version_data": [ + { + "version_value": "2022.1.2121", + "version_affected": ">=" + }, + { + "version_value": "2022.1.3135", + "version_affected": "<" + }, + { + "version_value": "2022.2.6729", + "version_affected": ">=" + }, + { + "version_value": "2022.2.7897", + "version_affected": "<" + }, + { + "version_value": "2022.3.348", + "version_affected": ">=" + }, + { + "version_value": "2022.3.10586", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://advisories.octopus.com/post/2022/sa2022-19/", + "refsource": "MISC", + "name": "https://advisories.octopus.com/post/2022/sa2022-19/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In affected versions of Octopus Server it is possible to reveal information about teams via the API due to an Insecure Direct Object Reference (IDOR) vulnerability" } ] } diff --git a/2022/2xxx/CVE-2022-2834.json b/2022/2xxx/CVE-2022-2834.json index f5694e7ab85..970066121ee 100644 --- a/2022/2xxx/CVE-2022-2834.json +++ b/2022/2xxx/CVE-2022-2834.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-2834", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-2834", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Helpful < 4.5.26 - Information Disclosure" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Helpful", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.5.26", + "version_value": "4.5.26" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Helpful WordPress plugin before 4.5.26 puts the exported logs and feedbacks in a publicly accessible location and guessable names, which could allow attackers to download them and retrieve sensitive information such as IP, Names and Email Address depending on the plugin's settings" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/468d5fc7-04c6-4354-b134-85ebb25b37ae", + "name": "https://wpscan.com/vulnerability/468d5fc7-04c6-4354-b134-85ebb25b37ae" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-200 Information Exposure", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Aleksi Kistauri" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2022/2xxx/CVE-2022-2850.json b/2022/2xxx/CVE-2022-2850.json index e21345e2ca6..8f73d9c5089 100644 --- a/2022/2xxx/CVE-2022-2850.json +++ b/2022/2xxx/CVE-2022-2850.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2850", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "389-ds-base", + "version": { + "version_data": [ + { + "version_value": "389-ds-base-2.0.x+" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2118691", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118691" + }, + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2022-2850", + "url": "https://access.redhat.com/security/cve/CVE-2022-2850" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514." } ] } diff --git a/2022/2xxx/CVE-2022-2865.json b/2022/2xxx/CVE-2022-2865.json index bb112a96a3c..2bfab2cdedf 100644 --- a/2022/2xxx/CVE-2022-2865.json +++ b/2022/2xxx/CVE-2022-2865.json @@ -4,15 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2865", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=9.0, <15.1.6" + }, + { + "version_value": ">=15.2, <15.2.4" + }, + { + "version_value": ">=15.3, <15.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper neutralization of input during web page generation ('cross-site scripting') in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/370873", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/370873", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/1665658", + "url": "https://hackerone.com/reports/1665658", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2865.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2865.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, 15.2 to 15.2.4 and 15.3 prior to 15.3.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N", + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1", + "baseScore": 7.2, + "baseSeverity": "HIGH" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks [yvvdwf](https://hackerone.com/yvvdwf) for reporting this vulnerability through our HackerOne bug bounty program" + } + ] } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2879.json b/2022/2xxx/CVE-2022-2879.json index 81ec110ba0d..2ee8fd1b583 100644 --- a/2022/2xxx/CVE-2022-2879.json +++ b/2022/2xxx/CVE-2022-2879.json @@ -1,18 +1,92 @@ { + "CVE_data_meta": { + "ASSIGNER": "security@golang.org", + "ID": "CVE-2022-2879", + "STATE": "PUBLIC" + }, "data_type": "CVE", "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-2879", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "archive/tar", + "version": { + "version_data": [ + { + "version_value": "1.18.7", + "version_affected": "<" + }, + { + "version_value": "1.19.0", + "version_affected": ">=" + }, + { + "version_value": "1.19.2", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Go standard library" + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE 400: Uncontrolled Resource Consumption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://go.dev/issue/54853", + "refsource": "MISC", + "name": "https://go.dev/issue/54853" + }, + { + "url": "https://go.dev/cl/439355", + "refsource": "MISC", + "name": "https://go.dev/cl/439355" + }, + { + "url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU", + "refsource": "MISC", + "name": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU" + }, + { + "url": "https://pkg.go.dev/vuln/GO-2022-1037", + "refsource": "MISC", + "name": "https://pkg.go.dev/vuln/GO-2022-1037" + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Adam Korczynski (ADA Logics) and OSS-Fuzz" + } + ] } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2880.json b/2022/2xxx/CVE-2022-2880.json index bd6b610996d..c836c55c12f 100644 --- a/2022/2xxx/CVE-2022-2880.json +++ b/2022/2xxx/CVE-2022-2880.json @@ -1,18 +1,92 @@ { + "CVE_data_meta": { + "ASSIGNER": "security@golang.org", + "ID": "CVE-2022-2880", + "STATE": "PUBLIC" + }, "data_type": "CVE", "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-2880", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "net/http/httputil", + "version": { + "version_data": [ + { + "version_value": "1.18.7", + "version_affected": "<" + }, + { + "version_value": "1.19.0", + "version_affected": ">=" + }, + { + "version_value": "1.19.2", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Go standard library" + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request's Form field is set after the ReverseProxy. Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse query parameters continue to forward the original query parameters unchanged." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-444: Inconsistent Interpretation of HTTP Requests" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU", + "refsource": "MISC", + "name": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU" + }, + { + "url": "https://go.dev/issue/54663", + "refsource": "MISC", + "name": "https://go.dev/issue/54663" + }, + { + "url": "https://go.dev/cl/432976", + "refsource": "MISC", + "name": "https://go.dev/cl/432976" + }, + { + "url": "https://pkg.go.dev/vuln/GO-2022-1038", + "refsource": "MISC", + "name": "https://pkg.go.dev/vuln/GO-2022-1038" + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Gal Goldstein (Security Researcher, Oxeye) and Daniel Abeles (Head of Research, Oxeye)" + } + ] } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2884.json b/2022/2xxx/CVE-2022-2884.json index add3eff0864..86572461d3c 100644 --- a/2022/2xxx/CVE-2022-2884.json +++ b/2022/2xxx/CVE-2022-2884.json @@ -4,15 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2884", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=11.3.4, <15.1.5" + }, + { + "version_value": ">=15.2, <15.2.3" + }, + { + "version_value": ">=15.3, <15.3.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper neutralization of special elements used in an os command ('os command injection') in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/371098", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/371098", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/1672388", + "url": "https://hackerone.com/reports/1672388", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2884.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2884.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint" } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 9.9, + "baseSeverity": "CRITICAL" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks [yvvdwf](https://hackerone.com/yvvdwf) for reporting this vulnerability through our HackerOne bug bounty program." + } + ] } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2908.json b/2022/2xxx/CVE-2022-2908.json index ccac865bc5e..8115b1474d7 100644 --- a/2022/2xxx/CVE-2022-2908.json +++ b/2022/2xxx/CVE-2022-2908.json @@ -4,15 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2908", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=10.7, <15.1.5" + }, + { + "version_value": ">=15.2, <15.2.3" + }, + { + "version_value": ">=15.3, <15.3.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Uncontrolled resource consumption in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/363734", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/363734", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/1584156", + "url": "https://hackerone.com/reports/1584156", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2908.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2908.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A potential DoS vulnerability was discovered in Gitlab CE/EE versions starting from 10.7 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before 15.3.1 allowed an attacker to trigger high CPU usage via a special crafted input added in the Commit message field." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 4.2, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks [ryhmnlfj](https://hackerone.com/ryhmnlfj) for reporting this vulnerability through our HackerOne bug bounty program" + } + ] } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2928.json b/2022/2xxx/CVE-2022-2928.json index d14b85ea172..a262634b998 100644 --- a/2022/2xxx/CVE-2022-2928.json +++ b/2022/2xxx/CVE-2022-2928.json @@ -96,6 +96,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20221010 [SECURITY] [DLA 3146-1] isc-dhcp security update", "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-f5a45757df", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/" } ] }, diff --git a/2022/2xxx/CVE-2022-2929.json b/2022/2xxx/CVE-2022-2929.json index 6c0c7c5f1d4..621455b5182 100644 --- a/2022/2xxx/CVE-2022-2929.json +++ b/2022/2xxx/CVE-2022-2929.json @@ -96,6 +96,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20221010 [SECURITY] [DLA 3146-1] isc-dhcp security update", "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-f5a45757df", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/" } ] }, diff --git a/2022/2xxx/CVE-2022-2931.json b/2022/2xxx/CVE-2022-2931.json index 465abcf5f3f..4e34b19d551 100644 --- a/2022/2xxx/CVE-2022-2931.json +++ b/2022/2xxx/CVE-2022-2931.json @@ -4,15 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2931", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": " <15.1.6" + }, + { + "version_value": ">=15.2, <15.2.4" + }, + { + "version_value": ">=15.3, <15.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Uncontrolled resource consumption in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://hackerone.com/reports/1543718", + "url": "https://hackerone.com/reports/1543718", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/361982", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/361982", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2931.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2931.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Malformed content added to the issue description could have been used to trigger high CPU usage." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 7.5, + "baseSeverity": "HIGH" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks legit-security(https://hackerone.com/legit-security) for reporting this vulnerability through our HackerOne bug bounty program" + } + ] } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2953.json b/2022/2xxx/CVE-2022-2953.json index 0f317f29cf4..5855887d5cf 100644 --- a/2022/2xxx/CVE-2022-2953.json +++ b/2022/2xxx/CVE-2022-2953.json @@ -58,6 +58,11 @@ "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2953.json", "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2953.json", "refsource": "CONFIRM" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221014-0008/", + "url": "https://security.netapp.com/advisory/ntap-20221014-0008/" } ] }, diff --git a/2022/2xxx/CVE-2022-2963.json b/2022/2xxx/CVE-2022-2963.json index 35e0c7acca4..ea426b2a2be 100644 --- a/2022/2xxx/CVE-2022-2963.json +++ b/2022/2xxx/CVE-2022-2963.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2963", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "jasper", + "version": { + "version_data": [ + { + "version_value": "jasper 3.0.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "memory leaks" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2022-2963", + "url": "https://access.redhat.com/security/cve/CVE-2022-2963" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2118587", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118587" + }, + { + "refsource": "MISC", + "name": "https://github.com/jasper-software/jasper/issues/332", + "url": "https://github.com/jasper-software/jasper/issues/332" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or segmentation fault." } ] } diff --git a/2022/2xxx/CVE-2022-2984.json b/2022/2xxx/CVE-2022-2984.json index cc50494b797..0b32d93d886 100644 --- a/2022/2xxx/CVE-2022-2984.json +++ b/2022/2xxx/CVE-2022-2984.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@unisoc.com", "ID": "CVE-2022-2984", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", + "version": { + "version_data": [ + { + "version_value": "Android10/Android11/Android12" + } + ] + } + } + ] + }, + "vendor_name": "Unisoc (Shanghai) Technologies Co., Ltd." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In jpg driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787 Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738", + "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738" } ] } diff --git a/2022/2xxx/CVE-2022-2985.json b/2022/2xxx/CVE-2022-2985.json index fc0d6ed9a95..dff82fdddd0 100644 --- a/2022/2xxx/CVE-2022-2985.json +++ b/2022/2xxx/CVE-2022-2985.json @@ -1,18 +1 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-2985", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file +{"CVE_data_meta": {"ASSIGNER": "security@unisoc.com", "ID": "CVE-2022-2985", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "version": {"version_data": [{"version_value": "Android10/Android11"}]}}]}, "vendor_name": "Unisoc (Shanghai) Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In music service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-862 Missing Authorization"}]}]}, "references": {"reference_data": [{"refsource": "MISC", "name": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738"}]}} \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2992.json b/2022/2xxx/CVE-2022-2992.json index edc411126eb..c6576986e48 100644 --- a/2022/2xxx/CVE-2022-2992.json +++ b/2022/2xxx/CVE-2022-2992.json @@ -4,15 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2992", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=11.10, <15.1.6" + }, + { + "version_value": ">=15.2, <15.2.4" + }, + { + "version_value": ">=15.3, <15.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper neutralization of special elements used in a command ('command injection') in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/371884", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/371884", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/1679624", + "url": "https://hackerone.com/reports/1679624", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2992.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2992.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 9.9, + "baseSeverity": "CRITICAL" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks [vakzz](https://hackerone.com/vakzz) for reporting this vulnerability through our HackerOne bug bounty program" + } + ] } \ No newline at end of file diff --git a/2022/30xxx/CVE-2022-30601.json b/2022/30xxx/CVE-2022-30601.json index 8ed341928b8..69ffe1fb507 100644 --- a/2022/30xxx/CVE-2022-30601.json +++ b/2022/30xxx/CVE-2022-30601.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00709.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00709.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221014-0004/", + "url": "https://security.netapp.com/advisory/ntap-20221014-0004/" } ] }, diff --git a/2022/30xxx/CVE-2022-30614.json b/2022/30xxx/CVE-2022-30614.json index fb46ce69d9b..81882f27cd7 100644 --- a/2022/30xxx/CVE-2022-30614.json +++ b/2022/30xxx/CVE-2022-30614.json @@ -12,6 +12,11 @@ "refsource": "XF", "name": "ibm-cognos-cve202230614-dos (227591)", "title": "X-Force Vulnerability Report" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221014-0005/", + "url": "https://security.netapp.com/advisory/ntap-20221014-0005/" } ] }, diff --git a/2022/30xxx/CVE-2022-30944.json b/2022/30xxx/CVE-2022-30944.json index af9e5083c60..3fbfee87a14 100644 --- a/2022/30xxx/CVE-2022-30944.json +++ b/2022/30xxx/CVE-2022-30944.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00709.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00709.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221014-0004/", + "url": "https://security.netapp.com/advisory/ntap-20221014-0004/" } ] }, diff --git a/2022/31xxx/CVE-2022-31123.json b/2022/31xxx/CVE-2022-31123.json index 1786ad01075..c66d2f5816f 100644 --- a/2022/31xxx/CVE-2022-31123.json +++ b/2022/31xxx/CVE-2022-31123.json @@ -1,18 +1,91 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-31123", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Grafana plugin signature bypass vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "grafana", + "version": { + "version_data": [ + { + "version_value": "< 8.5.14" + }, + { + "version_value": ">= 9.0.0, < 9.1.8" + } + ] + } + } + ] + }, + "vendor_name": "grafana" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are not allowed. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not install plugins downloaded from untrusted sources." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-347: Improper Verification of Cryptographic Signature" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/grafana/grafana/security/advisories/GHSA-rhxj-gh46-jvw8", + "refsource": "CONFIRM", + "url": "https://github.com/grafana/grafana/security/advisories/GHSA-rhxj-gh46-jvw8" + }, + { + "name": "https://github.com/grafana/grafana/releases/tag/v9.1.8", + "refsource": "MISC", + "url": "https://github.com/grafana/grafana/releases/tag/v9.1.8" + } + ] + }, + "source": { + "advisory": "GHSA-rhxj-gh46-jvw8", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/31xxx/CVE-2022-31129.json b/2022/31xxx/CVE-2022-31129.json index 3ed7df4c801..8fd1155170b 100644 --- a/2022/31xxx/CVE-2022-31129.json +++ b/2022/31xxx/CVE-2022-31129.json @@ -108,6 +108,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-798fd95813", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZMX5YHELQVCGKKQVFXIYOTBMN23YYSRO/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221014-0003/", + "url": "https://security.netapp.com/advisory/ntap-20221014-0003/" } ] }, diff --git a/2022/31xxx/CVE-2022-31130.json b/2022/31xxx/CVE-2022-31130.json index b20999883ca..c2afc061c37 100644 --- a/2022/31xxx/CVE-2022-31130.json +++ b/2022/31xxx/CVE-2022-31130.json @@ -1,18 +1,101 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-31130", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Grafana data source and plugin proxy endpoints leaking authentication tokens to some destination plugins" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "grafana", + "version": { + "version_data": [ + { + "version_value": "< 8.5.14" + }, + { + "version_value": ">= 9.0.0, < 9.1.8" + } + ] + } + } + ] + }, + "vendor_name": "grafana" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with authentication tokens. The destination plugin could receive a user's Grafana authentication token. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not use API keys, JWT authentication, or any HTTP Header based authentication." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/grafana/grafana/releases/tag/v9.1.8", + "refsource": "MISC", + "url": "https://github.com/grafana/grafana/releases/tag/v9.1.8" + }, + { + "name": "https://github.com/grafana/grafana/security/advisories/GHSA-jv32-5578-pxjc", + "refsource": "CONFIRM", + "url": "https://github.com/grafana/grafana/security/advisories/GHSA-jv32-5578-pxjc" + }, + { + "name": "https://github.com/grafana/grafana/commit/4dd56e4dabce10007bf4ba1059bf54178c35b177", + "refsource": "MISC", + "url": "https://github.com/grafana/grafana/commit/4dd56e4dabce10007bf4ba1059bf54178c35b177" + }, + { + "name": "https://github.com/grafana/grafana/commit/9da278c044ba605eb5a1886c48df9a2cb0d3885f", + "refsource": "MISC", + "url": "https://github.com/grafana/grafana/commit/9da278c044ba605eb5a1886c48df9a2cb0d3885f" + } + ] + }, + "source": { + "advisory": "GHSA-jv32-5578-pxjc", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/31xxx/CVE-2022-31250.json b/2022/31xxx/CVE-2022-31250.json index 2972dea788c..aaf23c75514 100644 --- a/2022/31xxx/CVE-2022-31250.json +++ b/2022/31xxx/CVE-2022-31250.json @@ -73,7 +73,7 @@ "description": [ { "lang": "eng", - "value": "CWE-61: UNIX Symbolic Link (Symlink) Following" + "value": "CWE-59: Improper Link Resolution Before File Access ('Link Following')" } ] } @@ -95,4 +95,4 @@ ], "discovery": "INTERNAL" } -} \ No newline at end of file +} diff --git a/2022/31xxx/CVE-2022-31814.json b/2022/31xxx/CVE-2022-31814.json index 06889907b57..adc94b29b1e 100644 --- a/2022/31xxx/CVE-2022-31814.json +++ b/2022/31xxx/CVE-2022-31814.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://www.ihteam.net/advisory/pfblockerng-unauth-rce-vulnerability/", "url": "https://www.ihteam.net/advisory/pfblockerng-unauth-rce-vulnerability/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/168743/pfSense-pfBlockerNG-2.1.4_26-Shell-Upload.html", + "url": "http://packetstormsecurity.com/files/168743/pfSense-pfBlockerNG-2.1.4_26-Shell-Upload.html" } ] } diff --git a/2022/32xxx/CVE-2022-32149.json b/2022/32xxx/CVE-2022-32149.json index c5c58b23c50..68f0fffe1c4 100644 --- a/2022/32xxx/CVE-2022-32149.json +++ b/2022/32xxx/CVE-2022-32149.json @@ -1,18 +1,84 @@ { + "CVE_data_meta": { + "ASSIGNER": "security@golang.org", + "ID": "CVE-2022-32149", + "STATE": "PUBLIC" + }, "data_type": "CVE", "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-32149", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "golang.org/x/text/language", + "version": { + "version_data": [ + { + "version_value": "0.3.8", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "golang.org/x/text" + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE 400: Uncontrolled Resource Consumption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://go.dev/issue/56152", + "refsource": "MISC", + "name": "https://go.dev/issue/56152" + }, + { + "url": "https://go.dev/cl/442235", + "refsource": "MISC", + "name": "https://go.dev/cl/442235" + }, + { + "url": "https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ", + "refsource": "MISC", + "name": "https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ" + }, + { + "url": "https://pkg.go.dev/vuln/GO-2022-1059", + "refsource": "MISC", + "name": "https://pkg.go.dev/vuln/GO-2022-1059" + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Adam Korczynski (ADA Logics) and OSS-Fuzz" + } + ] } \ No newline at end of file diff --git a/2022/32xxx/CVE-2022-32176.json b/2022/32xxx/CVE-2022-32176.json index 0889c153127..86c2f3081cd 100644 --- a/2022/32xxx/CVE-2022-32176.json +++ b/2022/32xxx/CVE-2022-32176.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-32176", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "CVE_data_meta" : { + "ASSIGNER" : "vulnerabilitylab@mend.io", + "ID" : "CVE-2022-32176", + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "Oct 11, 2022, 12:00:00 AM", + "TITLE" : "Gin-vue-admin - Unrestricted File Upload" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { + "vendor_name" : "gin-vue-admin", + "product" : { + "product_data" : [ { + "product_name" : "gin-vue-admin", + "version" : { + "version_data" : [ { + "version_value" : "v2.5.1", + "version_affected" : ">=" + }, { + "version_value" : "v2.5.3b", + "version_affected" : "<=" + } ] } - ] + } ] + } + } ] } -} \ No newline at end of file + }, + "credit" : [ { + "lang" : "eng", + "value" : "Mend Vulnerability Research Team (MVR)" + } ], + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { + "lang" : "eng", + "value" : "In \"Gin-Vue-Admin\", versions v2.5.1 through v2.5.3b are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the \"Compress Upload\" functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the admin's cookie leading to account takeover." + } ] + }, + "generator" : { + "engine" : "Vulnogram 0.0.9" + }, + "impact" : { + "cvss" : { + "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "attackComplexity" : "LOW", + "attackVector" : "NETWORK", + "availabilityImpact" : "HIGH", + "confidentialityImpact" : "HIGH", + "integrityImpact" : "HIGH", + "privilegesRequired" : "LOW", + "scope" : "CHANGED", + "userInteraction" : "REQUIRED", + "version" : 3.1, + "baseScore" : 9.0, + "baseSeverity" : "CRITICAL" + } + }, + "references" : { + "reference_data" : [ { + "refsource" : "MISC", + "url" : "https://www.mend.io/vulnerability-database/CVE-2022-32176" + }, { + "refsource" : "CONFIRM", + "url" : "https://github.com/flipped-aurora/gin-vue-admin/blob/v2.5.3beta/web/src/components/upload/image.vue#L43-L49" + } ] + }, + "problemtype" : { + "problemtype_data" : [ { + "description" : [ { + "lang" : "eng", + "value" : "CWE-434 Unrestricted Upload of File with Dangerous Type" + } ] + } ] + }, + "source" : { + "advisory" : "https://www.mend.io/vulnerability-database/", + "discovery" : "UNKNOWN" + } +} diff --git a/2022/32xxx/CVE-2022-32177.json b/2022/32xxx/CVE-2022-32177.json index 9650d422399..4879d770d59 100644 --- a/2022/32xxx/CVE-2022-32177.json +++ b/2022/32xxx/CVE-2022-32177.json @@ -1,18 +1,103 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com", "ID": "CVE-2022-32177", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "DATE_PUBLIC": "Oct 11, 2022, 12:00:00 AM", + "TITLE": "Gin-vue-admin - Unrestricted File Upload" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "gin-vue-admin", + "product": { + "product_data": [ + { + "product_name": "gin-vue-admin", + "version": { + "version_data": [ + { + "version_value": "v2.5.1", + "version_affected": ">=" + }, + { + "version_value": "v2.5.3beta", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Mend Vulnerability Research Team (MVR)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In \"Gin-Vue-Admin\", versions v2.5.1 through v2.5.3beta are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the 'Normal Upload' functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the admin\u2019s cookie leading to account takeover." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": 3.1, + "baseScore": 9.0, + "baseSeverity": "CRITICAL" + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.mend.io/vulnerability-database/CVE-2022-32177", + "name": "https://www.mend.io/vulnerability-database/CVE-2022-32177" + }, + { + "refsource": "MISC", + "url": "https://github.com/flipped-aurora/gin-vue-admin/blob/v2.5.3beta/web/src/components/upload/common.vue#L29-L37", + "name": "https://github.com/flipped-aurora/gin-vue-admin/blob/v2.5.3beta/web/src/components/upload/common.vue#L29-L37" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type" + } + ] + } + ] + }, + "source": { + "advisory": "https://www.mend.io/vulnerability-database/", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/33xxx/CVE-2022-33890.json b/2022/33xxx/CVE-2022-33890.json index 5d499588b87..06b09b9f22a 100644 --- a/2022/33xxx/CVE-2022-33890.json +++ b/2022/33xxx/CVE-2022-33890.json @@ -15,11 +15,11 @@ "product": { "product_data": [ { - "product_name": "Autodesk\u00ae Design Review, Autodesk\u00ae Advance Steel, Autodesk\u00ae Civil 3D\u00ae", + "product_name": "Autodesk\u00ae Design Review,", "version": { "version_data": [ { - "version_value": "2018, 2023, 2022" + "version_value": "2018" } ] } @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "A maliciously crafted PCT or DWF file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process." + "value": "A maliciously crafted PCT or DWF file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process." } ] } diff --git a/2022/34xxx/CVE-2022-34020.json b/2022/34xxx/CVE-2022-34020.json index a863fad1211..a797964249b 100644 --- a/2022/34xxx/CVE-2022-34020.json +++ b/2022/34xxx/CVE-2022-34020.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-34020", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-34020", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Request Forgery (CSRF) vulnerability in ResIOT ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 allows attackers to add new admin users to the platform or other unspecified impacts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html", + "refsource": "MISC", + "name": "https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html" + }, + { + "refsource": "MISC", + "name": "https://securityblog101.blogspot.com/2022/09/cve-2022-34020.html", + "url": "https://securityblog101.blogspot.com/2022/09/cve-2022-34020.html" } ] } diff --git a/2022/34xxx/CVE-2022-34021.json b/2022/34xxx/CVE-2022-34021.json index e6d86f6bae6..b8919999ac4 100644 --- a/2022/34xxx/CVE-2022-34021.json +++ b/2022/34xxx/CVE-2022-34021.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-34021", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-34021", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple Cross Site Scripting (XSS) vulnerabilities in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via the form fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://securityblog101.blogspot.com/2022/09/cve-id-cve-2022-34021.html", + "url": "https://securityblog101.blogspot.com/2022/09/cve-id-cve-2022-34021.html" } ] } diff --git a/2022/34xxx/CVE-2022-34022.json b/2022/34xxx/CVE-2022-34022.json index 4fd3267f3ff..9559b3c8cc8 100644 --- a/2022/34xxx/CVE-2022-34022.json +++ b/2022/34xxx/CVE-2022-34022.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-34022", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-34022", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerability in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via a crafted POST request to /ResiotQueryDBActive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://securityblog101.blogspot.com/2022/09/cve-id-cve-2022-34022.html", + "url": "https://securityblog101.blogspot.com/2022/09/cve-id-cve-2022-34022.html" } ] } diff --git a/2022/34xxx/CVE-2022-34265.json b/2022/34xxx/CVE-2022-34265.json index 9e79eabd2e3..7c5f62555ba 100644 --- a/2022/34xxx/CVE-2022-34265.json +++ b/2022/34xxx/CVE-2022-34265.json @@ -71,6 +71,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20220818-0006/", "url": "https://security.netapp.com/advisory/ntap-20220818-0006/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5254", + "url": "https://www.debian.org/security/2022/dsa-5254" } ] } diff --git a/2022/34xxx/CVE-2022-34326.json b/2022/34xxx/CVE-2022-34326.json index f6be5a0dfa3..b4d14d9acb2 100644 --- a/2022/34xxx/CVE-2022-34326.json +++ b/2022/34xxx/CVE-2022-34326.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "On Realtek RTL8195AM devices before 284241d70308ff2519e40afd7b284ba892c730a3, the timer task can be locked when there are frequent and continuous Wi-Fi connection failures for the Soft AP mode." + "value": "In ambiot amb1_sdk (aka SDK for Ameba1) before 2022-06-20 on Realtek RTL8195AM devices before 284241d70308ff2519e40afd7b284ba892c730a3, the timer task and RX task would be locked when there are frequent and continuous Wi-Fi connection (with four-way handshake) failures in Soft AP mode." } ] }, diff --git a/2022/35xxx/CVE-2022-35040.json b/2022/35xxx/CVE-2022-35040.json index 1bf480d9860..5baf5298f39 100644 --- a/2022/35xxx/CVE-2022-35040.json +++ b/2022/35xxx/CVE-2022-35040.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-35040", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-35040", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b5567." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://drive.google.com/file/d/1MPyMYxi3cqeAzJYl-TU6NuSxDC53aVyl/view?usp=sharing", + "refsource": "MISC", + "name": "https://drive.google.com/file/d/1MPyMYxi3cqeAzJYl-TU6NuSxDC53aVyl/view?usp=sharing" + }, + { + "refsource": "MISC", + "name": "https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35040.md", + "url": "https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35040.md" } ] } diff --git a/2022/35xxx/CVE-2022-35041.json b/2022/35xxx/CVE-2022-35041.json index 53e4a0d9e16..c0ca621644a 100644 --- a/2022/35xxx/CVE-2022-35041.json +++ b/2022/35xxx/CVE-2022-35041.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-35041", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-35041", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b558f." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://drive.google.com/file/d/1pzPVwMvEu-qvuyw6Mbu42zuKoaq6cp-6/view?usp=sharing", + "refsource": "MISC", + "name": "https://drive.google.com/file/d/1pzPVwMvEu-qvuyw6Mbu42zuKoaq6cp-6/view?usp=sharing" + }, + { + "refsource": "MISC", + "name": "https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35041.md", + "url": "https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35041.md" } ] } diff --git a/2022/35xxx/CVE-2022-35042.json b/2022/35xxx/CVE-2022-35042.json index ac1f5790d37..9814b2fe882 100644 --- a/2022/35xxx/CVE-2022-35042.json +++ b/2022/35xxx/CVE-2022-35042.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-35042", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-35042", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x4adb11." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://drive.google.com/file/d/1Gj8rA1kD89lxUZVb_t-s3-18-ospJRJC/view?usp=sharing", + "refsource": "MISC", + "name": "https://drive.google.com/file/d/1Gj8rA1kD89lxUZVb_t-s3-18-ospJRJC/view?usp=sharing" + }, + { + "refsource": "MISC", + "name": "https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35042.md", + "url": "https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35042.md" } ] } diff --git a/2022/35xxx/CVE-2022-35043.json b/2022/35xxx/CVE-2022-35043.json index 7279679fe0e..e5111fb7b78 100644 --- a/2022/35xxx/CVE-2022-35043.json +++ b/2022/35xxx/CVE-2022-35043.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-35043", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-35043", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c08a6." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://drive.google.com/file/d/14CXldgbsymRm_4PkWmuVSIvliOiG2rOa/view?usp=sharing", + "refsource": "MISC", + "name": "https://drive.google.com/file/d/14CXldgbsymRm_4PkWmuVSIvliOiG2rOa/view?usp=sharing" + }, + { + "refsource": "MISC", + "name": "https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35043.md", + "url": "https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35043.md" } ] } diff --git a/2022/35xxx/CVE-2022-35044.json b/2022/35xxx/CVE-2022-35044.json index b29625df2ae..40abca577ad 100644 --- a/2022/35xxx/CVE-2022-35044.json +++ b/2022/35xxx/CVE-2022-35044.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-35044", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-35044", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x617087." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://drive.google.com/file/d/1A9LlI9ioeAnoZjA_9c7WQbckV8gCiVIn/view?usp=sharing", + "refsource": "MISC", + "name": "https://drive.google.com/file/d/1A9LlI9ioeAnoZjA_9c7WQbckV8gCiVIn/view?usp=sharing" + }, + { + "refsource": "MISC", + "name": "https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35044.md", + "url": "https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35044.md" } ] } diff --git a/2022/35xxx/CVE-2022-35045.json b/2022/35xxx/CVE-2022-35045.json index a530ecea093..31e35d07ab5 100644 --- a/2022/35xxx/CVE-2022-35045.json +++ b/2022/35xxx/CVE-2022-35045.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-35045", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-35045", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0d63." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://drive.google.com/file/d/1eIYb4VDyDnXLCjXKSoFQjkmoXyaCmr-m/view?usp=sharing", + "refsource": "MISC", + "name": "https://drive.google.com/file/d/1eIYb4VDyDnXLCjXKSoFQjkmoXyaCmr-m/view?usp=sharing" + }, + { + "refsource": "MISC", + "name": "https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35045.md", + "url": "https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35045.md" } ] } diff --git a/2022/35xxx/CVE-2022-35046.json b/2022/35xxx/CVE-2022-35046.json index a9e97eed01e..9337cea128b 100644 --- a/2022/35xxx/CVE-2022-35046.json +++ b/2022/35xxx/CVE-2022-35046.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-35046", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-35046", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0466." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://drive.google.com/file/d/1M8imA5zUlsMA6lgUbvLQ6rbEn6CO6QKq/view?usp=sharing", + "refsource": "MISC", + "name": "https://drive.google.com/file/d/1M8imA5zUlsMA6lgUbvLQ6rbEn6CO6QKq/view?usp=sharing" + }, + { + "refsource": "MISC", + "name": "https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35046.md", + "url": "https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35046.md" } ] } diff --git a/2022/35xxx/CVE-2022-35047.json b/2022/35xxx/CVE-2022-35047.json index d77338e7540..4899714848e 100644 --- a/2022/35xxx/CVE-2022-35047.json +++ b/2022/35xxx/CVE-2022-35047.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-35047", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-35047", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b05aa." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://drive.google.com/file/d/10asu-uKB2GIpnoGkAvvZPTqt4ylBU83s/view?usp=sharing", + "refsource": "MISC", + "name": "https://drive.google.com/file/d/10asu-uKB2GIpnoGkAvvZPTqt4ylBU83s/view?usp=sharing" + }, + { + "refsource": "MISC", + "name": "https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35047.md", + "url": "https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35047.md" } ] } diff --git a/2022/35xxx/CVE-2022-35048.json b/2022/35xxx/CVE-2022-35048.json index 161e59a791b..c0a45d2cc31 100644 --- a/2022/35xxx/CVE-2022-35048.json +++ b/2022/35xxx/CVE-2022-35048.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-35048", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-35048", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0b2c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://drive.google.com/file/d/18cCD_Z6TDbx9IDQQKq3ZTALMGWSl_qWH/view?usp=sharing", + "refsource": "MISC", + "name": "https://drive.google.com/file/d/18cCD_Z6TDbx9IDQQKq3ZTALMGWSl_qWH/view?usp=sharing" + }, + { + "refsource": "MISC", + "name": "https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35048.md", + "url": "https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35048.md" } ] } diff --git a/2022/35xxx/CVE-2022-35049.json b/2022/35xxx/CVE-2022-35049.json index 15b8a192759..fae1c6f5ab1 100644 --- a/2022/35xxx/CVE-2022-35049.json +++ b/2022/35xxx/CVE-2022-35049.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-35049", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-35049", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b03b5." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://drive.google.com/file/d/1h9mF80-Q13S3ZDZGLEM7hBIzCPwNDWhm/view?usp=sharing", + "refsource": "MISC", + "name": "https://drive.google.com/file/d/1h9mF80-Q13S3ZDZGLEM7hBIzCPwNDWhm/view?usp=sharing" + }, + { + "refsource": "MISC", + "name": "https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35049.md", + "url": "https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35049.md" } ] } diff --git a/2022/35xxx/CVE-2022-35050.json b/2022/35xxx/CVE-2022-35050.json index 5fea54bbd49..66c61bc49cf 100644 --- a/2022/35xxx/CVE-2022-35050.json +++ b/2022/35xxx/CVE-2022-35050.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-35050", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-35050", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b04de." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://drive.google.com/file/d/1WdB1yvIoEvOB4iWh5TLiMJIzxUQNln56/view?usp=sharing", + "refsource": "MISC", + "name": "https://drive.google.com/file/d/1WdB1yvIoEvOB4iWh5TLiMJIzxUQNln56/view?usp=sharing" + }, + { + "refsource": "MISC", + "name": "https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35050.md", + "url": "https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35050.md" } ] } diff --git a/2022/35xxx/CVE-2022-35051.json b/2022/35xxx/CVE-2022-35051.json index 8cc011a5f9a..d6af9c4f146 100644 --- a/2022/35xxx/CVE-2022-35051.json +++ b/2022/35xxx/CVE-2022-35051.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-35051", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-35051", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b55af." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://drive.google.com/file/d/1169h7-GXUmb2wlDYe_5C8ro25fS50u_-/view?usp=sharing", + "refsource": "MISC", + "name": "https://drive.google.com/file/d/1169h7-GXUmb2wlDYe_5C8ro25fS50u_-/view?usp=sharing" + }, + { + "refsource": "MISC", + "name": "https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35051.md", + "url": "https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35051.md" } ] } diff --git a/2022/35xxx/CVE-2022-35052.json b/2022/35xxx/CVE-2022-35052.json index a8669b8e1db..c244b8de21b 100644 --- a/2022/35xxx/CVE-2022-35052.json +++ b/2022/35xxx/CVE-2022-35052.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-35052", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-35052", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b84b1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://drive.google.com/file/d/134NkAgE_Dcmx558FgvTHifl_avVlF-AH/view?usp=sharing", + "refsource": "MISC", + "name": "https://drive.google.com/file/d/134NkAgE_Dcmx558FgvTHifl_avVlF-AH/view?usp=sharing" + }, + { + "refsource": "MISC", + "name": "https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35052.md", + "url": "https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35052.md" } ] } diff --git a/2022/35xxx/CVE-2022-35053.json b/2022/35xxx/CVE-2022-35053.json index 5c86cb36b26..7498bac0c4d 100644 --- a/2022/35xxx/CVE-2022-35053.json +++ b/2022/35xxx/CVE-2022-35053.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-35053", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-35053", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x61731f." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://drive.google.com/file/d/1frfdVcR0UJVO-vKDLb19yWQgeTqdeohJ/view?usp=sharing", + "refsource": "MISC", + "name": "https://drive.google.com/file/d/1frfdVcR0UJVO-vKDLb19yWQgeTqdeohJ/view?usp=sharing" + }, + { + "refsource": "MISC", + "name": "https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35053.md", + "url": "https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35053.md" } ] } diff --git a/2022/35xxx/CVE-2022-35054.json b/2022/35xxx/CVE-2022-35054.json index f35db4d687b..d23bee68f59 100644 --- a/2022/35xxx/CVE-2022-35054.json +++ b/2022/35xxx/CVE-2022-35054.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-35054", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-35054", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6171b2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://drive.google.com/file/d/1FoSPYJUO3hvUQywukndavdmu-45A-v2l/view?usp=sharing", + "refsource": "MISC", + "name": "https://drive.google.com/file/d/1FoSPYJUO3hvUQywukndavdmu-45A-v2l/view?usp=sharing" + }, + { + "refsource": "MISC", + "name": "https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35054.md", + "url": "https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35054.md" } ] } diff --git a/2022/35xxx/CVE-2022-35055.json b/2022/35xxx/CVE-2022-35055.json index b25eb7f09b9..6bd0d65075d 100644 --- a/2022/35xxx/CVE-2022-35055.json +++ b/2022/35xxx/CVE-2022-35055.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-35055", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-35055", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0473." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://drive.google.com/file/d/1PZ0D3DslISfUxI6CJ--giXQHYKE0JZ7K/view?usp=sharing", + "refsource": "MISC", + "name": "https://drive.google.com/file/d/1PZ0D3DslISfUxI6CJ--giXQHYKE0JZ7K/view?usp=sharing" + }, + { + "refsource": "MISC", + "name": "https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35055.md", + "url": "https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35055.md" } ] } diff --git a/2022/35xxx/CVE-2022-35056.json b/2022/35xxx/CVE-2022-35056.json index e9636f89d5d..85288679c11 100644 --- a/2022/35xxx/CVE-2022-35056.json +++ b/2022/35xxx/CVE-2022-35056.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-35056", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-35056", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0478." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://drive.google.com/file/d/1OgmLjZ9VnEbzFh8tqyhPlVGJtdrhgfWz/view?usp=sharing", + "refsource": "MISC", + "name": "https://drive.google.com/file/d/1OgmLjZ9VnEbzFh8tqyhPlVGJtdrhgfWz/view?usp=sharing" + }, + { + "refsource": "MISC", + "name": "https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35056.md", + "url": "https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35056.md" } ] } diff --git a/2022/35xxx/CVE-2022-35058.json b/2022/35xxx/CVE-2022-35058.json index b89de037498..d722c0f7884 100644 --- a/2022/35xxx/CVE-2022-35058.json +++ b/2022/35xxx/CVE-2022-35058.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-35058", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-35058", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b05ce." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://drive.google.com/file/d/1nqWScJjiK05VUxhBxrtJbrc3WK2iA_WI/view?usp=sharing", + "refsource": "MISC", + "name": "https://drive.google.com/file/d/1nqWScJjiK05VUxhBxrtJbrc3WK2iA_WI/view?usp=sharing" + }, + { + "refsource": "MISC", + "name": "https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35058.md", + "url": "https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35058.md" } ] } diff --git a/2022/35xxx/CVE-2022-35059.json b/2022/35xxx/CVE-2022-35059.json index d6bf0324f62..5fae8958172 100644 --- a/2022/35xxx/CVE-2022-35059.json +++ b/2022/35xxx/CVE-2022-35059.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-35059", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-35059", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0414." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://drive.google.com/file/d/1W9KM7OGlkMu1_7Y1mT_-eEbQJlRDfAJO/view?usp=sharing", + "refsource": "MISC", + "name": "https://drive.google.com/file/d/1W9KM7OGlkMu1_7Y1mT_-eEbQJlRDfAJO/view?usp=sharing" + }, + { + "refsource": "MISC", + "name": "https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35059.md", + "url": "https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35059.md" } ] } diff --git a/2022/35xxx/CVE-2022-35080.json b/2022/35xxx/CVE-2022-35080.json index 90084905d99..2ff6c81b4df 100644 --- a/2022/35xxx/CVE-2022-35080.json +++ b/2022/35xxx/CVE-2022-35080.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-35080", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-35080", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via png_load at /lib/png.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/matthiaskramm/swftools/issues/183", + "refsource": "MISC", + "name": "https://github.com/matthiaskramm/swftools/issues/183" + }, + { + "refsource": "MISC", + "name": "https://github.com/Cvjark/Poc/blob/main/swftools/png2swf/CVE-2022-35080.md", + "url": "https://github.com/Cvjark/Poc/blob/main/swftools/png2swf/CVE-2022-35080.md" } ] } diff --git a/2022/35xxx/CVE-2022-35081.json b/2022/35xxx/CVE-2022-35081.json index dbb0b1cfe5e..143286d103d 100644 --- a/2022/35xxx/CVE-2022-35081.json +++ b/2022/35xxx/CVE-2022-35081.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-35081", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-35081", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via png_read_header at /src/png2swf.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/matthiaskramm/swftools/issues/183", + "refsource": "MISC", + "name": "https://github.com/matthiaskramm/swftools/issues/183" + }, + { + "refsource": "MISC", + "name": "https://github.com/Cvjark/Poc/blob/main/swftools/png2swf/CVE-2022-35081.md", + "url": "https://github.com/Cvjark/Poc/blob/main/swftools/png2swf/CVE-2022-35081.md" } ] } diff --git a/2022/35xxx/CVE-2022-35134.json b/2022/35xxx/CVE-2022-35134.json index 57d1704a3ad..cbeafea2bf5 100644 --- a/2022/35xxx/CVE-2022-35134.json +++ b/2022/35xxx/CVE-2022-35134.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-35134", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-35134", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Boodskap IoT Platform v4.4.9-02 contains a cross-site scripting (XSS) vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://securityblog101.blogspot.com/2022/10/cve-id-cve-2022-35134.html", + "url": "https://securityblog101.blogspot.com/2022/10/cve-id-cve-2022-35134.html" } ] } diff --git a/2022/35xxx/CVE-2022-35135.json b/2022/35xxx/CVE-2022-35135.json index 7f769d8fb00..99afc1eb335 100644 --- a/2022/35xxx/CVE-2022-35135.json +++ b/2022/35xxx/CVE-2022-35135.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-35135", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-35135", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Boodskap IoT Platform v4.4.9-02 allows attackers to escalate privileges via a crafted request sent to /api/user/upsert/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://securityblog101.blogspot.com/2022/10/cve-id-cve-2022-35135-cve-2022-35136.html", + "url": "https://securityblog101.blogspot.com/2022/10/cve-id-cve-2022-35135-cve-2022-35136.html" } ] } diff --git a/2022/35xxx/CVE-2022-35136.json b/2022/35xxx/CVE-2022-35136.json index 9ac616e6ff3..81c13bca447 100644 --- a/2022/35xxx/CVE-2022-35136.json +++ b/2022/35xxx/CVE-2022-35136.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-35136", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-35136", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Boodskap IoT Platform v4.4.9-02 allows attackers to make unauthenticated API requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://securityblog101.blogspot.com/2022/10/cve-id-cve-2022-35135-cve-2022-35136.html", + "url": "https://securityblog101.blogspot.com/2022/10/cve-id-cve-2022-35135-cve-2022-35136.html" } ] } diff --git a/2022/35xxx/CVE-2022-35226.json b/2022/35xxx/CVE-2022-35226.json index f818a6194bf..f5fa2ca3bfc 100644 --- a/2022/35xxx/CVE-2022-35226.json +++ b/2022/35xxx/CVE-2022-35226.json @@ -19,11 +19,11 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "4.2" }, { - "version_name": "<", + "version_affected": "=", "version_value": "4.3" } ] diff --git a/2022/35xxx/CVE-2022-35296.json b/2022/35xxx/CVE-2022-35296.json index a298b0e529c..34bb61fc1f7 100644 --- a/2022/35xxx/CVE-2022-35296.json +++ b/2022/35xxx/CVE-2022-35296.json @@ -19,11 +19,11 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "420" }, { - "version_name": "<", + "version_affected": "=", "version_value": "430" } ] diff --git a/2022/35xxx/CVE-2022-35297.json b/2022/35xxx/CVE-2022-35297.json index 79d18eec92a..e697a17d26e 100644 --- a/2022/35xxx/CVE-2022-35297.json +++ b/2022/35xxx/CVE-2022-35297.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "10" } ] diff --git a/2022/35xxx/CVE-2022-35299.json b/2022/35xxx/CVE-2022-35299.json index 6cd38c01f18..dda21d5339c 100644 --- a/2022/35xxx/CVE-2022-35299.json +++ b/2022/35xxx/CVE-2022-35299.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "17.0" } ] @@ -30,7 +30,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "16.1" } ] diff --git a/2022/35xxx/CVE-2022-35611.json b/2022/35xxx/CVE-2022-35611.json index 69c7ddd1f1b..13fe4a49c7f 100644 --- a/2022/35xxx/CVE-2022-35611.json +++ b/2022/35xxx/CVE-2022-35611.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-35611", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-35611", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross-Site Request Forgery (CSRF) in MQTTRoute v3.3 and below allows attackers to create and remove dashboards." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://securityblog101.blogspot.com/2022/10/cve-id-cve-2022-35611.html", + "url": "https://securityblog101.blogspot.com/2022/10/cve-id-cve-2022-35611.html" } ] } diff --git a/2022/35xxx/CVE-2022-35612.json b/2022/35xxx/CVE-2022-35612.json index e3715e43654..5871c1d7474 100644 --- a/2022/35xxx/CVE-2022-35612.json +++ b/2022/35xxx/CVE-2022-35612.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-35612", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-35612", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability in MQTTRoute v3.3 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the dashboard name text field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://securityblog101.blogspot.com/2022/10/cve-id-cve-2022-35612.html", + "url": "https://securityblog101.blogspot.com/2022/10/cve-id-cve-2022-35612.html" } ] } diff --git a/2022/35xxx/CVE-2022-35689.json b/2022/35xxx/CVE-2022-35689.json index 946cadeb407..6aae5d42ba9 100644 --- a/2022/35xxx/CVE-2022-35689.json +++ b/2022/35xxx/CVE-2022-35689.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-08-09T23:00:00.000Z", "ID": "CVE-2022-35689", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Commerce Improper Access Control Security feature bypass" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Magento Commerce", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2.4.5" + }, + { + "version_affected": "<=", + "version_value": "2.4.4-p1" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "Low", + "baseScore": 5.3, + "baseSeverity": "Medium", + "confidentialityImpact": "None", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control (CWE-284)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/magento/apsb22-48.html", + "name": "https://helpx.adobe.com/security/products/magento/apsb22-48.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/35xxx/CVE-2022-35690.json b/2022/35xxx/CVE-2022-35690.json index 96ce4384deb..e7477e70f82 100644 --- a/2022/35xxx/CVE-2022-35690.json +++ b/2022/35xxx/CVE-2022-35690.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-10-11T23:00:00.000Z", "ID": "CVE-2022-35690", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe ColdFusion ODBC Agent Stack-based Buffer Overflow Remote Code Execution Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ColdFusion", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "CF2021U4" + }, + { + "version_affected": "<=", + "version_value": "CF2018u14" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "High", + "baseScore": 9.8, + "baseSeverity": "Critical", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stack-based Buffer Overflow (CWE-121)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html", + "name": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/35xxx/CVE-2022-35691.json b/2022/35xxx/CVE-2022-35691.json index e972df49227..f74e0978ecd 100644 --- a/2022/35xxx/CVE-2022-35691.json +++ b/2022/35xxx/CVE-2022-35691.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-10-11T23:00:00.000Z", "ID": "CVE-2022-35691", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Acrobat Reader NULL Pointer Dereference Application denial-of-service" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "20.005.30381" + }, + { + "version_affected": "<=", + "version_value": "22.002.20212" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 5.5, + "baseSeverity": "Medium", + "confidentialityImpact": "None", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NULL Pointer Dereference (CWE-476)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb22-46.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb22-46.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/35xxx/CVE-2022-35698.json b/2022/35xxx/CVE-2022-35698.json index ab1afd21f31..992d271e564 100644 --- a/2022/35xxx/CVE-2022-35698.json +++ b/2022/35xxx/CVE-2022-35698.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-10-11T23:00:00.000Z", "ID": "CVE-2022-35698", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Commerce Stored XSS Arbitrary code execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Magento Commerce", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2.4.5" + }, + { + "version_affected": "<=", + "version_value": "2.4.4-p1" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by a Stored Cross-site Scripting vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "High", + "baseScore": 10, + "baseSeverity": "Critical", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Changed", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Stored XSS) (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/magento/apsb22-48.html", + "name": "https://helpx.adobe.com/security/products/magento/apsb22-48.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/35xxx/CVE-2022-35710.json b/2022/35xxx/CVE-2022-35710.json index 5d42de8e029..7ad0ecca58d 100644 --- a/2022/35xxx/CVE-2022-35710.json +++ b/2022/35xxx/CVE-2022-35710.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-10-11T23:00:00.000Z", "ID": "CVE-2022-35710", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe ColdFusion ODBC Server Stack-based Buffer Overflow Remote Code Execution Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ColdFusion", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "CF2021U4" + }, + { + "version_affected": "<=", + "version_value": "CF2018u14" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "High", + "baseScore": 9.8, + "baseSeverity": "Critical", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stack-based Buffer Overflow (CWE-121)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html", + "name": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/35xxx/CVE-2022-35711.json b/2022/35xxx/CVE-2022-35711.json index 4af71f1c5d3..be34bce8ed2 100644 --- a/2022/35xxx/CVE-2022-35711.json +++ b/2022/35xxx/CVE-2022-35711.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-10-11T23:00:00.000Z", "ID": "CVE-2022-35711", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe ColdFusion ODBC Server Heap-based Buffer Overflow Remote Code Execution Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ColdFusion", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "CF2021U4" + }, + { + "version_affected": "<=", + "version_value": "CF2018u14" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "High", + "baseScore": 9.8, + "baseSeverity": "Critical", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap-based Buffer Overflow (CWE-122)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html", + "name": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/35xxx/CVE-2022-35712.json b/2022/35xxx/CVE-2022-35712.json index 9297c2ef740..4458477e415 100644 --- a/2022/35xxx/CVE-2022-35712.json +++ b/2022/35xxx/CVE-2022-35712.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-10-11T23:00:00.000Z", "ID": "CVE-2022-35712", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe ColdFusion ODBC Agent Heap-based Buffer Overflow Remote Code Execution Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ColdFusion", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "CF2021U4" + }, + { + "version_affected": "<=", + "version_value": "CF2018u14" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "High", + "baseScore": 9.8, + "baseSeverity": "Critical", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap-based Buffer Overflow (CWE-122)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html", + "name": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/35xxx/CVE-2022-35944.json b/2022/35xxx/CVE-2022-35944.json index 34293008692..9b0c8c84f58 100644 --- a/2022/35xxx/CVE-2022-35944.json +++ b/2022/35xxx/CVE-2022-35944.json @@ -1,18 +1,86 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-35944", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "October CMS Safe Mode bypass leads to authenticated RCE (Remote Code Execution)" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "october", + "version": { + "version_data": [ + { + "version_value": ">= 3.0.0, < 3.0.66" + }, + { + "version_value": "< 2.2.34" + } + ] + } + } + ] + }, + "vendor_name": "octobercms" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "October is a self-hosted Content Management System (CMS) platform based on the Laravel PHP Framework. This vulnerability only affects installations that rely on the safe mode restriction, commonly used when providing public access to the admin panel. Assuming an attacker has access to the admin panel and permission to open the \"Editor\" section, they can bypass the Safe Mode (`cms.safe_mode`) restriction to introduce new PHP code in a CMS template using a specially crafted request. The issue has been patched in versions 2.2.34 and 3.0.66." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94: Improper Control of Generation of Code ('Code Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/octobercms/october/security/advisories/GHSA-x4q7-m6fp-4v9v", + "refsource": "CONFIRM", + "url": "https://github.com/octobercms/october/security/advisories/GHSA-x4q7-m6fp-4v9v" + } + ] + }, + "source": { + "advisory": "GHSA-x4q7-m6fp-4v9v", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/36xxx/CVE-2022-36113.json b/2022/36xxx/CVE-2022-36113.json index fc3cdde6b12..86ac2e204df 100644 --- a/2022/36xxx/CVE-2022-36113.json +++ b/2022/36xxx/CVE-2022-36113.json @@ -78,6 +78,11 @@ "name": "https://github.com/rust-lang/cargo/commit/97b80919e404b0768ea31ae329c3b4da54bed05a", "refsource": "MISC", "url": "https://github.com/rust-lang/cargo/commit/97b80919e404b0768ea31ae329c3b4da54bed05a" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-09", + "url": "https://security.gentoo.org/glsa/202210-09" } ] }, @@ -85,4 +90,4 @@ "advisory": "GHSA-rfj2-q3h3-hm5j", "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2022/36xxx/CVE-2022-36114.json b/2022/36xxx/CVE-2022-36114.json index 5716d58b859..0a74ff11a0c 100644 --- a/2022/36xxx/CVE-2022-36114.json +++ b/2022/36xxx/CVE-2022-36114.json @@ -78,6 +78,11 @@ "name": "https://github.com/rust-lang/cargo/commit/d1f9553c825f6d7481453be8d58d0e7f117988a7", "refsource": "MISC", "url": "https://github.com/rust-lang/cargo/commit/d1f9553c825f6d7481453be8d58d0e7f117988a7" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-09", + "url": "https://security.gentoo.org/glsa/202210-09" } ] }, @@ -85,4 +90,4 @@ "advisory": "GHSA-2hvr-h6gw-qrxp", "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2022/36xxx/CVE-2022-36359.json b/2022/36xxx/CVE-2022-36359.json index baa23733a19..abde0a81df7 100644 --- a/2022/36xxx/CVE-2022-36359.json +++ b/2022/36xxx/CVE-2022-36359.json @@ -76,6 +76,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20220915-0008/", "url": "https://security.netapp.com/advisory/ntap-20220915-0008/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5254", + "url": "https://www.debian.org/security/2022/dsa-5254" } ] } diff --git a/2022/36xxx/CVE-2022-36773.json b/2022/36xxx/CVE-2022-36773.json index ec79568c820..acf7ad404bf 100644 --- a/2022/36xxx/CVE-2022-36773.json +++ b/2022/36xxx/CVE-2022-36773.json @@ -90,6 +90,11 @@ "title": "X-Force Vulnerability Report", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/233571" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221014-0005/", + "url": "https://security.netapp.com/advisory/ntap-20221014-0005/" } ] } diff --git a/2022/36xxx/CVE-2022-36802.json b/2022/36xxx/CVE-2022-36802.json index bcfae282bdf..4d95541c2a1 100644 --- a/2022/36xxx/CVE-2022-36802.json +++ b/2022/36xxx/CVE-2022-36802.json @@ -1,17 +1,63 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2022-08-12T00:00:00", "ID": "CVE-2022-36802", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira Align", + "version": { + "version_data": [ + { + "version_value": "10.109.2", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a specially crafted HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Server-Side Request Forgery" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JIRAALIGN-4326", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JIRAALIGN-4326" } ] } diff --git a/2022/36xxx/CVE-2022-36803.json b/2022/36xxx/CVE-2022-36803.json index 16342da67e0..dba8aa2735a 100644 --- a/2022/36xxx/CVE-2022-36803.json +++ b/2022/36xxx/CVE-2022-36803.json @@ -1,17 +1,63 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2022-08-15T00:00:00", "ID": "CVE-2022-36803", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira Align", + "version": { + "version_data": [ + { + "version_value": "10.109.2", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JIRAALIGN-4281", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JIRAALIGN-4281" } ] } diff --git a/2022/37xxx/CVE-2022-37047.json b/2022/37xxx/CVE-2022-37047.json index f3bbb1e9d5c..0e09fe9825c 100644 --- a/2022/37xxx/CVE-2022-37047.json +++ b/2022/37xxx/CVE-2022-37047.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-d31a521866", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWRZO7BG6DHA5NAC3COB45WFXLYRIERC/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-08", + "url": "https://security.gentoo.org/glsa/202210-08" } ] } diff --git a/2022/37xxx/CVE-2022-37048.json b/2022/37xxx/CVE-2022-37048.json index 8fed408f6c8..cfa82991f02 100644 --- a/2022/37xxx/CVE-2022-37048.json +++ b/2022/37xxx/CVE-2022-37048.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-d31a521866", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWRZO7BG6DHA5NAC3COB45WFXLYRIERC/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-08", + "url": "https://security.gentoo.org/glsa/202210-08" } ] } diff --git a/2022/37xxx/CVE-2022-37049.json b/2022/37xxx/CVE-2022-37049.json index 2010bc2cd44..b4d85dcf633 100644 --- a/2022/37xxx/CVE-2022-37049.json +++ b/2022/37xxx/CVE-2022-37049.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-d31a521866", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWRZO7BG6DHA5NAC3COB45WFXLYRIERC/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202210-08", + "url": "https://security.gentoo.org/glsa/202210-08" } ] } diff --git a/2022/37xxx/CVE-2022-37208.json b/2022/37xxx/CVE-2022-37208.json index 373892771c1..6234240e129 100644 --- a/2022/37xxx/CVE-2022-37208.json +++ b/2022/37xxx/CVE-2022-37208.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-37208", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-37208", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/AgainstTheLight/someEXP_of_jfinal_cms/blob/main/jfinal_cms/sql5.md", + "refsource": "MISC", + "name": "https://github.com/AgainstTheLight/someEXP_of_jfinal_cms/blob/main/jfinal_cms/sql5.md" + }, + { + "refsource": "MISC", + "name": "https://github.com/AgainstTheLight/CVE-2022-37208", + "url": "https://github.com/AgainstTheLight/CVE-2022-37208" } ] } diff --git a/2022/37xxx/CVE-2022-37602.json b/2022/37xxx/CVE-2022-37602.json index d64a7933f60..4d29ec23638 100644 --- a/2022/37xxx/CVE-2022-37602.json +++ b/2022/37xxx/CVE-2022-37602.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-37602", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-37602", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Prototype pollution vulnerability in karma-runner grunt-karma 4.0.1 via the key variable in grunt-karma.js." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/karma-runner/grunt-karma/blob/45b925964f55870f375c6e670d9945b223c984f5/tasks/grunt-karma.js#L26", + "refsource": "MISC", + "name": "https://github.com/karma-runner/grunt-karma/blob/45b925964f55870f375c6e670d9945b223c984f5/tasks/grunt-karma.js#L26" + }, + { + "url": "https://github.com/karma-runner/grunt-karma/blob/45b925964f55870f375c6e670d9945b223c984f5/tasks/grunt-karma.js#L109", + "refsource": "MISC", + "name": "https://github.com/karma-runner/grunt-karma/blob/45b925964f55870f375c6e670d9945b223c984f5/tasks/grunt-karma.js#L109" + }, + { + "refsource": "MISC", + "name": "https://github.com/karma-runner/grunt-karma/issues/311", + "url": "https://github.com/karma-runner/grunt-karma/issues/311" } ] } diff --git a/2022/37xxx/CVE-2022-37603.json b/2022/37xxx/CVE-2022-37603.json index 37adeb7f924..a627e54d7e5 100644 --- a/2022/37xxx/CVE-2022-37603.json +++ b/2022/37xxx/CVE-2022-37603.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-37603", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-37603", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L38", + "refsource": "MISC", + "name": "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L38" + }, + { + "url": "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L107", + "refsource": "MISC", + "name": "https://github.com/webpack/loader-utils/blob/d9f4e23cf411d8556f8bac2d3bf05a6e0103b568/lib/interpolateName.js#L107" + }, + { + "refsource": "MISC", + "name": "https://github.com/webpack/loader-utils/issues/213", + "url": "https://github.com/webpack/loader-utils/issues/213" } ] } diff --git a/2022/37xxx/CVE-2022-37956.json b/2022/37xxx/CVE-2022-37956.json index a52a16426ab..7367b1084ee 100644 --- a/2022/37xxx/CVE-2022-37956.json +++ b/2022/37xxx/CVE-2022-37956.json @@ -292,6 +292,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37956", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37956" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/168723/Windows-Kernel-Registry-Subkey-Lists-Integer-Overflow.html", + "url": "http://packetstormsecurity.com/files/168723/Windows-Kernel-Registry-Subkey-Lists-Integer-Overflow.html" } ] }, diff --git a/2022/38xxx/CVE-2022-38339.json b/2022/38xxx/CVE-2022-38339.json index 38befe540dc..cfccf121c64 100644 --- a/2022/38xxx/CVE-2022-38339.json +++ b/2022/38xxx/CVE-2022-38339.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://community.safe.com/s/article/FME-Server-Stored-Cross-Site-Scripting-XSS-Vulnerabilities", "url": "https://community.safe.com/s/article/FME-Server-Stored-Cross-Site-Scripting-XSS-Vulnerabilities" + }, + { + "refsource": "MISC", + "name": "https://www.cycura.com/blog/safe-software-inc-fme-server-vulnerability-disclosure/", + "url": "https://www.cycura.com/blog/safe-software-inc-fme-server-vulnerability-disclosure/" } ] }, diff --git a/2022/38xxx/CVE-2022-38340.json b/2022/38xxx/CVE-2022-38340.json index 0dd8cacea24..c6642f85d42 100644 --- a/2022/38xxx/CVE-2022-38340.json +++ b/2022/38xxx/CVE-2022-38340.json @@ -56,6 +56,16 @@ "refsource": "MISC", "name": "https://community.safe.com/s/article/Known-Issue-FME-Server-vulnerability-with-arbitrary-path-traversal-and-file-upload", "url": "https://community.safe.com/s/article/Known-Issue-FME-Server-vulnerability-with-arbitrary-path-traversal-and-file-upload" + }, + { + "refsource": "MISC", + "name": "https://www.cycura.com/blog/safe-software-inc-fme-server-vulnerability-disclosure/", + "url": "https://www.cycura.com/blog/safe-software-inc-fme-server-vulnerability-disclosure/" + }, + { + "refsource": "MISC", + "name": "https://community.safe.com/s/article/Known-Issue-Arbitrary-file-upload-with-any-authenticated-FME-Server-account", + "url": "https://community.safe.com/s/article/Known-Issue-Arbitrary-file-upload-with-any-authenticated-FME-Server-account" } ] }, diff --git a/2022/38xxx/CVE-2022-38341.json b/2022/38xxx/CVE-2022-38341.json index 26bafac272e..1164e227552 100644 --- a/2022/38xxx/CVE-2022-38341.json +++ b/2022/38xxx/CVE-2022-38341.json @@ -52,11 +52,6 @@ }, "references": { "reference_data": [ - { - "refsource": "MISC", - "name": "https://www.cycura.com/blog/safe-software-inc-fme-server-vulnerability-disclosure/,", - "url": "https://www.cycura.com/blog/safe-software-inc-fme-server-vulnerability-disclosure/," - }, { "refsource": "MISC", "name": "https://community.safe.com/s/article/Known-Issue-Lack-of-server-side-validation-when-creating-a-new-user-in-FME-Server", diff --git a/2022/38xxx/CVE-2022-38342.json b/2022/38xxx/CVE-2022-38342.json index 733d739a9d5..cc72d668293 100644 --- a/2022/38xxx/CVE-2022-38342.json +++ b/2022/38xxx/CVE-2022-38342.json @@ -59,8 +59,8 @@ }, { "refsource": "MISC", - "name": "https://community.safe.com/s/article/Known-Issue-FME-Server-vulnerability-with-arbitrary-path-traversal-and-file-upload", - "url": "https://community.safe.com/s/article/Known-Issue-FME-Server-vulnerability-with-arbitrary-path-traversal-and-file-upload" + "name": "https://www.cycura.com/blog/safe-software-inc-fme-server-vulnerability-disclosure/", + "url": "https://www.cycura.com/blog/safe-software-inc-fme-server-vulnerability-disclosure/" } ] }, diff --git a/2022/38xxx/CVE-2022-38418.json b/2022/38xxx/CVE-2022-38418.json index 20713f9bd61..a79dd8196ea 100644 --- a/2022/38xxx/CVE-2022-38418.json +++ b/2022/38xxx/CVE-2022-38418.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-10-11T23:00:00.000Z", "ID": "CVE-2022-38418", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe ColdFusion Application Server Directory Traversal Remote Code Execution Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ColdFusion", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "CF2021U4" + }, + { + "version_affected": "<=", + "version_value": "CF2018u14" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "High", + "baseScore": 9.8, + "baseSeverity": "Critical", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html", + "name": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38419.json b/2022/38xxx/CVE-2022-38419.json index 6e2946f66d4..496c628d70a 100644 --- a/2022/38xxx/CVE-2022-38419.json +++ b/2022/38xxx/CVE-2022-38419.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-10-11T23:00:00.000Z", "ID": "CVE-2022-38419", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe ColdFusion Solr Service XML External Entity Processing Arbitrary file system read" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ColdFusion", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "CF2021U4" + }, + { + "version_affected": "<=", + "version_value": "CF2018u14" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "High", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 7.5, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Restriction of XML External Entity Reference ('XXE') (CWE-611)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html", + "name": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38420.json b/2022/38xxx/CVE-2022-38420.json index 15434e0acae..72076caa87e 100644 --- a/2022/38xxx/CVE-2022-38420.json +++ b/2022/38xxx/CVE-2022-38420.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-10-11T23:00:00.000Z", "ID": "CVE-2022-38420", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe ColdFusion Use of Hard-coded Credentials Application denial-of-service" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ColdFusion", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "CF2021U4" + }, + { + "version_affected": "<=", + "version_value": "CF2018u14" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Use of Hard-coded Credentials vulnerability that could result in application denial-of-service by gaining access to start/stop arbitrary services. Exploitation of this issue does not require user interaction." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "High", + "baseScore": 7.5, + "baseSeverity": "High", + "confidentialityImpact": "None", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use of Hard-coded Credentials (CWE-798)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html", + "name": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38421.json b/2022/38xxx/CVE-2022-38421.json index b6c8b03259a..5ad97ce611c 100644 --- a/2022/38xxx/CVE-2022-38421.json +++ b/2022/38xxx/CVE-2022-38421.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-10-11T23:00:00.000Z", "ID": "CVE-2022-38421", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe ColdFusion Application Server Directory Traversal Remote Code Execution Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ColdFusion", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "CF2021U4" + }, + { + "version_affected": "<=", + "version_value": "CF2018u14" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but does require administrator privileges." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "High", + "baseScore": 7.2, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "High", + "scope": "Unchanged", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html", + "name": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38422.json b/2022/38xxx/CVE-2022-38422.json index 92ba0ebe6a4..e04c9344943 100644 --- a/2022/38xxx/CVE-2022-38422.json +++ b/2022/38xxx/CVE-2022-38422.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-10-11T23:00:00.000Z", "ID": "CVE-2022-38422", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe ColdFusion Application Server Directory Traversal Information Disclosure Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ColdFusion", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "CF2021U4" + }, + { + "version_affected": "<=", + "version_value": "CF2018u14" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in information disclosure. Exploitation of this issue does not require user interaction." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 7.5, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html", + "name": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38423.json b/2022/38xxx/CVE-2022-38423.json index 367e605c917..22c2ff53fe2 100644 --- a/2022/38xxx/CVE-2022-38423.json +++ b/2022/38xxx/CVE-2022-38423.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-10-11T23:00:00.000Z", "ID": "CVE-2022-38423", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe ColdFusion Application Server Directory Traversal Information Disclosure Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ColdFusion", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "CF2021U4" + }, + { + "version_affected": "<=", + "version_value": "CF2018u14" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in information disclosure. Exploitation of this issue does not require user interaction, but does require administrator privileges." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 4.9, + "baseSeverity": "Medium", + "confidentialityImpact": "High", + "integrityImpact": "None", + "privilegesRequired": "High", + "scope": "Unchanged", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html", + "name": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38424.json b/2022/38xxx/CVE-2022-38424.json index 43e1c91e456..7f21369b1b8 100644 --- a/2022/38xxx/CVE-2022-38424.json +++ b/2022/38xxx/CVE-2022-38424.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-10-11T23:00:00.000Z", "ID": "CVE-2022-38424", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe ColdFusion Application Server Directory Traversal Arbitrary file system write" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ColdFusion", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "CF2021U4" + }, + { + "version_affected": "<=", + "version_value": "CF2018u14" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary file system write. Exploitation of this issue does not require user interaction, but does require administrator privileges." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "High", + "baseScore": 7.2, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "High", + "scope": "Unchanged", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html", + "name": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38437.json b/2022/38xxx/CVE-2022-38437.json index 123e14bc103..5cc682c86a9 100644 --- a/2022/38xxx/CVE-2022-38437.json +++ b/2022/38xxx/CVE-2022-38437.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-10-11T23:00:00.000Z", "ID": "CVE-2022-38437", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Acrobat Reader Use After Free Memory leak" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "20.005.30381" + }, + { + "version_affected": "<=", + "version_value": "22.002.20212" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "None", + "baseScore": 5.5, + "baseSeverity": "Medium", + "confidentialityImpact": "High", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free (CWE-416)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb22-46.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb22-46.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38440.json b/2022/38xxx/CVE-2022-38440.json index eaa109654c8..7cb53557892 100644 --- a/2022/38xxx/CVE-2022-38440.json +++ b/2022/38xxx/CVE-2022-38440.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-10-11T23:00:00.000Z", "ID": "CVE-2022-38440", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Dimension SKP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Dimension", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "3.4.5" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read (CWE-125)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/dimension/apsb22-57.html", + "name": "https://helpx.adobe.com/security/products/dimension/apsb22-57.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38441.json b/2022/38xxx/CVE-2022-38441.json index 566d4abd900..99b5386d959 100644 --- a/2022/38xxx/CVE-2022-38441.json +++ b/2022/38xxx/CVE-2022-38441.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-10-11T23:00:00.000Z", "ID": "CVE-2022-38441", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Dimension GLB File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Dimension", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "3.4.5" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read (CWE-125)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/dimension/apsb22-57.html", + "name": "https://helpx.adobe.com/security/products/dimension/apsb22-57.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38442.json b/2022/38xxx/CVE-2022-38442.json index 377f1cb5c7c..7b1d84fcf62 100644 --- a/2022/38xxx/CVE-2022-38442.json +++ b/2022/38xxx/CVE-2022-38442.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-10-11T23:00:00.000Z", "ID": "CVE-2022-38442", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Dimension", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "3.4.5" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free (CWE-416)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/dimension/apsb22-57.html", + "name": "https://helpx.adobe.com/security/products/dimension/apsb22-57.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38443.json b/2022/38xxx/CVE-2022-38443.json index 12867520e88..0dcd4a1d3ef 100644 --- a/2022/38xxx/CVE-2022-38443.json +++ b/2022/38xxx/CVE-2022-38443.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-10-11T23:00:00.000Z", "ID": "CVE-2022-38443", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Dimension GLB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Dimension", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "3.4.5" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "None", + "baseScore": 5.5, + "baseSeverity": "Medium", + "confidentialityImpact": "High", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read (CWE-125)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/dimension/apsb22-57.html", + "name": "https://helpx.adobe.com/security/products/dimension/apsb22-57.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38444.json b/2022/38xxx/CVE-2022-38444.json index ffcae4cc5d4..8130b725b82 100644 --- a/2022/38xxx/CVE-2022-38444.json +++ b/2022/38xxx/CVE-2022-38444.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-10-11T23:00:00.000Z", "ID": "CVE-2022-38444", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Dimension", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "3.4.5" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free (CWE-416)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/dimension/apsb22-57.html", + "name": "https://helpx.adobe.com/security/products/dimension/apsb22-57.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38445.json b/2022/38xxx/CVE-2022-38445.json index abe37911963..afcf371a849 100644 --- a/2022/38xxx/CVE-2022-38445.json +++ b/2022/38xxx/CVE-2022-38445.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-10-11T23:00:00.000Z", "ID": "CVE-2022-38445", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Dimension", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "3.4.5" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free (CWE-416)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/dimension/apsb22-57.html", + "name": "https://helpx.adobe.com/security/products/dimension/apsb22-57.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38446.json b/2022/38xxx/CVE-2022-38446.json index 3bdceff9b07..80e508fb37e 100644 --- a/2022/38xxx/CVE-2022-38446.json +++ b/2022/38xxx/CVE-2022-38446.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-10-11T23:00:00.000Z", "ID": "CVE-2022-38446", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Dimension", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "3.4.5" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free (CWE-416)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/dimension/apsb22-57.html", + "name": "https://helpx.adobe.com/security/products/dimension/apsb22-57.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38447.json b/2022/38xxx/CVE-2022-38447.json index 31734e380b6..5f2b98f1600 100644 --- a/2022/38xxx/CVE-2022-38447.json +++ b/2022/38xxx/CVE-2022-38447.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-10-11T23:00:00.000Z", "ID": "CVE-2022-38447", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Dimension", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "3.4.5" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free (CWE-416)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/dimension/apsb22-57.html", + "name": "https://helpx.adobe.com/security/products/dimension/apsb22-57.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38448.json b/2022/38xxx/CVE-2022-38448.json index a30ab27d94c..94e83e4c661 100644 --- a/2022/38xxx/CVE-2022-38448.json +++ b/2022/38xxx/CVE-2022-38448.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-10-11T23:00:00.000Z", "ID": "CVE-2022-38448", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Dimension", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "3.4.5" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free (CWE-416)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/dimension/apsb22-57.html", + "name": "https://helpx.adobe.com/security/products/dimension/apsb22-57.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38449.json b/2022/38xxx/CVE-2022-38449.json index 7e00cfc8b8f..5db86c9ade7 100644 --- a/2022/38xxx/CVE-2022-38449.json +++ b/2022/38xxx/CVE-2022-38449.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "NoneT23:00:00.000Z", "ID": "CVE-2022-38449", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Acrobat Reader DC JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "20.005.30381" + }, + { + "version_affected": "<=", + "version_value": "22.002.20212" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "None", + "baseScore": 5.5, + "baseSeverity": "Medium", + "confidentialityImpact": "High", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read (CWE-125)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb22-46.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb22-46.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38450.json b/2022/38xxx/CVE-2022-38450.json index c0ce0422221..ba629d33935 100644 --- a/2022/38xxx/CVE-2022-38450.json +++ b/2022/38xxx/CVE-2022-38450.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "NoneT23:00:00.000Z", "ID": "CVE-2022-38450", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Acrobat Reader DC XFA Parsing Stack Overflow Remote Code Execution Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "20.005.30381" + }, + { + "version_affected": "<=", + "version_value": "22.002.20212" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stack-based Buffer Overflow (CWE-121)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb22-46.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb22-46.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38537.json b/2022/38xxx/CVE-2022-38537.json index 4e4f70029f5..0c646404579 100644 --- a/2022/38xxx/CVE-2022-38537.json +++ b/2022/38xxx/CVE-2022-38537.json @@ -56,6 +56,16 @@ "url": "https://github.com/hhyo/Archery/blob/v1.8.5/sql/urls.py#L135", "refsource": "MISC", "name": "https://github.com/hhyo/Archery/blob/v1.8.5/sql/urls.py#L135" + }, + { + "refsource": "MISC", + "name": "https://github.com/hhyo/Archery/issues/1842", + "url": "https://github.com/hhyo/Archery/issues/1842" + }, + { + "refsource": "MISC", + "name": "https://announcements.bybit.com/en-US/article/bybit-improves-the-security-of-the-open-source-community-blt626818c0ee8c48a6/", + "url": "https://announcements.bybit.com/en-US/article/bybit-improves-the-security-of-the-open-source-community-blt626818c0ee8c48a6/" } ] } diff --git a/2022/38xxx/CVE-2022-38541.json b/2022/38xxx/CVE-2022-38541.json index 358d0e61bc9..a6016eafb96 100644 --- a/2022/38xxx/CVE-2022-38541.json +++ b/2022/38xxx/CVE-2022-38541.json @@ -56,6 +56,16 @@ "url": "https://github.com/hhyo/Archery/blob/v1.8.5/sql/urls.py#L136", "refsource": "MISC", "name": "https://github.com/hhyo/Archery/blob/v1.8.5/sql/urls.py#L136" + }, + { + "refsource": "MISC", + "name": "https://github.com/hhyo/Archery/issues/1842", + "url": "https://github.com/hhyo/Archery/issues/1842" + }, + { + "refsource": "MISC", + "name": "https://announcements.bybit.com/en-US/article/bybit-improves-the-security-of-the-open-source-community-blt626818c0ee8c48a6/", + "url": "https://announcements.bybit.com/en-US/article/bybit-improves-the-security-of-the-open-source-community-blt626818c0ee8c48a6/" } ] } diff --git a/2022/38xxx/CVE-2022-38669.json b/2022/38xxx/CVE-2022-38669.json index a8ce4ae4760..3719794a476 100644 --- a/2022/38xxx/CVE-2022-38669.json +++ b/2022/38xxx/CVE-2022-38669.json @@ -1,18 +1 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-38669", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file +{"CVE_data_meta": {"ASSIGNER": "security@unisoc.com", "ID": "CVE-2022-38669", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "version": {"version_data": [{"version_value": "Android10/Android11/Android12"}]}}]}, "vendor_name": "Unisoc (Shanghai) Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-862 Missing Authorization"}]}]}, "references": {"reference_data": [{"refsource": "MISC", "name": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738"}]}} \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38670.json b/2022/38xxx/CVE-2022-38670.json index 21b407fc6a9..e8186ebd12b 100644 --- a/2022/38xxx/CVE-2022-38670.json +++ b/2022/38xxx/CVE-2022-38670.json @@ -1,18 +1 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-38670", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file +{"CVE_data_meta": {"ASSIGNER": "security@unisoc.com", "ID": "CVE-2022-38670", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "version": {"version_data": [{"version_value": "Android10/Android11/Android12"}]}}]}, "vendor_name": "Unisoc (Shanghai) Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-862 Missing Authorization"}]}]}, "references": {"reference_data": [{"refsource": "MISC", "name": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738"}]}} \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38671.json b/2022/38xxx/CVE-2022-38671.json index 198d5e5d434..a32d49cbe42 100644 --- a/2022/38xxx/CVE-2022-38671.json +++ b/2022/38xxx/CVE-2022-38671.json @@ -1,18 +1 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-38671", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file +{"CVE_data_meta": {"ASSIGNER": "security@unisoc.com", "ID": "CVE-2022-38671", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "version": {"version_data": [{"version_value": "Android10/Android11/Android12"}]}}]}, "vendor_name": "Unisoc (Shanghai) Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-126 Buffer Over-read"}]}]}, "references": {"reference_data": [{"refsource": "MISC", "name": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738"}]}} \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38672.json b/2022/38xxx/CVE-2022-38672.json index 00f71fd7425..1de9d45c883 100644 --- a/2022/38xxx/CVE-2022-38672.json +++ b/2022/38xxx/CVE-2022-38672.json @@ -1,18 +1 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-38672", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file +{"CVE_data_meta": {"ASSIGNER": "security@unisoc.com", "ID": "CVE-2022-38672", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "version": {"version_data": [{"version_value": "Android10/Android11/Android12"}]}}]}, "vendor_name": "Unisoc (Shanghai) Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-121 Stack-based Buffer Overflow"}]}]}, "references": {"reference_data": [{"refsource": "MISC", "name": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738"}]}} \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38673.json b/2022/38xxx/CVE-2022-38673.json index 0410d05e986..0ab79dee673 100644 --- a/2022/38xxx/CVE-2022-38673.json +++ b/2022/38xxx/CVE-2022-38673.json @@ -1,18 +1 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-38673", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file +{"CVE_data_meta": {"ASSIGNER": "security@unisoc.com", "ID": "CVE-2022-38673", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "version": {"version_data": [{"version_value": "Android10/Android11/Android12"}]}}]}, "vendor_name": "Unisoc (Shanghai) Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-126 Buffer Over-read"}]}]}, "references": {"reference_data": [{"refsource": "MISC", "name": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738"}]}} \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38676.json b/2022/38xxx/CVE-2022-38676.json index 4c54dbf143f..caf4062ef69 100644 --- a/2022/38xxx/CVE-2022-38676.json +++ b/2022/38xxx/CVE-2022-38676.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@unisoc.com", "ID": "CVE-2022-38676", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", + "version": { + "version_data": [ + { + "version_value": "Android10/Android11/Android12" + } + ] + } + } + ] + }, + "vendor_name": "Unisoc (Shanghai) Technologies Co., Ltd." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In gpu driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787 Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738", + "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738" } ] } diff --git a/2022/38xxx/CVE-2022-38677.json b/2022/38xxx/CVE-2022-38677.json index 6d4603a545d..4cc406204a0 100644 --- a/2022/38xxx/CVE-2022-38677.json +++ b/2022/38xxx/CVE-2022-38677.json @@ -1,18 +1 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-38677", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file +{"CVE_data_meta": {"ASSIGNER": "security@unisoc.com", "ID": "CVE-2022-38677", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "version": {"version_data": [{"version_value": "Android10/Android11/Android12"}]}}]}, "vendor_name": "Unisoc (Shanghai) Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In cell service, there is a missing permission check. This could lead to local denial of service in cell service with no additional execution privileges needed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-400 Uncontrolled Resource Consumption"}]}]}, "references": {"reference_data": [{"refsource": "MISC", "name": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738"}]}} \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38679.json b/2022/38xxx/CVE-2022-38679.json index 20e3622bb40..e7b7e457dbe 100644 --- a/2022/38xxx/CVE-2022-38679.json +++ b/2022/38xxx/CVE-2022-38679.json @@ -1,18 +1 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-38679", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file +{"CVE_data_meta": {"ASSIGNER": "security@unisoc.com", "ID": "CVE-2022-38679", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "version": {"version_data": [{"version_value": "Android10/Android11/Android12"}]}}]}, "vendor_name": "Unisoc (Shanghai) Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In music service, there is a missing permission check. This could lead to local denial of service in music service with no additional execution privileges needed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-400 Uncontrolled Resource Consumption"}]}]}, "references": {"reference_data": [{"refsource": "MISC", "name": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738"}]}} \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38687.json b/2022/38xxx/CVE-2022-38687.json index 2dd5da79aa0..481ea7c330e 100644 --- a/2022/38xxx/CVE-2022-38687.json +++ b/2022/38xxx/CVE-2022-38687.json @@ -1,18 +1 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-38687", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file +{"CVE_data_meta": {"ASSIGNER": "security@unisoc.com", "ID": "CVE-2022-38687", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "version": {"version_data": [{"version_value": "Android10/Android11/Android12"}]}}]}, "vendor_name": "Unisoc (Shanghai) Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In messaging service, there is a missing permission check. This could lead to local denial of service in messaging service with no additional execution privileges needed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-400 Uncontrolled Resource Consumption"}]}]}, "references": {"reference_data": [{"refsource": "MISC", "name": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738"}]}} \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38688.json b/2022/38xxx/CVE-2022-38688.json index 3ff533166a8..fdc55ab07c7 100644 --- a/2022/38xxx/CVE-2022-38688.json +++ b/2022/38xxx/CVE-2022-38688.json @@ -1,18 +1 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-38688", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file +{"CVE_data_meta": {"ASSIGNER": "security@unisoc.com", "ID": "CVE-2022-38688", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "version": {"version_data": [{"version_value": "Android10/Android11/Android12"}]}}]}, "vendor_name": "Unisoc (Shanghai) Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-200 Information Exposure"}]}]}, "references": {"reference_data": [{"refsource": "MISC", "name": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738"}]}} \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38689.json b/2022/38xxx/CVE-2022-38689.json index 80e5c93a0ff..70f816352f0 100644 --- a/2022/38xxx/CVE-2022-38689.json +++ b/2022/38xxx/CVE-2022-38689.json @@ -1,18 +1 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-38689", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file +{"CVE_data_meta": {"ASSIGNER": "security@unisoc.com", "ID": "CVE-2022-38689", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "version": {"version_data": [{"version_value": "Android10/Android11/Android12"}]}}]}, "vendor_name": "Unisoc (Shanghai) Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-200 Information Exposure"}]}]}, "references": {"reference_data": [{"refsource": "MISC", "name": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738"}]}} \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38690.json b/2022/38xxx/CVE-2022-38690.json index b56c6784a96..a194a2c127b 100644 --- a/2022/38xxx/CVE-2022-38690.json +++ b/2022/38xxx/CVE-2022-38690.json @@ -1,18 +1 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-38690", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file +{"CVE_data_meta": {"ASSIGNER": "security@unisoc.com", "ID": "CVE-2022-38690", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "version": {"version_data": [{"version_value": "Android10/Android11/Android12"}]}}]}, "vendor_name": "Unisoc (Shanghai) Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}]}, "references": {"reference_data": [{"refsource": "MISC", "name": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738"}]}} \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38697.json b/2022/38xxx/CVE-2022-38697.json index d1d636880f9..3ed91369587 100644 --- a/2022/38xxx/CVE-2022-38697.json +++ b/2022/38xxx/CVE-2022-38697.json @@ -1,18 +1 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-38697", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file +{"CVE_data_meta": {"ASSIGNER": "security@unisoc.com", "ID": "CVE-2022-38697", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "version": {"version_data": [{"version_value": "Android10/Android11/Android12"}]}}]}, "vendor_name": "Unisoc (Shanghai) Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In messaging service, there is a missing permission check. This could lead to access unexpected provider in contacts service with no additional execution privileges needed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-862 Missing Authorization"}]}]}, "references": {"reference_data": [{"refsource": "MISC", "name": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738"}]}} \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38698.json b/2022/38xxx/CVE-2022-38698.json index 571db2f3d3f..3e556226014 100644 --- a/2022/38xxx/CVE-2022-38698.json +++ b/2022/38xxx/CVE-2022-38698.json @@ -1,18 +1 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-38698", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file +{"CVE_data_meta": {"ASSIGNER": "security@unisoc.com", "ID": "CVE-2022-38698", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "version": {"version_data": [{"version_value": "Android10/Android11/Android12"}]}}]}, "vendor_name": "Unisoc (Shanghai) Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In messaging service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-862 Missing Authorization"}]}]}, "references": {"reference_data": [{"refsource": "MISC", "name": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738"}]}} \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38902.json b/2022/38xxx/CVE-2022-38902.json index f78529fd347..50f903c646a 100644 --- a/2022/38xxx/CVE-2022-38902.json +++ b/2022/38xxx/CVE-2022-38902.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-38902", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-38902", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross-site scripting (XSS) vulnerability in the Blog module - add new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the name field of newly created topic." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://liferay.com", + "refsource": "MISC", + "name": "http://liferay.com" + }, + { + "url": "https://drive.proton.me/urls/D27RQ14NGW#b71d8XrBl2Mu", + "refsource": "MISC", + "name": "https://drive.proton.me/urls/D27RQ14NGW#b71d8XrBl2Mu" + }, + { + "refsource": "MISC", + "name": "https://www.offensity.com/en/blog/authenticated-persistent-xss-in-liferay-dxp-cms-cve-2022-38901-and-cve-2022-38902/", + "url": "https://www.offensity.com/en/blog/authenticated-persistent-xss-in-liferay-dxp-cms-cve-2022-38901-and-cve-2022-38902/" } ] } diff --git a/2022/38xxx/CVE-2022-38977.json b/2022/38xxx/CVE-2022-38977.json index 4dd2c4a4f1c..f68695f384d 100644 --- a/2022/38xxx/CVE-2022-38977.json +++ b/2022/38xxx/CVE-2022-38977.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-38977", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + }, + { + "version_affected": "=", + "version_value": "2.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The HwAirlink module has a heap overflow vulnerability.Successful exploitation of this vulnerability may cause out-of-bounds writes, resulting in modification of sensitive data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap overflow vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697" } ] } diff --git a/2022/38xxx/CVE-2022-38980.json b/2022/38xxx/CVE-2022-38980.json index 88907aa0866..47894d81694 100644 --- a/2022/38xxx/CVE-2022-38980.json +++ b/2022/38xxx/CVE-2022-38980.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-38980", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + }, + { + "version_affected": "=", + "version_value": "2.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The HwAirlink module has a heap overflow vulnerability in processing data packets of the proprietary protocol.Successful exploitation of this vulnerability may allow attackers to obtain process control permissions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap overflow vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697" } ] } diff --git a/2022/38xxx/CVE-2022-38981.json b/2022/38xxx/CVE-2022-38981.json index a8308706a05..9a391a78fbb 100644 --- a/2022/38xxx/CVE-2022-38981.json +++ b/2022/38xxx/CVE-2022-38981.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-38981", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + }, + { + "version_affected": "=", + "version_value": "2.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The HwAirlink module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause information leakage." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697" } ] } diff --git a/2022/38xxx/CVE-2022-38982.json b/2022/38xxx/CVE-2022-38982.json index 32385460d79..a1c5aa3ef2c 100644 --- a/2022/38xxx/CVE-2022-38982.json +++ b/2022/38xxx/CVE-2022-38982.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-38982", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The fingerprint module has service logic errors.Successful exploitation of this vulnerability will cause the phone lock to be cracked." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Service logic error vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697" } ] } diff --git a/2022/38xxx/CVE-2022-38983.json b/2022/38xxx/CVE-2022-38983.json index 40118e73444..78a06418aa0 100644 --- a/2022/38xxx/CVE-2022-38983.json +++ b/2022/38xxx/CVE-2022-38983.json @@ -1,17 +1,86 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-38983", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + }, + { + "version_affected": "=", + "version_value": "2.1" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The BT Hfp Client module has a Use-After-Free (UAF) vulnerability.Successful exploitation of this vulnerability may result in arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "UAF vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/10/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/10/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697" } ] } diff --git a/2022/38xxx/CVE-2022-38984.json b/2022/38xxx/CVE-2022-38984.json index 96dfff13ebc..f065af3406e 100644 --- a/2022/38xxx/CVE-2022-38984.json +++ b/2022/38xxx/CVE-2022-38984.json @@ -1,17 +1,78 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-38984", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The HIPP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/10/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/10/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697" } ] } diff --git a/2022/38xxx/CVE-2022-38985.json b/2022/38xxx/CVE-2022-38985.json index f8c1d1d4b4d..83adb15e841 100644 --- a/2022/38xxx/CVE-2022-38985.json +++ b/2022/38xxx/CVE-2022-38985.json @@ -1,17 +1,78 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-38985", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The facial recognition module has a vulnerability in input validation.Successful exploitation of this vulnerability may affect data confidentiality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Input verification vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/10/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/10/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697" } ] } diff --git a/2022/38xxx/CVE-2022-38986.json b/2022/38xxx/CVE-2022-38986.json index f9ce23c5522..43637d4bf51 100644 --- a/2022/38xxx/CVE-2022-38986.json +++ b/2022/38xxx/CVE-2022-38986.json @@ -1,17 +1,78 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-38986", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The HIPP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause out-of-bounds access to the HIPP module and page table tampering, affecting device confidentiality and availability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds access vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/10/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/10/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697" } ] } diff --git a/2022/38xxx/CVE-2022-38998.json b/2022/38xxx/CVE-2022-38998.json index 724f4af1421..d65740bb46b 100644 --- a/2022/38xxx/CVE-2022-38998.json +++ b/2022/38xxx/CVE-2022-38998.json @@ -1,17 +1,78 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-38998", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The HISP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/10/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/10/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697" } ] } diff --git a/2022/39xxx/CVE-2022-39002.json b/2022/39xxx/CVE-2022-39002.json index 6cb699f9e3d..cd84703ac11 100644 --- a/2022/39xxx/CVE-2022-39002.json +++ b/2022/39xxx/CVE-2022-39002.json @@ -1,55 +1,41 @@ { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-39002", + "ASSIGNER": "psirt@huawei.com", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "EMUI", + "product_name": "HarmonyOS;EMUI;Magic UI", "version": { "version_data": [ { - "version_affected": "=", - "version_value": "11.0.0" - } - ] - } - }, - { - "product_name": "Magic UI", - "version": { - "version_data": [ + "version_value": "HarmonyOS 2.0" + }, { - "version_affected": "=", - "version_value": "4.0.0" + "version_value": "EMUI 11.0.0" + }, + { + "version_value": "Magic UI 4.0.0" } ] } } ] - }, - "vendor_name": "Huawei" + } } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Double free vulnerability in the storage module. Successful exploitation of this vulnerability will cause the memory to be freed twice." - } - ] - }, "problemtype": { "problemtype_data": [ { @@ -65,9 +51,22 @@ "references": { "reference_data": [ { - "url": "https://consumer.huawei.com/en/support/bulletin/2022/9/", "refsource": "MISC", - "name": "https://consumer.huawei.com/en/support/bulletin/2022/9/" + "name": "https://consumer.huawei.com/en/support/bulletin/2022/9/", + "url": "https://consumer.huawei.com/en/support/bulletin/2022/9/" + }, + { + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697", + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double free vulnerability in the storage module. Successful exploitation of this vulnerability will cause the memory to be freed twice." } ] } diff --git a/2022/39xxx/CVE-2022-39011.json b/2022/39xxx/CVE-2022-39011.json index 859d2b937fe..80b3443f4cf 100644 --- a/2022/39xxx/CVE-2022-39011.json +++ b/2022/39xxx/CVE-2022-39011.json @@ -1,17 +1,78 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-39011", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The HISP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause unauthorized access to the HISP module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unauthorized access vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/10/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/10/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697" } ] } diff --git a/2022/39xxx/CVE-2022-39013.json b/2022/39xxx/CVE-2022-39013.json index ce5fe09a1e3..92b0ed06f29 100644 --- a/2022/39xxx/CVE-2022-39013.json +++ b/2022/39xxx/CVE-2022-39013.json @@ -19,11 +19,11 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "420" }, { - "version_name": "<", + "version_affected": "=", "version_value": "430" } ] diff --git a/2022/39xxx/CVE-2022-39015.json b/2022/39xxx/CVE-2022-39015.json index bebea7e795e..576dbdec1b0 100644 --- a/2022/39xxx/CVE-2022-39015.json +++ b/2022/39xxx/CVE-2022-39015.json @@ -19,11 +19,11 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "4.2" }, { - "version_name": "<", + "version_affected": "=", "version_value": "4.3" } ] diff --git a/2022/39xxx/CVE-2022-39052.json b/2022/39xxx/CVE-2022-39052.json index b9b367c5884..210ca26f507 100644 --- a/2022/39xxx/CVE-2022-39052.json +++ b/2022/39xxx/CVE-2022-39052.json @@ -1,18 +1,115 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@otrs.com", + "DATE_PUBLIC": "2022-10-17T07:00:00.000Z", "ID": "CVE-2022-39052", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "DoS attack using email" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OTRS", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.0.x", + "version_value": "7.0.39" + }, + { + "version_affected": "<=", + "version_name": "8.0.x", + "version_value": "8.0.26" + } + ] + } + }, + { + "product_name": "((OTRS)) Community Edition", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_name": "6.0.x", + "version_value": "6.0.1" + } + ] + } + } + ] + }, + "vendor_name": "OTRS AG" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An external attacker is able to send a specially crafted email (with many recipients) and trigger a potential DoS of the system" } ] + }, + "generator": { + "engine": "vulnogram 0.1.0-rc1" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://otrs.com/release-notes/otrs-security-advisory-2022-13/", + "refsource": "CONFIRM", + "url": "https://otrs.com/release-notes/otrs-security-advisory-2022-13/" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to OTRS 8.0.26 or OTRS 7.0.38." + } + ], + "source": { + "advisory": "OSA-2022-13", + "defect": [ + "2022070642001105" + ], + "discovery": "USER" } } \ No newline at end of file diff --git a/2022/39xxx/CVE-2022-39064.json b/2022/39xxx/CVE-2022-39064.json index 5e55b0edeea..8ede2475d77 100644 --- a/2022/39xxx/CVE-2022-39064.json +++ b/2022/39xxx/CVE-2022-39064.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-39064", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "disclosure@synopsys.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ikea", + "product": { + "product_data": [ + { + "product_name": "TR\u00c5DFRI smart lighting system", + "version": { + "version_data": [ + { + "version_value": "< 2.0.029 >" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-241: Improper Handling of Unexpected Data Type" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-ikea-tradfri-smart-lighting/", + "refsource": "MISC", + "name": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-ikea-tradfri-smart-lighting/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An attacker sending a single malformed IEEE 802.15.4 (Zigbee) frame makes the TR\u00c5DFRI bulb blink, and if they replay (i.e. resend) the same frame multiple times, the bulb performs a factory reset. This causes the bulb to lose configuration information about the Zigbee network and current brightness level. After this attack, all lights are on with full brightness, and a user cannot control the bulbs with either the IKEA Home Smart app or the TR\u00c5DFRI remote control. The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices within radio range are affected. CVSS 3.1 Base Score 7.1 vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" } ] } diff --git a/2022/39xxx/CVE-2022-39065.json b/2022/39xxx/CVE-2022-39065.json index bfc510d1c73..947e4902ea8 100644 --- a/2022/39xxx/CVE-2022-39065.json +++ b/2022/39xxx/CVE-2022-39065.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-39065", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "disclosure@synopsys.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ikea", + "product": { + "product_data": [ + { + "product_name": "TR\u00c5DFRI gateway system", + "version": { + "version_data": [ + { + "version_value": "< 1.19.26" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-241: Improper Handling of Unexpected Data Type" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-ikea-tradfri-smart-lighting-gateway/", + "refsource": "MISC", + "name": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-ikea-tradfri-smart-lighting-gateway/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A single malformed IEEE 802.15.4 (Zigbee) frame makes the TR\u00c5DFRI gateway unresponsive, such that connected lighting cannot be controlled with the IKEA Home Smart app and TR\u00c5DFRI remote control. The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices within radio range are affected. CVSS 3.1 Base Score: 6.5 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ] } diff --git a/2022/39xxx/CVE-2022-39080.json b/2022/39xxx/CVE-2022-39080.json index 33d12ef9b3e..3281537343a 100644 --- a/2022/39xxx/CVE-2022-39080.json +++ b/2022/39xxx/CVE-2022-39080.json @@ -1,18 +1 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-39080", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file +{"CVE_data_meta": {"ASSIGNER": "security@unisoc.com", "ID": "CVE-2022-39080", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "version": {"version_data": [{"version_value": "Android10/Android11/Android12"}]}}]}, "vendor_name": "Unisoc (Shanghai) Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In messaging service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-862 Missing Authorization"}]}]}, "references": {"reference_data": [{"refsource": "MISC", "name": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738"}]}} \ No newline at end of file diff --git a/2022/39xxx/CVE-2022-39103.json b/2022/39xxx/CVE-2022-39103.json index 26aa9aea907..c9ea54f8002 100644 --- a/2022/39xxx/CVE-2022-39103.json +++ b/2022/39xxx/CVE-2022-39103.json @@ -1,18 +1 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-39103", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file +{"CVE_data_meta": {"ASSIGNER": "security@unisoc.com", "ID": "CVE-2022-39103", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "version": {"version_data": [{"version_value": "Android10/Android11/Android12"}]}}]}, "vendor_name": "Unisoc (Shanghai) Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Gallery service, there is a missing permission check. This could lead to local denial of service in Gallery service with no additional execution privileges needed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-862 Missing Authorization"}]}]}, "references": {"reference_data": [{"refsource": "MISC", "name": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738"}]}} \ No newline at end of file diff --git a/2022/39xxx/CVE-2022-39105.json b/2022/39xxx/CVE-2022-39105.json index 4a588c76fa8..8b4f82ae76d 100644 --- a/2022/39xxx/CVE-2022-39105.json +++ b/2022/39xxx/CVE-2022-39105.json @@ -1,18 +1 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-39105", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file +{"CVE_data_meta": {"ASSIGNER": "security@unisoc.com", "ID": "CVE-2022-39105", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "version": {"version_data": [{"version_value": "Android10/Android11/Android12"}]}}]}, "vendor_name": "Unisoc (Shanghai) Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-190 Integer Overflow"}]}]}, "references": {"reference_data": [{"refsource": "MISC", "name": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738"}]}} \ No newline at end of file diff --git a/2022/39xxx/CVE-2022-39107.json b/2022/39xxx/CVE-2022-39107.json index 0c06c6a4a71..616acac23d6 100644 --- a/2022/39xxx/CVE-2022-39107.json +++ b/2022/39xxx/CVE-2022-39107.json @@ -1,18 +1 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-39107", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file +{"CVE_data_meta": {"ASSIGNER": "security@unisoc.com", "ID": "CVE-2022-39107", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "version": {"version_data": [{"version_value": "Android10/Android11/Android12"}]}}]}, "vendor_name": "Unisoc (Shanghai) Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in Soundrecorder service with no additional execution privileges needed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-862 Missing Authorization"}]}]}, "references": {"reference_data": [{"refsource": "MISC", "name": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738"}]}} \ No newline at end of file diff --git a/2022/39xxx/CVE-2022-39108.json b/2022/39xxx/CVE-2022-39108.json index faa855b1c55..de2b9ac2f10 100644 --- a/2022/39xxx/CVE-2022-39108.json +++ b/2022/39xxx/CVE-2022-39108.json @@ -1,18 +1 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-39108", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file +{"CVE_data_meta": {"ASSIGNER": "security@unisoc.com", "ID": "CVE-2022-39108", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "version": {"version_data": [{"version_value": "Android10/Android11/Android12"}]}}]}, "vendor_name": "Unisoc (Shanghai) Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-862 Missing Authorization"}]}]}, "references": {"reference_data": [{"refsource": "MISC", "name": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738"}]}} \ No newline at end of file diff --git a/2022/39xxx/CVE-2022-39109.json b/2022/39xxx/CVE-2022-39109.json index 175fc0cecb6..7f6630902dc 100644 --- a/2022/39xxx/CVE-2022-39109.json +++ b/2022/39xxx/CVE-2022-39109.json @@ -1,18 +1 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-39109", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file +{"CVE_data_meta": {"ASSIGNER": "security@unisoc.com", "ID": "CVE-2022-39109", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "version": {"version_data": [{"version_value": "Android10/Android11"}]}}]}, "vendor_name": "Unisoc (Shanghai) Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-862 Missing Authorization"}]}]}, "references": {"reference_data": [{"refsource": "MISC", "name": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738"}]}} \ No newline at end of file diff --git a/2022/39xxx/CVE-2022-39110.json b/2022/39xxx/CVE-2022-39110.json index b30bdf6f2f7..74ffa2532ff 100644 --- a/2022/39xxx/CVE-2022-39110.json +++ b/2022/39xxx/CVE-2022-39110.json @@ -1,18 +1 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-39110", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file +{"CVE_data_meta": {"ASSIGNER": "security@unisoc.com", "ID": "CVE-2022-39110", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "version": {"version_data": [{"version_value": "Android10/Android11/Android12"}]}}]}, "vendor_name": "Unisoc (Shanghai) Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-862 Missing Authorization"}]}]}, "references": {"reference_data": [{"refsource": "MISC", "name": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738"}]}} \ No newline at end of file diff --git a/2022/39xxx/CVE-2022-39111.json b/2022/39xxx/CVE-2022-39111.json index 2304f63a74f..b7e074ef968 100644 --- a/2022/39xxx/CVE-2022-39111.json +++ b/2022/39xxx/CVE-2022-39111.json @@ -1,18 +1 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-39111", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file +{"CVE_data_meta": {"ASSIGNER": "security@unisoc.com", "ID": "CVE-2022-39111", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "version": {"version_data": [{"version_value": "Android10/Android11/Android12"}]}}]}, "vendor_name": "Unisoc (Shanghai) Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-862 Missing Authorization"}]}]}, "references": {"reference_data": [{"refsource": "MISC", "name": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738"}]}} \ No newline at end of file diff --git a/2022/39xxx/CVE-2022-39112.json b/2022/39xxx/CVE-2022-39112.json index 576d4e506d2..18a1564b9f8 100644 --- a/2022/39xxx/CVE-2022-39112.json +++ b/2022/39xxx/CVE-2022-39112.json @@ -1,18 +1 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-39112", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file +{"CVE_data_meta": {"ASSIGNER": "security@unisoc.com", "ID": "CVE-2022-39112", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "version": {"version_data": [{"version_value": "Android10/Android11"}]}}]}, "vendor_name": "Unisoc (Shanghai) Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-862 Missing Authorization"}]}]}, "references": {"reference_data": [{"refsource": "MISC", "name": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738"}]}} \ No newline at end of file diff --git a/2022/39xxx/CVE-2022-39113.json b/2022/39xxx/CVE-2022-39113.json index 20d1a64f96c..0e5a4077034 100644 --- a/2022/39xxx/CVE-2022-39113.json +++ b/2022/39xxx/CVE-2022-39113.json @@ -1,18 +1 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-39113", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file +{"CVE_data_meta": {"ASSIGNER": "security@unisoc.com", "ID": "CVE-2022-39113", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "version": {"version_data": [{"version_value": "Android10/Android11"}]}}]}, "vendor_name": "Unisoc (Shanghai) Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-862 Missing Authorization"}]}]}, "references": {"reference_data": [{"refsource": "MISC", "name": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738"}]}} \ No newline at end of file diff --git a/2022/39xxx/CVE-2022-39114.json b/2022/39xxx/CVE-2022-39114.json index 51f23d759e6..4748023c31e 100644 --- a/2022/39xxx/CVE-2022-39114.json +++ b/2022/39xxx/CVE-2022-39114.json @@ -1,18 +1 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-39114", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file +{"CVE_data_meta": {"ASSIGNER": "security@unisoc.com", "ID": "CVE-2022-39114", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "version": {"version_data": [{"version_value": "Android10/Android11"}]}}]}, "vendor_name": "Unisoc (Shanghai) Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-862 Missing Authorization"}]}]}, "references": {"reference_data": [{"refsource": "MISC", "name": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738"}]}} \ No newline at end of file diff --git a/2022/39xxx/CVE-2022-39115.json b/2022/39xxx/CVE-2022-39115.json index fe666edbcd6..86957fe45b9 100644 --- a/2022/39xxx/CVE-2022-39115.json +++ b/2022/39xxx/CVE-2022-39115.json @@ -1,18 +1 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-39115", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file +{"CVE_data_meta": {"ASSIGNER": "security@unisoc.com", "ID": "CVE-2022-39115", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "version": {"version_data": [{"version_value": "Android10/Android11"}]}}]}, "vendor_name": "Unisoc (Shanghai) Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-862 Missing Authorization"}]}]}, "references": {"reference_data": [{"refsource": "MISC", "name": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738"}]}} \ No newline at end of file diff --git a/2022/39xxx/CVE-2022-39117.json b/2022/39xxx/CVE-2022-39117.json index 40f4dd3b525..f9dbd2e85d5 100644 --- a/2022/39xxx/CVE-2022-39117.json +++ b/2022/39xxx/CVE-2022-39117.json @@ -1,18 +1 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-39117", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file +{"CVE_data_meta": {"ASSIGNER": "security@unisoc.com", "ID": "CVE-2022-39117", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "version": {"version_data": [{"version_value": "Android10/Android11/Android12"}]}}]}, "vendor_name": "Unisoc (Shanghai) Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-862 Missing Authorization"}]}]}, "references": {"reference_data": [{"refsource": "MISC", "name": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738"}]}} \ No newline at end of file diff --git a/2022/39xxx/CVE-2022-39120.json b/2022/39xxx/CVE-2022-39120.json index 5ff4ea1b6b6..8c06c0facbb 100644 --- a/2022/39xxx/CVE-2022-39120.json +++ b/2022/39xxx/CVE-2022-39120.json @@ -1,18 +1 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-39120", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file +{"CVE_data_meta": {"ASSIGNER": "security@unisoc.com", "ID": "CVE-2022-39120", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "version": {"version_data": [{"version_value": "Android10/Android11/Android12"}]}}]}, "vendor_name": "Unisoc (Shanghai) Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-120 Buffer Overflow"}]}]}, "references": {"reference_data": [{"refsource": "MISC", "name": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738"}]}} \ No newline at end of file diff --git a/2022/39xxx/CVE-2022-39121.json b/2022/39xxx/CVE-2022-39121.json index 8b23416a484..0360813f9d4 100644 --- a/2022/39xxx/CVE-2022-39121.json +++ b/2022/39xxx/CVE-2022-39121.json @@ -1,18 +1 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-39121", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file +{"CVE_data_meta": {"ASSIGNER": "security@unisoc.com", "ID": "CVE-2022-39121", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "version": {"version_data": [{"version_value": "Android10/Android11/Android12"}]}}]}, "vendor_name": "Unisoc (Shanghai) Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-120 Buffer Overflow"}]}]}, "references": {"reference_data": [{"refsource": "MISC", "name": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738"}]}} \ No newline at end of file diff --git a/2022/39xxx/CVE-2022-39122.json b/2022/39xxx/CVE-2022-39122.json index be5ec1532f3..2df39663c4e 100644 --- a/2022/39xxx/CVE-2022-39122.json +++ b/2022/39xxx/CVE-2022-39122.json @@ -1,18 +1 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-39122", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file +{"CVE_data_meta": {"ASSIGNER": "security@unisoc.com", "ID": "CVE-2022-39122", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "version": {"version_data": [{"version_value": "Android10/Android11/Android12"}]}}]}, "vendor_name": "Unisoc (Shanghai) Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-120 Buffer Overflow"}]}]}, "references": {"reference_data": [{"refsource": "MISC", "name": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738"}]}} \ No newline at end of file diff --git a/2022/39xxx/CVE-2022-39123.json b/2022/39xxx/CVE-2022-39123.json index 09b581a1468..388caad8605 100644 --- a/2022/39xxx/CVE-2022-39123.json +++ b/2022/39xxx/CVE-2022-39123.json @@ -1,18 +1 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-39123", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file +{"CVE_data_meta": {"ASSIGNER": "security@unisoc.com", "ID": "CVE-2022-39123", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "version": {"version_data": [{"version_value": "Android10/Android11/Android12"}]}}]}, "vendor_name": "Unisoc (Shanghai) Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-400 Uncontrolled Resource Consumption"}]}]}, "references": {"reference_data": [{"refsource": "MISC", "name": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738"}]}} \ No newline at end of file diff --git a/2022/39xxx/CVE-2022-39124.json b/2022/39xxx/CVE-2022-39124.json index 3e0235a67de..018bd324553 100644 --- a/2022/39xxx/CVE-2022-39124.json +++ b/2022/39xxx/CVE-2022-39124.json @@ -1,18 +1 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-39124", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file +{"CVE_data_meta": {"ASSIGNER": "security@unisoc.com", "ID": "CVE-2022-39124", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "version": {"version_data": [{"version_value": "Android10/Android11/Android12"}]}}]}, "vendor_name": "Unisoc (Shanghai) Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-400 Uncontrolled Resource Consumption"}]}]}, "references": {"reference_data": [{"refsource": "MISC", "name": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738"}]}} \ No newline at end of file diff --git a/2022/39xxx/CVE-2022-39125.json b/2022/39xxx/CVE-2022-39125.json index 9b697db6636..28bcf2d4939 100644 --- a/2022/39xxx/CVE-2022-39125.json +++ b/2022/39xxx/CVE-2022-39125.json @@ -1,18 +1 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-39125", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file +{"CVE_data_meta": {"ASSIGNER": "security@unisoc.com", "ID": "CVE-2022-39125", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "version": {"version_data": [{"version_value": "Android10/Android11/Android12"}]}}]}, "vendor_name": "Unisoc (Shanghai) Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-400 Uncontrolled Resource Consumption"}]}]}, "references": {"reference_data": [{"refsource": "MISC", "name": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738"}]}} \ No newline at end of file diff --git a/2022/39xxx/CVE-2022-39126.json b/2022/39xxx/CVE-2022-39126.json index 8f86d4c649b..f45b6c2e73a 100644 --- a/2022/39xxx/CVE-2022-39126.json +++ b/2022/39xxx/CVE-2022-39126.json @@ -1,18 +1 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-39126", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file +{"CVE_data_meta": {"ASSIGNER": "security@unisoc.com", "ID": "CVE-2022-39126", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "version": {"version_data": [{"version_value": "Android10/Android11/Android12"}]}}]}, "vendor_name": "Unisoc (Shanghai) Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-400 Uncontrolled Resource Consumption"}]}]}, "references": {"reference_data": [{"refsource": "MISC", "name": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738"}]}} \ No newline at end of file diff --git a/2022/39xxx/CVE-2022-39127.json b/2022/39xxx/CVE-2022-39127.json index 9317d0f5d3d..a93f5f9549d 100644 --- a/2022/39xxx/CVE-2022-39127.json +++ b/2022/39xxx/CVE-2022-39127.json @@ -1,18 +1 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-39127", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file +{"CVE_data_meta": {"ASSIGNER": "security@unisoc.com", "ID": "CVE-2022-39127", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "version": {"version_data": [{"version_value": "Android10/Android11/Android12"}]}}]}, "vendor_name": "Unisoc (Shanghai) Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-400 Uncontrolled Resource Consumption"}]}]}, "references": {"reference_data": [{"refsource": "MISC", "name": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738"}]}} \ No newline at end of file diff --git a/2022/39xxx/CVE-2022-39128.json b/2022/39xxx/CVE-2022-39128.json index 75cf789ed75..332253a7a6f 100644 --- a/2022/39xxx/CVE-2022-39128.json +++ b/2022/39xxx/CVE-2022-39128.json @@ -1,18 +1 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-39128", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file +{"CVE_data_meta": {"ASSIGNER": "security@unisoc.com", "ID": "CVE-2022-39128", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "version": {"version_data": [{"version_value": "Android10/Android11/Android12"}]}}]}, "vendor_name": "Unisoc (Shanghai) Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-400 Uncontrolled Resource Consumption"}]}]}, "references": {"reference_data": [{"refsource": "MISC", "name": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738"}]}} \ No newline at end of file diff --git a/2022/39xxx/CVE-2022-39201.json b/2022/39xxx/CVE-2022-39201.json index ba8b7cc90aa..3802304ed9b 100644 --- a/2022/39xxx/CVE-2022-39201.json +++ b/2022/39xxx/CVE-2022-39201.json @@ -1,18 +1,101 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-39201", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "grafana", + "version": { + "version_data": [ + { + "version_value": ">= v5.0.0-beta1, < 8.5.14" + }, + { + "version_value": ">= 9.0.0, < 9.1.8" + } + ] + } + } + ] + }, + "vendor_name": "grafana" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Grafana is an open source observability and data visualization platform. Starting with version 5.0.0-beta1 and prior to versions 8.5.14 and 9.1.8, Grafana could leak the authentication cookie of users to plugins. The vulnerability impacts data source and plugin proxy endpoints under certain conditions. The destination plugin could receive a user's Grafana authentication cookie. Versions 9.1.8 and 8.5.14 contain a patch for this issue. There are no known workarounds." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/grafana/grafana/releases/tag/v9.1.8", + "refsource": "MISC", + "url": "https://github.com/grafana/grafana/releases/tag/v9.1.8" + }, + { + "name": "https://github.com/grafana/grafana/security/advisories/GHSA-x744-mm8v-vpgr", + "refsource": "CONFIRM", + "url": "https://github.com/grafana/grafana/security/advisories/GHSA-x744-mm8v-vpgr" + }, + { + "name": "https://github.com/grafana/grafana/commit/b571acc1dc130a33f24742c1f93b93216da6cf57", + "refsource": "MISC", + "url": "https://github.com/grafana/grafana/commit/b571acc1dc130a33f24742c1f93b93216da6cf57" + }, + { + "name": "https://github.com/grafana/grafana/commit/c658816f5229d17f877579250c07799d3bbaebc9", + "refsource": "MISC", + "url": "https://github.com/grafana/grafana/commit/c658816f5229d17f877579250c07799d3bbaebc9" + } + ] + }, + "source": { + "advisory": "GHSA-x744-mm8v-vpgr", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/39xxx/CVE-2022-39229.json b/2022/39xxx/CVE-2022-39229.json index 8b0e1ac5eec..aea071ac076 100644 --- a/2022/39xxx/CVE-2022-39229.json +++ b/2022/39xxx/CVE-2022-39229.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-39229", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Grafana users with email as a username can block other users from signing in" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "grafana", + "version": { + "version_data": [ + { + "version_value": ">= 9.0.0, < 9.1.8" + }, + { + "version_value": ">= 8.5.0, < 8.5.14" + } + ] + } + } + ] + }, + "vendor_name": "grafana" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Grafana is an open source data visualization platform for metrics, logs, and traces. Versions prior to 9.1.8 and 8.5.14 allow one user to block another user's login attempt by registering someone else'e email address as a username. A Grafana user\u2019s username and email address are unique fields, that means no other user can have the same username or email address as another user. A user can have an email address as a username. However, the login system allows users to log in with either username or email address. Since Grafana allows a user to log in with either their username or email address, this creates an usual behavior where `user_1` can register with one email address and `user_2` can register their username as `user_1`\u2019s email address. This prevents `user_1` logging into the application since `user_1`'s password won\u2019t match with `user_2`'s email address. Versions 9.1.8 and 8.5.14 contain a patch. There are no workarounds for this issue." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287: Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/grafana/grafana/releases/tag/v9.1.8", + "refsource": "MISC", + "url": "https://github.com/grafana/grafana/releases/tag/v9.1.8" + }, + { + "name": "https://github.com/grafana/grafana/security/advisories/GHSA-gj7m-853r-289r", + "refsource": "CONFIRM", + "url": "https://github.com/grafana/grafana/security/advisories/GHSA-gj7m-853r-289r" + }, + { + "name": "https://github.com/grafana/grafana/commit/5644758f0c5ae9955a4e5480d71f9bef57fdce35", + "refsource": "MISC", + "url": "https://github.com/grafana/grafana/commit/5644758f0c5ae9955a4e5480d71f9bef57fdce35" + } + ] + }, + "source": { + "advisory": "GHSA-gj7m-853r-289r", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/39xxx/CVE-2022-39278.json b/2022/39xxx/CVE-2022-39278.json index 53b020f0fca..2b2ae8648ee 100644 --- a/2022/39xxx/CVE-2022-39278.json +++ b/2022/39xxx/CVE-2022-39278.json @@ -1,18 +1,104 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-39278", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Istio vulnerable to denial of service attack due to Golang Regex Library" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "istio", + "version": { + "version_data": [ + { + "version_value": "< 1.13.9" + }, + { + "version_value": ">= 1.14.0, < 1.14.5" + }, + { + "version_value": ">= 1.15.0, < 1.15.2" + } + ] + } + } + ] + }, + "vendor_name": "istio" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. Prior to versions 1.15.2, 1.14.5, and 1.13.9, the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted or oversized message which results in the control plane crashing when the Kubernetes validating or mutating webhook service is exposed publicly. This endpoint is served over TLS port 15017, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially external istiod topologies, this port is exposed over the public internet. Versions 1.15.2, 1.14.5, and 1.13.9 contain patches for this issue. There are no effective workarounds, beyond upgrading. This bug is due to an error in `regexp.Compile` in Go." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/istio/istio/security/advisories/GHSA-86vr-4wcv-mm9w", + "refsource": "CONFIRM", + "url": "https://github.com/istio/istio/security/advisories/GHSA-86vr-4wcv-mm9w" + }, + { + "name": "https://istio.io/latest/news/releases/1.13.x/announcing-1.13.9/", + "refsource": "MISC", + "url": "https://istio.io/latest/news/releases/1.13.x/announcing-1.13.9/" + }, + { + "name": "https://istio.io/latest/news/releases/1.15.x/announcing-1.15.2/", + "refsource": "MISC", + "url": "https://istio.io/latest/news/releases/1.15.x/announcing-1.15.2/" + }, + { + "name": "https://istio.io/news/releases/1.14.x/announcing-1.14.5/", + "refsource": "MISC", + "url": "https://istio.io/news/releases/1.14.x/announcing-1.14.5/" + } + ] + }, + "source": { + "advisory": "GHSA-86vr-4wcv-mm9w", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/39xxx/CVE-2022-39282.json b/2022/39xxx/CVE-2022-39282.json index d8b8aef3680..d97162d6d97 100644 --- a/2022/39xxx/CVE-2022-39282.json +++ b/2022/39xxx/CVE-2022-39282.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-39282", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "RDP client: Read of uninitialized memory with parallel port redirection" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FreeRDP", + "version": { + "version_data": [ + { + "version_value": "<= 2.8.0" + } + ] + } + } + ] + }, + "vendor_name": "FreeRDP" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1 where this issue is patched. If unable to upgrade, do not use parallel port redirection (`/parallel` command line switch) as a workaround." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-908: Use of Uninitialized Resource" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c45q-wcpg-mxjq", + "refsource": "CONFIRM", + "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c45q-wcpg-mxjq" + }, + { + "name": "https://github.com/FreeRDP/FreeRDP/releases/tag/2.8.1", + "refsource": "MISC", + "url": "https://github.com/FreeRDP/FreeRDP/releases/tag/2.8.1" + } + ] + }, + "source": { + "advisory": "GHSA-c45q-wcpg-mxjq", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/39xxx/CVE-2022-39283.json b/2022/39xxx/CVE-2022-39283.json index 15c757fc309..88c7aabd8c6 100644 --- a/2022/39xxx/CVE-2022-39283.json +++ b/2022/39xxx/CVE-2022-39283.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-39283", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "FreeRDP may read and display out of bounds data " }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FreeRDP", + "version": { + "version_data": [ + { + "version_value": "<= 2.8.0" + } + ] + } + } + ] + }, + "vendor_name": "FreeRDP" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in version 2.8.1. If you cannot upgrade do not use the `/video` switch." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/FreeRDP/FreeRDP/releases/tag/2.8.1", + "refsource": "MISC", + "url": "https://github.com/FreeRDP/FreeRDP/releases/tag/2.8.1" + }, + { + "name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6cf9-3328-qrvh", + "refsource": "CONFIRM", + "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6cf9-3328-qrvh" + } + ] + }, + "source": { + "advisory": "GHSA-6cf9-3328-qrvh", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/39xxx/CVE-2022-39293.json b/2022/39xxx/CVE-2022-39293.json index 28b900b837f..ca380904817 100644 --- a/2022/39xxx/CVE-2022-39293.json +++ b/2022/39xxx/CVE-2022-39293.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-39293", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Azure RTOS USBX Host PIMA vulnerable to read integer underflow with buffer overflow" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "usbx", + "version": { + "version_data": [ + { + "version_value": "< 6.1.12" + } + ] + } + } + ] + }, + "vendor_name": "azure-rtos" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Azure RTOS USBX is a high-performance USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. The case is, in [_ux_host_class_pima_read](https://github.com/azure-rtos/usbx/blob/master/common/usbx_host_classes/src/ux_host_class_pima_read.c), there is data length from device response, returned in the very first packet, and read by [L165 code](https://github.com/azure-rtos/usbx/blob/082fd9db09a3669eca3358f10b8837a5c1635c0b/common/usbx_host_classes/src/ux_host_class_pima_read.c#L165), as header_length. Then in [L178 code](https://github.com/azure-rtos/usbx/blob/082fd9db09a3669eca3358f10b8837a5c1635c0b/common/usbx_host_classes/src/ux_host_class_pima_read.c#L178), there is a \u201cif\u201d branch, which check the expression of \u201c(header_length - UX_HOST_CLASS_PIMA_DATA_HEADER_SIZE) > data_length\u201d where if header_length is smaller than UX_HOST_CLASS_PIMA_DATA_HEADER_SIZE, calculation could overflow and then [L182 code](https://github.com/azure-rtos/usbx/blob/082fd9db09a3669eca3358f10b8837a5c1635c0b/common/usbx_host_classes/src/ux_host_class_pima_read.c#L182) the calculation of data_length is also overflow, this way the later [while loop start from L192](https://github.com/azure-rtos/usbx/blob/082fd9db09a3669eca3358f10b8837a5c1635c0b/common/usbx_host_classes/src/ux_host_class_pima_read.c#L192) can move data_pointer to unexpected address and cause write buffer overflow. The fix has been included in USBX release [6.1.12](https://github.com/azure-rtos/usbx/releases/tag/v6.1.12_rel). The following can be used as a workaround: Add check of `header_length`: 1. It must be greater than `UX_HOST_CLASS_PIMA_DATA_HEADER_SIZE`. 1. It should be greater or equal to the current returned data length (`transfer_request -> ux_transfer_request_actual_length`)." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-191: Integer Underflow (Wrap or Wraparound)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/azure-rtos/usbx/releases/tag/v6.1.12_rel", + "refsource": "MISC", + "url": "https://github.com/azure-rtos/usbx/releases/tag/v6.1.12_rel" + }, + { + "name": "https://github.com/azure-rtos/usbx/security/advisories/GHSA-gg76-h537-xq48", + "refsource": "CONFIRM", + "url": "https://github.com/azure-rtos/usbx/security/advisories/GHSA-gg76-h537-xq48" + } + ] + }, + "source": { + "advisory": "GHSA-gg76-h537-xq48", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/39xxx/CVE-2022-39295.json b/2022/39xxx/CVE-2022-39295.json index 492427cd821..ac609c02fab 100644 --- a/2022/39xxx/CVE-2022-39295.json +++ b/2022/39xxx/CVE-2022-39295.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-39295", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Improper Neutralization of Alternate XSS Syntax in Knowage-Server" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Knowage-Server", + "version": { + "version_data": [ + { + "version_value": ">= 6.0, < 7.4.22" + }, + { + "version_value": ">= 8.0, < 8.0.9" + } + ] + } + } + ] + }, + "vendor_name": "KnowageLabs" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Knowage is an open source suite for modern business analytics alternative over big data systems. KnowageLabs / Knowage-Server starting with the 6.x branch and prior to versions 7.4.22, 8.0.9, and 8.1.0 is vulnerable to cross-site scripting because the `XSSRequestWrapper::stripXSS` method can be bypassed. Versions 7.4.22, 8.0.9, and 8.1.0 contain patches for this issue. There are no known workarounds." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-87: Improper Neutralization of Alternate XSS Syntax" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/KnowageLabs/Knowage-Server/security/advisories/GHSA-f2gr-6h9j-rwcw", + "refsource": "CONFIRM", + "url": "https://github.com/KnowageLabs/Knowage-Server/security/advisories/GHSA-f2gr-6h9j-rwcw" + }, + { + "name": "https://github.com/KnowageLabs/Knowage-Server/blob/b079a654c1708f82f6914c55be6715ad621d9edd/knowageutils/src/main/java/it/eng/spagobi/utilities/filters/XSSRequestWrapper.java#L82-L206", + "refsource": "MISC", + "url": "https://github.com/KnowageLabs/Knowage-Server/blob/b079a654c1708f82f6914c55be6715ad621d9edd/knowageutils/src/main/java/it/eng/spagobi/utilities/filters/XSSRequestWrapper.java#L82-L206" + } + ] + }, + "source": { + "advisory": "GHSA-f2gr-6h9j-rwcw", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/39xxx/CVE-2022-39297.json b/2022/39xxx/CVE-2022-39297.json index 0a6389e0f62..5ab59e93290 100644 --- a/2022/39xxx/CVE-2022-39297.json +++ b/2022/39xxx/CVE-2022-39297.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-39297", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Deserialization of untrusted data in MelisCms" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "melis-cms", + "version": { + "version_data": [ + { + "version_value": "<= 5.0.0" + } + ] + } + } + ] + }, + "vendor_name": "melisplatform" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "MelisCms provides a full CMS for Melis Platform, including templating system, drag'n'drop of plugins, SEO and many administration tools. Attackers can deserialize arbitrary data on affected versions of `melisplatform/melis-cms`, and ultimately leads to the execution of arbitrary PHP code on the system. Conducting this attack does not require authentication. Users should immediately upgrade to `melisplatform/melis-cms` >= 5.0.1. This issue was addressed by restricting allowed classes when deserializing user-controlled data." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502: Deserialization of Untrusted Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/melisplatform/melis-cms/security/advisories/GHSA-m3m3-6gww-7gj9", + "refsource": "CONFIRM", + "url": "https://github.com/melisplatform/melis-cms/security/advisories/GHSA-m3m3-6gww-7gj9" + }, + { + "name": "https://github.com/melisplatform/melis-cms/commit/d124b2474699a679a24ec52620cadceb3d4cec11", + "refsource": "MISC", + "url": "https://github.com/melisplatform/melis-cms/commit/d124b2474699a679a24ec52620cadceb3d4cec11" + } + ] + }, + "source": { + "advisory": "GHSA-m3m3-6gww-7gj9", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/39xxx/CVE-2022-39298.json b/2022/39xxx/CVE-2022-39298.json index 710989f60cc..d95a31285c5 100644 --- a/2022/39xxx/CVE-2022-39298.json +++ b/2022/39xxx/CVE-2022-39298.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-39298", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Deserialization of untrusted data in MelisFront" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "melis-front", + "version": { + "version_data": [ + { + "version_value": "<= 5.0.0" + } + ] + } + } + ] + }, + "vendor_name": "melisplatform" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "MelisFront is the engine that displays website hosted on Melis Platform. It deals with showing pages, plugins, URL rewritting, search optimization and SEO, etc. Attackers can deserialize arbitrary data on affected versions of `melisplatform/melis-front`, and ultimately leads to the execution of arbitrary PHP code on the system. Conducting this attack does not require authentication. Users should immediately upgrade to `melisplatform/melis-front` >= 5.0.1. This issue was addressed by restricting allowed classes when deserializing user-controlled data." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502: Deserialization of Untrusted Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/melisplatform/melis-front/security/advisories/GHSA-h479-2mv4-5c26", + "refsource": "CONFIRM", + "url": "https://github.com/melisplatform/melis-front/security/advisories/GHSA-h479-2mv4-5c26" + }, + { + "name": "https://github.com/melisplatform/melis-front/commit/89ae612d5f1f7aa2fb621ee8de27dffe1feb851e", + "refsource": "MISC", + "url": "https://github.com/melisplatform/melis-front/commit/89ae612d5f1f7aa2fb621ee8de27dffe1feb851e" + } + ] + }, + "source": { + "advisory": "GHSA-h479-2mv4-5c26", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/39xxx/CVE-2022-39300.json b/2022/39xxx/CVE-2022-39300.json index d86ccd9ede4..699ab34e535 100644 --- a/2022/39xxx/CVE-2022-39300.json +++ b/2022/39xxx/CVE-2022-39300.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-39300", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Signature bypass via multiple root elements in node-SAML" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "node-saml", + "version": { + "version_data": [ + { + "version_value": "< 4.0.0-beta.5" + } + ] + } + } + ] + }, + "vendor_name": "node-saml" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "node SAML is a SAML 2.0 library based on the SAML implementation of passport-saml. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered. Users should upgrade to node-saml version 4.0.0-beta5 or newer. Disabling SAML authentication may be done as a workaround." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-347: Improper Verification of Cryptographic Signature" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/node-saml/node-saml/security/advisories/GHSA-5p8w-2mvw-38pv", + "refsource": "CONFIRM", + "url": "https://github.com/node-saml/node-saml/security/advisories/GHSA-5p8w-2mvw-38pv" + }, + { + "name": "https://github.com/node-saml/node-saml/commit/c1f275c289c01921e58f5c70ce0fdbc5287e5fbe", + "refsource": "MISC", + "url": "https://github.com/node-saml/node-saml/commit/c1f275c289c01921e58f5c70ce0fdbc5287e5fbe" + } + ] + }, + "source": { + "advisory": "GHSA-5p8w-2mvw-38pv", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/39xxx/CVE-2022-39302.json b/2022/39xxx/CVE-2022-39302.json index 6119d23275f..77dd7106a41 100644 --- a/2022/39xxx/CVE-2022-39302.json +++ b/2022/39xxx/CVE-2022-39302.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-39302", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Ree6 may bypass webhook protection" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Ree6", + "version": { + "version_data": [ + { + "version_value": "< 1.9.9" + } + ] + } + } + ] + }, + "vendor_name": "Ree6-Applications" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Ree6 is a moderation bot. This vulnerability would allow other server owners to create configurations such as \"Better-Audit-Logging\" which contain a channel from another server as a target. This would mean you could send log messages to another Guild channel and bypass raid and webhook protections. A specifically crafted log message could allow spamming and mass advertisements. This issue has been patched in version 1.9.9. There are currently no known workarounds." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863: Incorrect Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Ree6-Applications/Ree6/security/advisories/GHSA-v574-xgcf-5w8x", + "refsource": "CONFIRM", + "url": "https://github.com/Ree6-Applications/Ree6/security/advisories/GHSA-v574-xgcf-5w8x" + }, + { + "name": "https://github.com/Ree6-Applications/Ree6/commit/459b5bc24f0ea27e50031f563373926e94b9aa0a", + "refsource": "MISC", + "url": "https://github.com/Ree6-Applications/Ree6/commit/459b5bc24f0ea27e50031f563373926e94b9aa0a" + } + ] + }, + "source": { + "advisory": "GHSA-v574-xgcf-5w8x", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/39xxx/CVE-2022-39303.json b/2022/39xxx/CVE-2022-39303.json index eb96967bd80..f1a57517a75 100644 --- a/2022/39xxx/CVE-2022-39303.json +++ b/2022/39xxx/CVE-2022-39303.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-39303", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Ree6 vulnerable to SQL Injection" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Ree6", + "version": { + "version_data": [ + { + "version_value": "<= 1.6.4" + } + ] + } + } + ] + }, + "vendor_name": "Ree6-Applications" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Ree6 is a moderation bot. This vulnerability allows manipulation of SQL queries. This issue has been patched in version 1.7.0 by using Javas PreparedStatements, which allow object setting without the risk of SQL injection. There are currently no known workarounds." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Ree6-Applications/Ree6/security/advisories/GHSA-69xv-xjfw-4pv8", + "refsource": "CONFIRM", + "url": "https://github.com/Ree6-Applications/Ree6/security/advisories/GHSA-69xv-xjfw-4pv8" + }, + { + "name": "https://github.com/Ree6-Applications/Ree6/compare/1.6.4...1.7.", + "refsource": "MISC", + "url": "https://github.com/Ree6-Applications/Ree6/compare/1.6.4...1.7." + } + ] + }, + "source": { + "advisory": "GHSA-69xv-xjfw-4pv8", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/39xxx/CVE-2022-39308.json b/2022/39xxx/CVE-2022-39308.json index c106053ce3d..e69473299af 100644 --- a/2022/39xxx/CVE-2022-39308.json +++ b/2022/39xxx/CVE-2022-39308.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-39308", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "GoCD API authentication of user access tokens subject to timing attack during comparison" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "gocd", + "version": { + "version_data": [ + { + "version_value": ">= 19.2.0, < 19.11.0" + } + ] + } + } + ] + }, + "vendor_name": "gocd" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions from 19.2.0 to 19.10.0 (inclusive) are subject to a timing attack in validation of access tokens due to use of regular string comparison for validation of the token rather than a constant time algorithm. This could allow a brute force attack on GoCD server API calls to observe timing differences in validations in order to guess an access token generated by a user for API access. This issue is fixed in GoCD version 19.11.0. As a workaround, users can apply rate limiting or insert random delays to API calls made to GoCD Server via a reverse proxy or other fronting web server. Another workaround, users may disallow use of access tokens by users by having an administrator revoke all access tokens through the \"Access Token Management\" admin function." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-208: Observable Timing Discrepancy" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-1254: Incorrect Comparison Logic Granularity" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/gocd/gocd/security/advisories/GHSA-999p-fp84-jcpq", + "refsource": "CONFIRM", + "url": "https://github.com/gocd/gocd/security/advisories/GHSA-999p-fp84-jcpq" + }, + { + "name": "https://github.com/gocd/gocd/commit/236d4baf92e6607f2841c151c855adcc477238b8", + "refsource": "MISC", + "url": "https://github.com/gocd/gocd/commit/236d4baf92e6607f2841c151c855adcc477238b8" + }, + { + "name": "https://github.com/gocd/gocd/releases/tag/19.11.0", + "refsource": "MISC", + "url": "https://github.com/gocd/gocd/releases/tag/19.11.0" + }, + { + "name": "https://www.gocd.org/releases/#19-11-0", + "refsource": "MISC", + "url": "https://www.gocd.org/releases/#19-11-0" + } + ] + }, + "source": { + "advisory": "GHSA-999p-fp84-jcpq", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/39xxx/CVE-2022-39309.json b/2022/39xxx/CVE-2022-39309.json index 69e94e3bf49..fc29f59b693 100644 --- a/2022/39xxx/CVE-2022-39309.json +++ b/2022/39xxx/CVE-2022-39309.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-39309", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "GoCD server secret encryption/decryption key leaked to agents during material serialization" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "gocd", + "version": { + "version_data": [ + { + "version_value": "< 21.1.0" + } + ] + } + } + ] + }, + "vendor_name": "gocd" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 leak the symmetric key used to encrypt/decrypt any secure variables/secrets in GoCD configuration to authenticated agents. A malicious/compromised agent may then expose that key from memory, and potentially allow an attacker the ability to decrypt secrets intended for other agents/environments if they also are able to obtain access to encrypted configuration values from the GoCD server. This issue is fixed in GoCD version 21.1.0. There are currently no known workarounds." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-499: Serializable Class Containing Sensitive Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.gocd.org/releases/#21-1-0", + "refsource": "MISC", + "url": "https://www.gocd.org/releases/#21-1-0" + }, + { + "name": "https://github.com/gocd/gocd/security/advisories/GHSA-f9qg-xcxq-cgv9", + "refsource": "CONFIRM", + "url": "https://github.com/gocd/gocd/security/advisories/GHSA-f9qg-xcxq-cgv9" + }, + { + "name": "https://github.com/gocd/gocd/commit/691b479f1310034992da141760e9c5d1f5b60e8a", + "refsource": "MISC", + "url": "https://github.com/gocd/gocd/commit/691b479f1310034992da141760e9c5d1f5b60e8a" + }, + { + "name": "https://github.com/gocd/gocd/releases/tag/21.1.0", + "refsource": "MISC", + "url": "https://github.com/gocd/gocd/releases/tag/21.1.0" + } + ] + }, + "source": { + "advisory": "GHSA-f9qg-xcxq-cgv9", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/39xxx/CVE-2022-39310.json b/2022/39xxx/CVE-2022-39310.json index f03d5441523..ddf2ab51503 100644 --- a/2022/39xxx/CVE-2022-39310.json +++ b/2022/39xxx/CVE-2022-39310.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-39310", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Malicious agent may be able to impersonate another agent in GoCD" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "gocd", + "version": { + "version_data": [ + { + "version_value": "< 21.1.0" + } + ] + } + } + ] + }, + "vendor_name": "gocd" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 can allow one authenticated agent to impersonate another agent, and thus receive work packages for other agents due to broken access control and incorrect validation of agent tokens within the GoCD server. Since work packages can contain sensitive information such as credentials intended only for a given job running against a specific agent environment, this can cause accidental information disclosure. Exploitation requires knowledge of agent identifiers and ability to authenticate as an existing agent with the GoCD server. This issue is fixed in GoCD version 21.1.0. There are currently no known workarounds." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.gocd.org/releases/#21-1-0", + "refsource": "MISC", + "url": "https://www.gocd.org/releases/#21-1-0" + }, + { + "name": "https://github.com/gocd/gocd/security/advisories/GHSA-4fp5-33jh-hgcq", + "refsource": "CONFIRM", + "url": "https://github.com/gocd/gocd/security/advisories/GHSA-4fp5-33jh-hgcq" + }, + { + "name": "https://github.com/gocd/gocd/pull/8877", + "refsource": "MISC", + "url": "https://github.com/gocd/gocd/pull/8877" + } + ] + }, + "source": { + "advisory": "GHSA-4fp5-33jh-hgcq", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/39xxx/CVE-2022-39311.json b/2022/39xxx/CVE-2022-39311.json index d68cec7cacc..b1cd7fef529 100644 --- a/2022/39xxx/CVE-2022-39311.json +++ b/2022/39xxx/CVE-2022-39311.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-39311", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Compromised agents may be able to execute remote code on GoCD Server" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "gocd", + "version": { + "version_data": [ + { + "version_value": "< 21.1.0" + } + ] + } + } + ] + }, + "vendor_name": "gocd" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 are vulnerable to remote code execution on the server from a malicious or compromised agent. The Spring RemoteInvocation endpoint exposed agent communication and allowed deserialization of arbitrary java objects, as well as subsequent remote code execution. Exploitation requires agent-level authentication, thus an attacker would need to either compromise an existing agent, its network communication or register a new agent to practically exploit this vulnerability. This issue is fixed in GoCD version 21.1.0. There are currently no known workarounds." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502: Deserialization of Untrusted Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/gocd/gocd/security/advisories/GHSA-2hjh-3p3p-8hcm", + "refsource": "CONFIRM", + "url": "https://github.com/gocd/gocd/security/advisories/GHSA-2hjh-3p3p-8hcm" + }, + { + "name": "https://github.com/gocd/gocd/commit/7b88b70d6f7f429562d5cab49a80ea856e34cdc8", + "refsource": "MISC", + "url": "https://github.com/gocd/gocd/commit/7b88b70d6f7f429562d5cab49a80ea856e34cdc8" + }, + { + "name": "https://www.gocd.org/releases/#21-1-0", + "refsource": "MISC", + "url": "https://www.gocd.org/releases/#21-1-0" + } + ] + }, + "source": { + "advisory": "GHSA-2hjh-3p3p-8hcm", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/39xxx/CVE-2022-39800.json b/2022/39xxx/CVE-2022-39800.json index 3750cdd43fb..cfd2c0e667c 100644 --- a/2022/39xxx/CVE-2022-39800.json +++ b/2022/39xxx/CVE-2022-39800.json @@ -56,7 +56,7 @@ "description": [ { "lang": "eng", - "value": "CWE-200" + "value": "CWE-79" } ] } diff --git a/2022/39xxx/CVE-2022-39802.json b/2022/39xxx/CVE-2022-39802.json index 98ccd41323a..47381540550 100644 --- a/2022/39xxx/CVE-2022-39802.json +++ b/2022/39xxx/CVE-2022-39802.json @@ -19,15 +19,15 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "15.1" }, { - "version_name": "<", + "version_affected": "=", "version_value": "15.2" }, { - "version_name": "<", + "version_affected": "=", "version_value": "15.3" } ] @@ -77,6 +77,11 @@ "url": "https://launchpad.support.sap.com/#/notes/3242933", "refsource": "MISC", "name": "https://launchpad.support.sap.com/#/notes/3242933" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/168716/SAP-Manufacturing-Execution-Core-15.3-Path-Traversal.html", + "url": "http://packetstormsecurity.com/files/168716/SAP-Manufacturing-Execution-Core-15.3-Path-Traversal.html" } ] } diff --git a/2022/39xxx/CVE-2022-39803.json b/2022/39xxx/CVE-2022-39803.json index d51c2fb2625..d6aa0cb9239 100644 --- a/2022/39xxx/CVE-2022-39803.json +++ b/2022/39xxx/CVE-2022-39803.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "9" } ] diff --git a/2022/39xxx/CVE-2022-39804.json b/2022/39xxx/CVE-2022-39804.json index ad0ab601e5e..daf6eb74994 100644 --- a/2022/39xxx/CVE-2022-39804.json +++ b/2022/39xxx/CVE-2022-39804.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "9" } ] diff --git a/2022/39xxx/CVE-2022-39805.json b/2022/39xxx/CVE-2022-39805.json index f9aa2e0a25f..87284b8a204 100644 --- a/2022/39xxx/CVE-2022-39805.json +++ b/2022/39xxx/CVE-2022-39805.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "9" } ] diff --git a/2022/39xxx/CVE-2022-39806.json b/2022/39xxx/CVE-2022-39806.json index 80f6b15f581..b6a10a74a50 100644 --- a/2022/39xxx/CVE-2022-39806.json +++ b/2022/39xxx/CVE-2022-39806.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "9" } ] diff --git a/2022/39xxx/CVE-2022-39807.json b/2022/39xxx/CVE-2022-39807.json index 1c8d819ed23..3d01613a76d 100644 --- a/2022/39xxx/CVE-2022-39807.json +++ b/2022/39xxx/CVE-2022-39807.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "9" } ] diff --git a/2022/39xxx/CVE-2022-39808.json b/2022/39xxx/CVE-2022-39808.json index 2681cfb4947..3b552aa4248 100644 --- a/2022/39xxx/CVE-2022-39808.json +++ b/2022/39xxx/CVE-2022-39808.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "9" } ] diff --git a/2022/39xxx/CVE-2022-39955.json b/2022/39xxx/CVE-2022-39955.json index b0d7aa10b79..99e614efa7f 100644 --- a/2022/39xxx/CVE-2022-39955.json +++ b/2022/39xxx/CVE-2022-39955.json @@ -95,6 +95,16 @@ "name": "https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/", "refsource": "CONFIRM", "url": "https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-90708b46e3", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PD56EAYNGB6E6QQH62LAYCONOP6OH5DZ/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-85a85c84b3", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YPQ6CCMX3MU4A7MTCGQJA7VMJW3IQDXV/" } ] }, diff --git a/2022/39xxx/CVE-2022-39956.json b/2022/39xxx/CVE-2022-39956.json index 628e64222a1..6b6b08318c9 100644 --- a/2022/39xxx/CVE-2022-39956.json +++ b/2022/39xxx/CVE-2022-39956.json @@ -95,6 +95,16 @@ "name": "https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/", "refsource": "CONFIRM", "url": "https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-90708b46e3", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PD56EAYNGB6E6QQH62LAYCONOP6OH5DZ/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-85a85c84b3", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YPQ6CCMX3MU4A7MTCGQJA7VMJW3IQDXV/" } ] }, diff --git a/2022/39xxx/CVE-2022-39957.json b/2022/39xxx/CVE-2022-39957.json index bc89e7cb788..5151cc4c410 100644 --- a/2022/39xxx/CVE-2022-39957.json +++ b/2022/39xxx/CVE-2022-39957.json @@ -95,6 +95,16 @@ "name": "https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/", "refsource": "CONFIRM", "url": "https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-90708b46e3", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PD56EAYNGB6E6QQH62LAYCONOP6OH5DZ/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-85a85c84b3", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YPQ6CCMX3MU4A7MTCGQJA7VMJW3IQDXV/" } ] }, diff --git a/2022/39xxx/CVE-2022-39958.json b/2022/39xxx/CVE-2022-39958.json index 0dfdba7bc5e..60177e252cf 100644 --- a/2022/39xxx/CVE-2022-39958.json +++ b/2022/39xxx/CVE-2022-39958.json @@ -95,6 +95,16 @@ "name": "https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/", "refsource": "CONFIRM", "url": "https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-90708b46e3", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PD56EAYNGB6E6QQH62LAYCONOP6OH5DZ/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-85a85c84b3", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YPQ6CCMX3MU4A7MTCGQJA7VMJW3IQDXV/" } ] }, diff --git a/2022/3xxx/CVE-2022-3030.json b/2022/3xxx/CVE-2022-3030.json index 075cff4351d..a7a673ed441 100644 --- a/2022/3xxx/CVE-2022-3030.json +++ b/2022/3xxx/CVE-2022-3030.json @@ -4,15 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3030", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": "<15.1.6" + }, + { + "version_value": ">=15.2, <15.2.4" + }, + { + "version_value": ">=15.3, <15.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper access control in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/37959", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/37959", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/749882", + "url": "https://hackerone.com/reports/749882", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3030.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3030.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper access control issue in GitLab CE/EE affecting all versions starting before 15.1.6, all versions from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of pipeline status to unauthorized users." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 4.2, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks [rpadovani](https://hackerone.com/rpadovani) for reporting this vulnerability through our HackerOne bug bounty program" + } + ] } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3031.json b/2022/3xxx/CVE-2022-3031.json index f432650441d..dc16be85b0e 100644 --- a/2022/3xxx/CVE-2022-3031.json +++ b/2022/3xxx/CVE-2022-3031.json @@ -4,15 +4,92 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3031", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=15.3, <15.3.2" + }, + { + "version_value": ">=15.2, <15.2.4" + }, + { + "version_value": ">=0.0, <15.1.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper access control in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/340395", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/340395", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3031.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3031.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It may be possible for an attacker to guess a user's password by brute force by sending crafted requests to a specific endpoint, even if the victim user has 2FA enabled on their account." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 3.6, + "baseSeverity": "LOW" + } + }, + "credit": [ + { + "lang": "eng", + "value": "This vulnerability was reported to us by a customer." + } + ] } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3060.json b/2022/3xxx/CVE-2022-3060.json index 88133569fd2..1f1367496d8 100644 --- a/2022/3xxx/CVE-2022-3060.json +++ b/2022/3xxx/CVE-2022-3060.json @@ -4,15 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3060", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=15.4, <15.4.1" + }, + { + "version_value": ">=15.3, <15.3.4" + }, + { + "version_value": ">=12.7, <15.2.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper control of resource identifiers ('resource injection') in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/365427", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/365427", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/1600343", + "url": "https://hackerone.com/reports/1600343", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3060.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3060.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate content which could cause a victim to make unintended arbitrary requests" } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1", + "baseScore": 7.2, + "baseSeverity": "HIGH" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks [@joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program" + } + ] } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3066.json b/2022/3xxx/CVE-2022-3066.json index 19a67a52d31..45465f08b1c 100644 --- a/2022/3xxx/CVE-2022-3066.json +++ b/2022/3xxx/CVE-2022-3066.json @@ -4,15 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3066", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=15.4, <15.4.1" + }, + { + "version_value": ">=15.3, <15.3.4" + }, + { + "version_value": ">=10.0, <15.2.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authorization bypass through user-controlled key in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/372149", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/372149", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/1685105", + "url": "https://hackerone.com/reports/1685105", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3066.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3066.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue has been discovered in GitLab affecting all versions starting from 10.0 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an unauthorised user to create issues in a project." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks [vakzz](https://hackerone.com/vakzz) for reporting this vulnerability through our HackerOne bug bounty program" + } + ] } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3067.json b/2022/3xxx/CVE-2022-3067.json index 8783917b72d..2b14bd125ae 100644 --- a/2022/3xxx/CVE-2022-3067.json +++ b/2022/3xxx/CVE-2022-3067.json @@ -4,15 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3067", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=15.4, <15.4.1" + }, + { + "version_value": ">=15.3, <15.3.4" + }, + { + "version_value": ">=14.4, <15.2.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper access control in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/372165", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/372165", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/1685822", + "url": "https://hackerone.com/reports/1685822", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3067.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3067.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue has been discovered in the Import functionality of GitLab CE/EE affecting all versions starting from 14.4 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an authenticated user to read arbitrary projects' content given the project's ID." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks [vakzz](https://hackerone.com/vakzz) for reporting this vulnerability through our HackerOne bug bounty program" + } + ] } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3082.json b/2022/3xxx/CVE-2022-3082.json index 9c2e8371d68..9b76439faad 100644 --- a/2022/3xxx/CVE-2022-3082.json +++ b/2022/3xxx/CVE-2022-3082.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-3082", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-3082", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "miniOrange Discord Integration < 2.1.6 - Subscriber+ App Disabling" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "miniOrange Discord Integration", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.1.6", + "version_value": "2.1.6" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The miniOrange Discord Integration WordPress plugin before 2.1.6 does not have authorisation and CSRF in some of its AJAX actions, allowing any logged in users, such as subscriber to call them, and disable the app for example" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/a91d0501-c2a9-4c6c-b5da-b3fc29442a4f", + "name": "https://wpscan.com/vulnerability/a91d0501-c2a9-4c6c-b5da-b3fc29442a4f" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-284 Improper Access Control", + "lang": "eng" + } + ] + }, + { + "description": [ + { + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Lana Codes" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3126.json b/2022/3xxx/CVE-2022-3126.json index 3634907bf08..28071501fbf 100644 --- a/2022/3xxx/CVE-2022-3126.json +++ b/2022/3xxx/CVE-2022-3126.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-3126", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-3126", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Frontend File Manager < 21.4 - File Upload via CSRF" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Frontend File Manager Plugin", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "21.4", + "version_value": "21.4" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Frontend File Manager Plugin WordPress plugin before 21.4 does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/7db363bf-7bef-4d47-9963-c30d6fdd2fb8", + "name": "https://wpscan.com/vulnerability/7db363bf-7bef-4d47-9963-c30d6fdd2fb8" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Raad Haddad of Cloudyrion GmbH" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3131.json b/2022/3xxx/CVE-2022-3131.json index a82e9be3e20..899e82f0520 100644 --- a/2022/3xxx/CVE-2022-3131.json +++ b/2022/3xxx/CVE-2022-3131.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-3131", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-3131", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Search Logger <= 0.9 - Admin+ SQLi" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Search Logger – Know What Your Visitors Search", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0.9", + "version_value": "0.9" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Search Logger WordPress plugin through 0.9 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/b6c62e53-ae49-4fe0-aed9-0c493fc4442d", + "name": "https://wpscan.com/vulnerability/b6c62e53-ae49-4fe0-aed9-0c493fc4442d" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-89 SQL Injection", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Mika" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3139.json b/2022/3xxx/CVE-2022-3139.json index b08edf2edce..47de987163f 100644 --- a/2022/3xxx/CVE-2022-3139.json +++ b/2022/3xxx/CVE-2022-3139.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-3139", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-3139", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "We’re Open! < 1.42 - Admin+ Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "We’re Open!", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.42", + "version_value": "1.42" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The We’re Open! WordPress plugin before 1.42 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/11c89925-4fe9-45f7-9020-55fe7bbae3db", + "name": "https://wpscan.com/vulnerability/11c89925-4fe9-45f7-9020-55fe7bbae3db" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-Site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Asif Nawaz Minhas" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3140.json b/2022/3xxx/CVE-2022-3140.json index a3dc538c59a..63affcad508 100644 --- a/2022/3xxx/CVE-2022-3140.json +++ b/2022/3xxx/CVE-2022-3140.json @@ -73,6 +73,11 @@ "refsource": "MISC", "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2022-3140", "name": "https://www.libreoffice.org/about-us/security/advisories/CVE-2022-3140" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5252", + "url": "https://www.debian.org/security/2022/dsa-5252" } ] }, diff --git a/2022/3xxx/CVE-2022-3149.json b/2022/3xxx/CVE-2022-3149.json index 3a861b96e71..6442dc0d737 100644 --- a/2022/3xxx/CVE-2022-3149.json +++ b/2022/3xxx/CVE-2022-3149.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-3149", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-3149", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "WP Custom Cursors < 3.0.1 - Stored Cross-Site Scripting via CSRF" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WP Custom Cursors", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.0.1", + "version_value": "3.0.1" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when creating and editing cursors, which could allow attackers to made a logged in admin perform such actions via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping in some of the cursor options, it could also lead to Stored Cross-Site Scripting" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/4c13a93d-2100-4721-8937-a1205378655f", + "name": "https://wpscan.com/vulnerability/4c13a93d-2100-4721-8937-a1205378655f" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "eng" + } + ] + }, + { + "description": [ + { + "value": "CWE-79 Cross-Site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Lana Codes" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2022/3xxx/CVE-2022-3150.json b/2022/3xxx/CVE-2022-3150.json index 90a8ca833d9..d888b423656 100644 --- a/2022/3xxx/CVE-2022-3150.json +++ b/2022/3xxx/CVE-2022-3150.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-3150", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-3150", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "WP Custom Cursors <= 3.0 - Admin+ SQLi" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WP Custom Cursors | WordPress Cursor Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "3.0", + "version_value": "3.0" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WP Custom Cursors WordPress plugin through 3.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privileged users such as admin" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/bb0806d7-21e3-4a65-910c-bf0625c338ec", + "name": "https://wpscan.com/vulnerability/bb0806d7-21e3-4a65-910c-bf0625c338ec" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-89 SQL Injection", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Lana Codes" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3151.json b/2022/3xxx/CVE-2022-3151.json index d8d8227288d..b40bfbb9a81 100644 --- a/2022/3xxx/CVE-2022-3151.json +++ b/2022/3xxx/CVE-2022-3151.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-3151", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-3151", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "WP Custom Cursors < 3.0.1 - Arbitrary Cursor Deletion via CSRF" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WP Custom Cursors", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.0.1", + "version_value": "3.0.1" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when deleting cursors, which could allow attackers to made a logged in admin delete arbitrary cursors via a CSRF attack." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/27816c70-58ad-4ffb-adcc-69eb1b210744", + "name": "https://wpscan.com/vulnerability/27816c70-58ad-4ffb-adcc-69eb1b210744" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Lana Codes" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2022/3xxx/CVE-2022-3165.json b/2022/3xxx/CVE-2022-3165.json index 7bc18554584..d9aec9bcad2 100644 --- a/2022/3xxx/CVE-2022-3165.json +++ b/2022/3xxx/CVE-2022-3165.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3165", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "QEMU", + "version": { + "version_data": [ + { + "version_value": "Affected 6.1.0 and later. Will be fixed in 7.2.0-rc0." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-191" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gitlab.com/qemu-project/qemu/-/commit/d307040b18", + "url": "https://gitlab.com/qemu-project/qemu/-/commit/d307040b18" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service." } ] } diff --git a/2022/3xxx/CVE-2022-3171.json b/2022/3xxx/CVE-2022-3171.json index cc052eb10b3..6a3b7c48545 100644 --- a/2022/3xxx/CVE-2022-3171.json +++ b/2022/3xxx/CVE-2022-3171.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@google.com", "ID": "CVE-2022-3171", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Memory handling vulnerability in ProtocolBuffers Java core and lite" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Protocolbuffers", + "version": { + "version_data": [ + { + "platform": "core and lite", + "version_affected": "<", + "version_name": "3.21.7", + "version_value": "3.21.7" + }, + { + "platform": "core and lite", + "version_affected": "<", + "version_name": "3.20.3", + "version_value": "3.20.3" + }, { + "platform": "core and lite", + "version_affected": "<", + "version_name": "3.19.6", + "version_value": "3.19.6" + }, + { + "platform": "core and lite", + "version_affected": "<", + "version_name": "3.16.3", + "version_value": "3.16.3" + } + ] + } + } + ] + }, + "vendor_name": "Google LLC" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2", + "refsource": "CONFIRM", + "url": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2" + } + ] + }, + "source": { + "discovery": "INTERNAL" } -} \ No newline at end of file +} + diff --git a/2022/3xxx/CVE-2022-3206.json b/2022/3xxx/CVE-2022-3206.json index 95d9e3118c0..0175fd34e1b 100644 --- a/2022/3xxx/CVE-2022-3206.json +++ b/2022/3xxx/CVE-2022-3206.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-3206", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-3206", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Passster < 3.5.5.5.2 - Insecure Storage of Password" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Passster – Password Protection", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.5.5.5.2", + "version_value": "3.5.5.5.2" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Passster WordPress plugin before 3.5.5.5.2 stores the password inside a cookie named \"passster\" using base64 encoding method which is easy to decode. This puts the password at risk in case the cookies get leaked." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/a8963750-62bf-403e-a906-94f371ed2a7a", + "name": "https://wpscan.com/vulnerability/a8963750-62bf-403e-a906-94f371ed2a7a" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-326 Inadequate Encryption Strength", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Raad Haddad of Cloudyrion GmbH" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3234.json b/2022/3xxx/CVE-2022-3234.json index d95757e9e7a..f3eb3cc0018 100644 --- a/2022/3xxx/CVE-2022-3234.json +++ b/2022/3xxx/CVE-2022-3234.json @@ -1,89 +1,99 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2022-3234", - "STATE": "PUBLIC", - "TITLE": "Heap-based Buffer Overflow in vim/vim" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "vim/vim", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "9.0.0483" - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2022-3234", + "STATE": "PUBLIC", + "TITLE": "Heap-based Buffer Overflow in vim/vim" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "vim/vim", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.0.0483" + } + ] + } + } + ] + }, + "vendor_name": "vim" } - } ] - }, - "vendor_name": "vim" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-122 Heap-based Buffer Overflow" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/90fdf374-bf04-4386-8a23-38c83b88f0da", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/90fdf374-bf04-4386-8a23-38c83b88f0da" - }, - { - "name": "https://github.com/vim/vim/commit/c249913edc35c0e666d783bfc21595cf9f7d9e0d", - "refsource": "MISC", - "url": "https://github.com/vim/vim/commit/c249913edc35c0e666d783bfc21595cf9f7d9e0d" - } - ] - }, - "source": { - "advisory": "90fdf374-bf04-4386-8a23-38c83b88f0da", - "discovery": "EXTERNAL" - } + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122 Heap-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/90fdf374-bf04-4386-8a23-38c83b88f0da", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/90fdf374-bf04-4386-8a23-38c83b88f0da" + }, + { + "name": "https://github.com/vim/vim/commit/c249913edc35c0e666d783bfc21595cf9f7d9e0d", + "refsource": "MISC", + "url": "https://github.com/vim/vim/commit/c249913edc35c0e666d783bfc21595cf9f7d9e0d" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-40161673a3", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-fff548cfab", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/" + } + ] + }, + "source": { + "advisory": "90fdf374-bf04-4386-8a23-38c83b88f0da", + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3235.json b/2022/3xxx/CVE-2022-3235.json index a3bb87321e8..da8e62d40d6 100644 --- a/2022/3xxx/CVE-2022-3235.json +++ b/2022/3xxx/CVE-2022-3235.json @@ -1,89 +1,99 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2022-3235", - "STATE": "PUBLIC", - "TITLE": "Use After Free in vim/vim" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "vim/vim", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "9.0.0490" - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2022-3235", + "STATE": "PUBLIC", + "TITLE": "Use After Free in vim/vim" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "vim/vim", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.0.0490" + } + ] + } + } + ] + }, + "vendor_name": "vim" } - } ] - }, - "vendor_name": "vim" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Use After Free in GitHub repository vim/vim prior to 9.0.0490." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-416 Use After Free" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use After Free in GitHub repository vim/vim prior to 9.0.0490." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/96d5f7a0-a834-4571-b73b-0fe523b941af", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/96d5f7a0-a834-4571-b73b-0fe523b941af" - }, - { - "name": "https://github.com/vim/vim/commit/1c3dd8ddcba63c1af5112e567215b3cec2de11d0", - "refsource": "MISC", - "url": "https://github.com/vim/vim/commit/1c3dd8ddcba63c1af5112e567215b3cec2de11d0" - } - ] - }, - "source": { - "advisory": "96d5f7a0-a834-4571-b73b-0fe523b941af", - "discovery": "EXTERNAL" - } + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416 Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/96d5f7a0-a834-4571-b73b-0fe523b941af", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/96d5f7a0-a834-4571-b73b-0fe523b941af" + }, + { + "name": "https://github.com/vim/vim/commit/1c3dd8ddcba63c1af5112e567215b3cec2de11d0", + "refsource": "MISC", + "url": "https://github.com/vim/vim/commit/1c3dd8ddcba63c1af5112e567215b3cec2de11d0" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-40161673a3", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-fff548cfab", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/" + } + ] + }, + "source": { + "advisory": "96d5f7a0-a834-4571-b73b-0fe523b941af", + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3243.json b/2022/3xxx/CVE-2022-3243.json index e038bcdd3f1..0374cf1f6f1 100644 --- a/2022/3xxx/CVE-2022-3243.json +++ b/2022/3xxx/CVE-2022-3243.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-3243", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-3243", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Import all XML, CSV & TXT into WordPress < 6.5.8 - Admin+ SQLi" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Import all XML, CSV & TXT into WordPress", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.5.8", + "version_value": "6.5.8" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/9f03bc1a-214f-451a-89fd-2cd3517e8f8a", + "name": "https://wpscan.com/vulnerability/9f03bc1a-214f-451a-89fd-2cd3517e8f8a" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-89 SQL Injection", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Sanjay Das" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2022/3xxx/CVE-2022-3244.json b/2022/3xxx/CVE-2022-3244.json index 68c0891b7d5..fcec75a2a1e 100644 --- a/2022/3xxx/CVE-2022-3244.json +++ b/2022/3xxx/CVE-2022-3244.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-3244", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-3244", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Import all XML, CSV & TXT into WordPress < 6.5.8 - Missing Authorisation" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Import all XML, CSV & TXT into WordPress", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.5.8", + "version_value": "6.5.8" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage to get the related nonce" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/de4bc449-3dd4-4776-943f-ac59ae813132", + "name": "https://wpscan.com/vulnerability/de4bc449-3dd4-4776-943f-ac59ae813132" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-862 Missing Authorization", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Sanjay Das" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2022/3xxx/CVE-2022-3256.json b/2022/3xxx/CVE-2022-3256.json index 4949ab8d96e..8c7a3c7a18f 100644 --- a/2022/3xxx/CVE-2022-3256.json +++ b/2022/3xxx/CVE-2022-3256.json @@ -1,89 +1,99 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2022-3256", - "STATE": "PUBLIC", - "TITLE": "Use After Free in vim/vim" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "vim/vim", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "9.0.0530" - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2022-3256", + "STATE": "PUBLIC", + "TITLE": "Use After Free in vim/vim" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "vim/vim", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.0.0530" + } + ] + } + } + ] + }, + "vendor_name": "vim" } - } ] - }, - "vendor_name": "vim" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Use After Free in GitHub repository vim/vim prior to 9.0.0530." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-416 Use After Free" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use After Free in GitHub repository vim/vim prior to 9.0.0530." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/8336a3df-212a-4f8d-ae34-76ef1f936bb3", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/8336a3df-212a-4f8d-ae34-76ef1f936bb3" - }, - { - "name": "https://github.com/vim/vim/commit/8ecfa2c56b4992c7f067b92488aa9acea5a454ad", - "refsource": "MISC", - "url": "https://github.com/vim/vim/commit/8ecfa2c56b4992c7f067b92488aa9acea5a454ad" - } - ] - }, - "source": { - "advisory": "8336a3df-212a-4f8d-ae34-76ef1f936bb3", - "discovery": "EXTERNAL" - } + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416 Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/8336a3df-212a-4f8d-ae34-76ef1f936bb3", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/8336a3df-212a-4f8d-ae34-76ef1f936bb3" + }, + { + "name": "https://github.com/vim/vim/commit/8ecfa2c56b4992c7f067b92488aa9acea5a454ad", + "refsource": "MISC", + "url": "https://github.com/vim/vim/commit/8ecfa2c56b4992c7f067b92488aa9acea5a454ad" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-40161673a3", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-fff548cfab", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/" + } + ] + }, + "source": { + "advisory": "8336a3df-212a-4f8d-ae34-76ef1f936bb3", + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3278.json b/2022/3xxx/CVE-2022-3278.json index 659d06c3974..4005930bfb9 100644 --- a/2022/3xxx/CVE-2022-3278.json +++ b/2022/3xxx/CVE-2022-3278.json @@ -1,89 +1,99 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2022-3278", - "STATE": "PUBLIC", - "TITLE": "NULL Pointer Dereference in vim/vim" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "vim/vim", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "9.0.0552" - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2022-3278", + "STATE": "PUBLIC", + "TITLE": "NULL Pointer Dereference in vim/vim" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "vim/vim", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.0.0552" + } + ] + } + } + ] + }, + "vendor_name": "vim" } - } ] - }, - "vendor_name": "vim" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 6.8, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "HIGH", - "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-476 NULL Pointer Dereference" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612" - }, - { - "name": "https://github.com/vim/vim/commit/69082916c8b5d321545d60b9f5facad0a2dd5a4e", - "refsource": "MISC", - "url": "https://github.com/vim/vim/commit/69082916c8b5d321545d60b9f5facad0a2dd5a4e" - } - ] - }, - "source": { - "advisory": "a9fad77e-f245-4ce9-ba15-c7d4c86c4612", - "discovery": "EXTERNAL" - } + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476 NULL Pointer Dereference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612" + }, + { + "name": "https://github.com/vim/vim/commit/69082916c8b5d321545d60b9f5facad0a2dd5a4e", + "refsource": "MISC", + "url": "https://github.com/vim/vim/commit/69082916c8b5d321545d60b9f5facad0a2dd5a4e" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-40161673a3", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-fff548cfab", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/" + } + ] + }, + "source": { + "advisory": "a9fad77e-f245-4ce9-ba15-c7d4c86c4612", + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3279.json b/2022/3xxx/CVE-2022-3279.json index b890b922f9a..b66e059dacb 100644 --- a/2022/3xxx/CVE-2022-3279.json +++ b/2022/3xxx/CVE-2022-3279.json @@ -4,15 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3279", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": "<15.2.5" + }, + { + "version_value": ">=15.3, <15.3.4" + }, + { + "version_value": ">=15.4, <15.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Uncaught exception in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/364249", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/364249", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/1587261", + "url": "https://hackerone.com/reports/1587261", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3279.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3279.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An unhandled exception in job log parsing in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to prevent access to job logs" } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 2.6, + "baseSeverity": "LOW" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks [exem_pt](https://hackerone.com/exem_pt) for reporting this vulnerability through our HackerOne bug bounty program" + } + ] } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3281.json b/2022/3xxx/CVE-2022-3281.json index c787ff91810..121be5835ca 100644 --- a/2022/3xxx/CVE-2022-3281.json +++ b/2022/3xxx/CVE-2022-3281.json @@ -1,18 +1,176 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "info@cert.vde.com", + "DATE_PUBLIC": "2022-10-17T08:00:00.000Z", "ID": "CVE-2022-3281", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WAGO: multiple products - Loss of MAC-Address-Filtering after reboot" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "750-81xx/xxx-xxx Series PFC100/PFC200", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "03.01.07(13)", + "version_value": "03.10.08(22)" + } + ] + } + }, + { + "product_name": "750-8217/xxx-xxx Series PFC100/PFC200", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "03.04.10(16)", + "version_value": "03.10.08(22)" + } + ] + } + }, + { + "product_name": "750-82xx/xxx-xxx Series PFC100/PFC200", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "03.01.07(13)", + "version_value": "03.10.08(22)" + } + ] + } + }, + { + "product_name": "Compact Controller CC100", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "03.07.17(19)", + "version_value": "03.09.08(21)" + } + ] + } + }, + { + "product_name": "762-4xxx Series Touch Panel 600", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "03.01.07(13)", + "version_value": "03.10.09(22)" + } + ] + } + }, + { + "product_name": "762-5xxx Series Touch Panel 600", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "03.01.07(13)", + "version_value": "03.10.09(22)" + } + ] + } + }, + { + "product_name": "762-6xxx Series Touch Panel 600", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "03.01.07(13)", + "version_value": "03.10.09(22)" + } + ] + } + }, + { + "product_name": "752-8303/8000-002 Edge Controller", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "03.06.09(18)", + "version_value": "03.10.09(22)" + } + ] + } + } + ] + }, + "vendor_name": "WAGO" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot. This may allow an remote attacker to circumvent the reach the network that should be protected by the MAC address filter." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-440 Expected Behavior Violation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://cert.vde.com/en/advisories/VDE-2022-042/", + "refsource": "CONFIRM", + "url": "https://cert.vde.com/en/advisories/VDE-2022-042/" + } + ] + }, + "source": { + "advisory": "VDE-2022-042", + "defect": [ + "CERT@VDE#64236" + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3282.json b/2022/3xxx/CVE-2022-3282.json index 669bdd7852d..1513a706acf 100644 --- a/2022/3xxx/CVE-2022-3282.json +++ b/2022/3xxx/CVE-2022-3282.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-3282", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-3282", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Drag and Drop Multiple File Upload < 1.3.6.5 - File Upload Size Limit Bypass" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Drag and Drop Multiple File Upload – Contact Form 7", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.3.6.5", + "version_value": "1.3.6.5" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.5 does not properly check for the upload size limit set in forms, taking the value from user input sent when submitting the form. As a result, attackers could control the file length limit and bypass the limit set by admins in the contact form." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/035dffef-4b4b-4afb-9776-7f6c5e56452c", + "name": "https://wpscan.com/vulnerability/035dffef-4b4b-4afb-9776-7f6c5e56452c" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-639 Authorization Bypass Through User-Controlled Key", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Sanjay Das" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2022/3xxx/CVE-2022-3283.json b/2022/3xxx/CVE-2022-3283.json index c68a5ff6dd4..0716f829186 100644 --- a/2022/3xxx/CVE-2022-3283.json +++ b/2022/3xxx/CVE-2022-3283.json @@ -4,15 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3283", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=15.4, <15.4.1" + }, + { + "version_value": ">=15.3, <15.3.4" + }, + { + "version_value": "<15.2.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Uncontrolled resource consumption in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://hackerone.com/reports/1543718", + "url": "https://hackerone.com/reports/1543718", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/361982", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/361982", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3283.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3283.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 While cloning an issue with special crafted content added to the description could have been used to trigger high CPU usage." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 7.5, + "baseSeverity": "HIGH" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks legit-security(https://hackerone.com/legit-security) for reporting this vulnerability through our HackerOne bug bounty program" + } + ] } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3286.json b/2022/3xxx/CVE-2022-3286.json index f5eafe30e15..c72cef6cc35 100644 --- a/2022/3xxx/CVE-2022-3286.json +++ b/2022/3xxx/CVE-2022-3286.json @@ -4,15 +4,92 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3286", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=14.2, <15.2.5" + }, + { + "version_value": ">=15.3, <15.3.4" + }, + { + "version_value": ">=15.4, <15.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper access control in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/363827", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/363827", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3286.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3286.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Lack of IP address checking in GitLab EE affecting all versions from 14.2 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows a group member to bypass IP restrictions when using a deploy token" } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "This vulnerability has been discovered internally by the GitLab team" + } + ] } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3288.json b/2022/3xxx/CVE-2022-3288.json index 2ae0d18c1b8..faaf76f3261 100644 --- a/2022/3xxx/CVE-2022-3288.json +++ b/2022/3xxx/CVE-2022-3288.json @@ -4,15 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3288", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": "<15.2.5" + }, + { + "version_value": ">=15.3, <15.3.4" + }, + { + "version_value": ">=15.4, <15.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use of incorrectly-resolved name or reference in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/354948", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/354948", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/1498354", + "url": "https://hackerone.com/reports/1498354", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3288.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3288.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to manipulate pages where the content of the default branch would be expected." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1", + "baseScore": 3.5, + "baseSeverity": "LOW" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks [st4nly0n](https://hackerone.com/st4nly0n) for reporting this vulnerability through our HackerOne bug bounty program" + } + ] } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3291.json b/2022/3xxx/CVE-2022-3291.json index 9399831dfce..f0d574bbdbe 100644 --- a/2022/3xxx/CVE-2022-3291.json +++ b/2022/3xxx/CVE-2022-3291.json @@ -4,15 +4,92 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3291", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=14.9, <15.2.5" + }, + { + "version_value": ">=15.3, <15.3.4" + }, + { + "version_value": ">=15.4, <15.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information exposure in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/354299", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/354299", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3291.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3291.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Serialization of sensitive data in GitLab EE affecting all versions from 14.9 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 can leak sensitive information via cache" } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "This vulnerability has been discovered internally by the GitLab team" + } + ] } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3293.json b/2022/3xxx/CVE-2022-3293.json index 4f6ec2f6c3a..1073c0d060f 100644 --- a/2022/3xxx/CVE-2022-3293.json +++ b/2022/3xxx/CVE-2022-3293.json @@ -4,15 +4,92 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3293", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=9.3, <15.2.5" + }, + { + "version_value": ">=15.3, <15.3.4" + }, + { + "version_value": ">=15.4, <15.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information exposure in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/369008", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/369008", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3293.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3293.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Email addresses were leaked in WebHook logs in GitLab EE affecting all versions from 9.3 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1" } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1", + "baseScore": 3.5, + "baseSeverity": "LOW" + } + }, + "credit": [ + { + "lang": "eng", + "value": "This vulnerability has been discovered internally by the GitLab team" + } + ] } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3296.json b/2022/3xxx/CVE-2022-3296.json index 2db3e2a93d5..7410d3c0b17 100644 --- a/2022/3xxx/CVE-2022-3296.json +++ b/2022/3xxx/CVE-2022-3296.json @@ -1,89 +1,99 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2022-3296", - "STATE": "PUBLIC", - "TITLE": "Stack-based Buffer Overflow in vim/vim" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "vim/vim", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "9.0.0577" - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2022-3296", + "STATE": "PUBLIC", + "TITLE": "Stack-based Buffer Overflow in vim/vim" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "vim/vim", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.0.0577" + } + ] + } + } + ] + }, + "vendor_name": "vim" } - } ] - }, - "vendor_name": "vim" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-121 Stack-based Buffer Overflow" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077" - }, - { - "name": "https://github.com/vim/vim/commit/96b9bf8f74af8abf1e30054f996708db7dc285be", - "refsource": "MISC", - "url": "https://github.com/vim/vim/commit/96b9bf8f74af8abf1e30054f996708db7dc285be" - } - ] - }, - "source": { - "advisory": "958866b8-526a-4979-9471-39392e0c9077", - "discovery": "EXTERNAL" - } + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121 Stack-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077" + }, + { + "name": "https://github.com/vim/vim/commit/96b9bf8f74af8abf1e30054f996708db7dc285be", + "refsource": "MISC", + "url": "https://github.com/vim/vim/commit/96b9bf8f74af8abf1e30054f996708db7dc285be" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-40161673a3", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-fff548cfab", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/" + } + ] + }, + "source": { + "advisory": "958866b8-526a-4979-9471-39392e0c9077", + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3297.json b/2022/3xxx/CVE-2022-3297.json index 663495ee58c..f9e33c9da68 100644 --- a/2022/3xxx/CVE-2022-3297.json +++ b/2022/3xxx/CVE-2022-3297.json @@ -79,6 +79,16 @@ "name": "https://github.com/vim/vim/commit/0ff01835a40f549c5c4a550502f62a2ac9ac447c", "refsource": "MISC", "url": "https://github.com/vim/vim/commit/0ff01835a40f549c5c4a550502f62a2ac9ac447c" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-40161673a3", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-fff548cfab", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/" } ] }, diff --git a/2022/3xxx/CVE-2022-3324.json b/2022/3xxx/CVE-2022-3324.json index dd8cde6bae9..ddccf791278 100644 --- a/2022/3xxx/CVE-2022-3324.json +++ b/2022/3xxx/CVE-2022-3324.json @@ -1,89 +1,99 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2022-3324", - "STATE": "PUBLIC", - "TITLE": "Stack-based Buffer Overflow in vim/vim" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "vim/vim", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "9.0.0598" - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2022-3324", + "STATE": "PUBLIC", + "TITLE": "Stack-based Buffer Overflow in vim/vim" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "vim/vim", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.0.0598" + } + ] + } + } + ] + }, + "vendor_name": "vim" } - } ] - }, - "vendor_name": "vim" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-121 Stack-based Buffer Overflow" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/e414e55b-f332-491f-863b-c18dca97403c", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/e414e55b-f332-491f-863b-c18dca97403c" - }, - { - "name": "https://github.com/vim/vim/commit/8279af514ca7e5fd3c31cf13b0864163d1a0bfeb", - "refsource": "MISC", - "url": "https://github.com/vim/vim/commit/8279af514ca7e5fd3c31cf13b0864163d1a0bfeb" - } - ] - }, - "source": { - "advisory": "e414e55b-f332-491f-863b-c18dca97403c", - "discovery": "EXTERNAL" - } + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121 Stack-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/e414e55b-f332-491f-863b-c18dca97403c", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/e414e55b-f332-491f-863b-c18dca97403c" + }, + { + "name": "https://github.com/vim/vim/commit/8279af514ca7e5fd3c31cf13b0864163d1a0bfeb", + "refsource": "MISC", + "url": "https://github.com/vim/vim/commit/8279af514ca7e5fd3c31cf13b0864163d1a0bfeb" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-40161673a3", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-fff548cfab", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/" + } + ] + }, + "source": { + "advisory": "e414e55b-f332-491f-863b-c18dca97403c", + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3325.json b/2022/3xxx/CVE-2022-3325.json index 62167821389..f6d8a790849 100644 --- a/2022/3xxx/CVE-2022-3325.json +++ b/2022/3xxx/CVE-2022-3325.json @@ -4,15 +4,92 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3325", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=15.4, <15.4.1" + }, + { + "version_value": ">=15.3, <15.3.4" + }, + { + "version_value": ">=12.8, <15.2.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper access control in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/360819", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/360819", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3325.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3325.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control in the GitLab CE/EE API affecting all versions starting from 12.8 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. Allowed for editing the approval rules via the API by an unauthorised user." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 2.6, + "baseSeverity": "LOW" + } + }, + "credit": [ + { + "lang": "eng", + "value": "This vulnerability has been discovered internally by the GitLab team" + } + ] } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3330.json b/2022/3xxx/CVE-2022-3330.json index 88ea6dcd72b..536e5710a9d 100644 --- a/2022/3xxx/CVE-2022-3330.json +++ b/2022/3xxx/CVE-2022-3330.json @@ -4,15 +4,92 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3330", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=15.0, <15.2.5" + }, + { + "version_value": ">=15.3, <15.3.4" + }, + { + "version_value": ">=15.4, <15.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper authorization in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/365827", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/365827", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3330.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3330.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "It was possible for a guest user to read a todo targeting an inaccessible note in Gitlab CE/EE affecting all versions from 15.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 4.2, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "This vulnerability has been discovered internally by the GitLab team" + } + ] } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3331.json b/2022/3xxx/CVE-2022-3331.json index 3a3918773f2..20527037101 100644 --- a/2022/3xxx/CVE-2022-3331.json +++ b/2022/3xxx/CVE-2022-3331.json @@ -4,15 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3331", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=14.5, <15.1.6" + }, + { + "version_value": ">=15.2, <15.2.4" + }, + { + "version_value": ">=15.3, <15.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authorization bypass through user-controlled key in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/360372", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/360372", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/1542834", + "url": "https://hackerone.com/reports/1542834", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3331.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3331.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue has been discovered in GitLab EE affecting all versions starting from 14.5 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab's Zentao integration has an insecure direct object reference vulnerability that may be exploited by an attacker to leak Zentao project issues." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N", + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 3.5, + "baseSeverity": "LOW" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks [joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program" + } + ] } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3351.json b/2022/3xxx/CVE-2022-3351.json index cc2b8caeabd..6454004a983 100644 --- a/2022/3xxx/CVE-2022-3351.json +++ b/2022/3xxx/CVE-2022-3351.json @@ -4,15 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3351", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=15.4, <15.4.1" + }, + { + "version_value": ">=15.3, <15.3.4" + }, + { + "version_value": ">=13.7, <15.2.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information exposure in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/364266", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/364266", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/1446022", + "url": "https://hackerone.com/reports/1446022", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3351.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3351.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue has been discovered in GitLab EE affecting all versions starting from 13.7 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A user's primary email may be disclosed to an attacker through group member events webhooks." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 4.2, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks [@joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program" + } + ] } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3352.json b/2022/3xxx/CVE-2022-3352.json index b2007d30ba1..1b50f60247a 100644 --- a/2022/3xxx/CVE-2022-3352.json +++ b/2022/3xxx/CVE-2022-3352.json @@ -1,89 +1,99 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2022-3352", - "STATE": "PUBLIC", - "TITLE": "Use After Free in vim/vim" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "vim/vim", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "9.0.0614" - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2022-3352", + "STATE": "PUBLIC", + "TITLE": "Use After Free in vim/vim" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "vim/vim", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.0.0614" + } + ] + } + } + ] + }, + "vendor_name": "vim" } - } ] - }, - "vendor_name": "vim" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Use After Free in GitHub repository vim/vim prior to 9.0.0614." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-416 Use After Free" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use After Free in GitHub repository vim/vim prior to 9.0.0614." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/d058f182-a49b-40c7-9234-43d4c5a29f60", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/d058f182-a49b-40c7-9234-43d4c5a29f60" - }, - { - "name": "https://github.com/vim/vim/commit/ef976323e770315b5fca544efb6b2faa25674d15", - "refsource": "MISC", - "url": "https://github.com/vim/vim/commit/ef976323e770315b5fca544efb6b2faa25674d15" - } - ] - }, - "source": { - "advisory": "d058f182-a49b-40c7-9234-43d4c5a29f60", - "discovery": "EXTERNAL" - } + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416 Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/d058f182-a49b-40c7-9234-43d4c5a29f60", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/d058f182-a49b-40c7-9234-43d4c5a29f60" + }, + { + "name": "https://github.com/vim/vim/commit/ef976323e770315b5fca544efb6b2faa25674d15", + "refsource": "MISC", + "url": "https://github.com/vim/vim/commit/ef976323e770315b5fca544efb6b2faa25674d15" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-40161673a3", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-fff548cfab", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/" + } + ] + }, + "source": { + "advisory": "d058f182-a49b-40c7-9234-43d4c5a29f60", + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3435.json b/2022/3xxx/CVE-2022-3435.json index 34841169d95..d4136a77d78 100644 --- a/2022/3xxx/CVE-2022-3435.json +++ b/2022/3xxx/CVE-2022-3435.json @@ -71,6 +71,16 @@ "url": "https://vuldb.com/?id.210357", "refsource": "MISC", "name": "https://vuldb.com/?id.210357" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-2cfbe17910", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-b948fc3cfb", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/" } ] } diff --git a/2022/3xxx/CVE-2022-3439.json b/2022/3xxx/CVE-2022-3439.json index 67b50013d4e..5d4e03c440c 100644 --- a/2022/3xxx/CVE-2022-3439.json +++ b/2022/3xxx/CVE-2022-3439.json @@ -1,18 +1,89 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-3439", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Allocation of Resources Without Limits or Throttling in ikus060/rdiffweb" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ikus060/rdiffweb", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2.5.0" + } + ] + } + } + ] + }, + "vendor_name": "ikus060" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "PHYSICAL", + "availabilityImpact": "HIGH", + "baseScore": 4.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-770 Allocation of Resources Without Limits or Throttling" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ikus060/rdiffweb/commit/b78ec09f4582e363f6f449df6f987127e126c311", + "refsource": "MISC", + "url": "https://github.com/ikus060/rdiffweb/commit/b78ec09f4582e363f6f449df6f987127e126c311" + }, + { + "name": "https://huntr.dev/bounties/37b86c45-b240-4626-bd53-b6f02d10e0d7", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/37b86c45-b240-4626-bd53-b6f02d10e0d7" + } + ] + }, + "source": { + "advisory": "37b86c45-b240-4626-bd53-b6f02d10e0d7", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3456.json b/2022/3xxx/CVE-2022-3456.json index 46113c22ac1..dd94f63872f 100644 --- a/2022/3xxx/CVE-2022-3456.json +++ b/2022/3xxx/CVE-2022-3456.json @@ -1,18 +1,89 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-3456", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2022-3456", + "STATE": "PUBLIC", + "TITLE": "Allocation of Resources Without Limits or Throttling in ikus060/rdiffweb" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ikus060/rdiffweb", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2.5.0" + } + ] + } + } + ] + }, + "vendor_name": "ikus060" + } + ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 5.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-770 Allocation of Resources Without Limits or Throttling" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/b34412ca-50c5-4615-b7e3-5d07d33acfce", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/b34412ca-50c5-4615-b7e3-5d07d33acfce" + }, + { + "name": "https://github.com/ikus060/rdiffweb/commit/b78ec09f4582e363f6f449df6f987127e126c311", + "refsource": "MISC", + "url": "https://github.com/ikus060/rdiffweb/commit/b78ec09f4582e363f6f449df6f987127e126c311" + } + ] + }, + "source": { + "advisory": "b34412ca-50c5-4615-b7e3-5d07d33acfce", + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3457.json b/2022/3xxx/CVE-2022-3457.json index 9ca6fb25dd9..81b325d5fa4 100644 --- a/2022/3xxx/CVE-2022-3457.json +++ b/2022/3xxx/CVE-2022-3457.json @@ -1,18 +1,89 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-3457", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2022-3457", + "STATE": "PUBLIC", + "TITLE": "Origin Validation Error in ikus060/rdiffweb" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ikus060/rdiffweb", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2.5.0a5" + } + ] + } + } + ] + }, + "vendor_name": "ikus060" + } + ] } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Origin Validation Error in GitHub repository ikus060/rdiffweb prior to 2.5.0a5." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.7, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-346 Origin Validation Error" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/cfcab02e-d6ad-4dcf-b1b0-da90434bc55b", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/cfcab02e-d6ad-4dcf-b1b0-da90434bc55b" + }, + { + "name": "https://github.com/ikus060/rdiffweb/commit/afc1bdfab5161c74012ff2590a6ec49cc0d8fde0", + "refsource": "MISC", + "url": "https://github.com/ikus060/rdiffweb/commit/afc1bdfab5161c74012ff2590a6ec49cc0d8fde0" + } + ] + }, + "source": { + "advisory": "cfcab02e-d6ad-4dcf-b1b0-da90434bc55b", + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3470.json b/2022/3xxx/CVE-2022-3470.json index 0576ac8d1a7..35f113e47d4 100644 --- a/2022/3xxx/CVE-2022-3470.json +++ b/2022/3xxx/CVE-2022-3470.json @@ -4,14 +4,73 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3470", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "SourceCodester Human Resource Management System getstatecity.php sql injection", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Human Resource Management System", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-89 SQL Injection" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in SourceCodester Human Resource Management System. It has been classified as critical. Affected is an unknown function of the file getstatecity.php. The manipulation of the argument sc leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-210714 is the identifier assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "6.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Hanfu-l/POC-Exp/blob/main/The%20Human%20Resource%20Management%20System%20sc%20parameter%20is%20injected.pdf", + "refsource": "MISC", + "name": "https://github.com/Hanfu-l/POC-Exp/blob/main/The%20Human%20Resource%20Management%20System%20sc%20parameter%20is%20injected.pdf" + }, + { + "url": "https://vuldb.com/?id.210714", + "refsource": "MISC", + "name": "https://vuldb.com/?id.210714" } ] } diff --git a/2022/3xxx/CVE-2022-3471.json b/2022/3xxx/CVE-2022-3471.json index dfa9d302c1c..022aebc4762 100644 --- a/2022/3xxx/CVE-2022-3471.json +++ b/2022/3xxx/CVE-2022-3471.json @@ -4,14 +4,73 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3471", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "SourceCodester Human Resource Management System city.php sql injection", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Human Resource Management System", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-89 SQL Injection" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in SourceCodester Human Resource Management System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file city.php. The manipulation of the argument searccity leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-210715." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "6.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Hanfu-l/POC-Exp/blob/main/The%20Human%20Resource%20Management%20System%20searccity%20parameter%20is%20injected.pdf", + "refsource": "MISC", + "name": "https://github.com/Hanfu-l/POC-Exp/blob/main/The%20Human%20Resource%20Management%20System%20searccity%20parameter%20is%20injected.pdf" + }, + { + "url": "https://vuldb.com/?id.210715", + "refsource": "MISC", + "name": "https://vuldb.com/?id.210715" } ] } diff --git a/2022/3xxx/CVE-2022-3472.json b/2022/3xxx/CVE-2022-3472.json index 700b2588abe..956c680bb7b 100644 --- a/2022/3xxx/CVE-2022-3472.json +++ b/2022/3xxx/CVE-2022-3472.json @@ -4,14 +4,73 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3472", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "SourceCodester Human Resource Management System city.php sql injection", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Human Resource Management System", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-89 SQL Injection" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in SourceCodester Human Resource Management System. It has been rated as critical. Affected by this issue is some unknown functionality of the file city.php. The manipulation of the argument cityedit leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210716." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "6.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Hanfu-l/POC-Exp/blob/main/The%20Human%20Resource%20Management%20System%20cityedit%20parameter%20is%20injected.pdf", + "refsource": "MISC", + "name": "https://github.com/Hanfu-l/POC-Exp/blob/main/The%20Human%20Resource%20Management%20System%20cityedit%20parameter%20is%20injected.pdf" + }, + { + "url": "https://vuldb.com/?id.210716", + "refsource": "MISC", + "name": "https://vuldb.com/?id.210716" } ] } diff --git a/2022/3xxx/CVE-2022-3473.json b/2022/3xxx/CVE-2022-3473.json index 02d401a4cf3..190e8096d91 100644 --- a/2022/3xxx/CVE-2022-3473.json +++ b/2022/3xxx/CVE-2022-3473.json @@ -4,14 +4,73 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3473", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "SourceCodester Human Resource Management System getstatecity.php sql injection", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Human Resource Management System", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-89 SQL Injection" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical has been found in SourceCodester Human Resource Management System. This affects an unknown part of the file getstatecity.php. The manipulation of the argument ci leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-210717 was assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "6.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Hanfu-l/POC-Exp/blob/main/The%20Human%20Resource%20Management%20System%20ci%20parameter%20is%20injected.pdf", + "refsource": "MISC", + "name": "https://github.com/Hanfu-l/POC-Exp/blob/main/The%20Human%20Resource%20Management%20System%20ci%20parameter%20is%20injected.pdf" + }, + { + "url": "https://vuldb.com/?id.210717", + "refsource": "MISC", + "name": "https://vuldb.com/?id.210717" } ] } diff --git a/2022/3xxx/CVE-2022-3478.json b/2022/3xxx/CVE-2022-3478.json new file mode 100644 index 00000000000..fcbcae84533 --- /dev/null +++ b/2022/3xxx/CVE-2022-3478.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3478", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3479.json b/2022/3xxx/CVE-2022-3479.json new file mode 100644 index 00000000000..7f524261abf --- /dev/null +++ b/2022/3xxx/CVE-2022-3479.json @@ -0,0 +1,67 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3479", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "nss", + "version": { + "version_data": [ + { + "version_value": "3.81" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "segmentation fault" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1774654", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1774654" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2134331", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134331" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the database and this can lead us to a segmentation fault or crash." + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3480.json b/2022/3xxx/CVE-2022-3480.json new file mode 100644 index 00000000000..2ea8ccd73dc --- /dev/null +++ b/2022/3xxx/CVE-2022-3480.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3480", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3481.json b/2022/3xxx/CVE-2022-3481.json new file mode 100644 index 00000000000..13601f2a648 --- /dev/null +++ b/2022/3xxx/CVE-2022-3481.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3481", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3482.json b/2022/3xxx/CVE-2022-3482.json new file mode 100644 index 00000000000..491c1b201ff --- /dev/null +++ b/2022/3xxx/CVE-2022-3482.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3482", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3483.json b/2022/3xxx/CVE-2022-3483.json new file mode 100644 index 00000000000..fe5def4e46f --- /dev/null +++ b/2022/3xxx/CVE-2022-3483.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3483", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3484.json b/2022/3xxx/CVE-2022-3484.json new file mode 100644 index 00000000000..7b8a8680ebc --- /dev/null +++ b/2022/3xxx/CVE-2022-3484.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3484", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3485.json b/2022/3xxx/CVE-2022-3485.json new file mode 100644 index 00000000000..b92f607b1c8 --- /dev/null +++ b/2022/3xxx/CVE-2022-3485.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3485", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3486.json b/2022/3xxx/CVE-2022-3486.json new file mode 100644 index 00000000000..280b3b52b37 --- /dev/null +++ b/2022/3xxx/CVE-2022-3486.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3486", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3487.json b/2022/3xxx/CVE-2022-3487.json new file mode 100644 index 00000000000..4ae6ad318a6 --- /dev/null +++ b/2022/3xxx/CVE-2022-3487.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3487", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3488.json b/2022/3xxx/CVE-2022-3488.json new file mode 100644 index 00000000000..4cccb1fe886 --- /dev/null +++ b/2022/3xxx/CVE-2022-3488.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3488", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3489.json b/2022/3xxx/CVE-2022-3489.json new file mode 100644 index 00000000000..2821f689651 --- /dev/null +++ b/2022/3xxx/CVE-2022-3489.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3489", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3490.json b/2022/3xxx/CVE-2022-3490.json new file mode 100644 index 00000000000..7eec66e33e9 --- /dev/null +++ b/2022/3xxx/CVE-2022-3490.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3490", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3491.json b/2022/3xxx/CVE-2022-3491.json new file mode 100644 index 00000000000..0231106613a --- /dev/null +++ b/2022/3xxx/CVE-2022-3491.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3491", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3492.json b/2022/3xxx/CVE-2022-3492.json new file mode 100644 index 00000000000..130907bfa73 --- /dev/null +++ b/2022/3xxx/CVE-2022-3492.json @@ -0,0 +1,72 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3492", + "TITLE": "SourceCodester Human Resource Management System Profile Photo os command injection", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Human Resource Management System", + "version": { + "version_data": [ + { + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-78 OS Command Injection" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as critical was found in SourceCodester Human Resource Management System 1.0. This vulnerability affects unknown code of the component Profile Photo Handler. The manipulation of the argument parameter leads to os command injection. The attack can be initiated remotely. The identifier of this vulnerability is VDB-210772." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "6.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.210772", + "refsource": "MISC", + "name": "https://vuldb.com/?id.210772" + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3493.json b/2022/3xxx/CVE-2022-3493.json new file mode 100644 index 00000000000..cba015d2f16 --- /dev/null +++ b/2022/3xxx/CVE-2022-3493.json @@ -0,0 +1,72 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3493", + "TITLE": "SourceCodester Human Resource Management System Add Employee cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Human Resource Management System", + "version": { + "version_data": [ + { + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as problematic, has been found in SourceCodester Human Resource Management System 1.0. This issue affects some unknown processing of the component Add Employee Handler. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-210773 was assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.210773", + "refsource": "MISC", + "name": "https://vuldb.com/?id.210773" + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3494.json b/2022/3xxx/CVE-2022-3494.json new file mode 100644 index 00000000000..a017d579b9b --- /dev/null +++ b/2022/3xxx/CVE-2022-3494.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3494", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3495.json b/2022/3xxx/CVE-2022-3495.json new file mode 100644 index 00000000000..faae6b7db9d --- /dev/null +++ b/2022/3xxx/CVE-2022-3495.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3495", + "TITLE": "SourceCodester Simple Online Public Access Catalog Admin Login sql injection", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Simple Online Public Access Catalog", + "version": { + "version_data": [ + { + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-89 SQL Injection" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been found in SourceCodester Simple Online Public Access Catalog 1.0 and classified as critical. This vulnerability affects unknown code of the file /opac/Actions.php?a=login of the component Admin Login. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210784." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "7.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Hakcoder/Simple-Online-Public-Access-Catalog-OPAC---SQL-injection/blob/main/POC", + "refsource": "MISC", + "name": "https://github.com/Hakcoder/Simple-Online-Public-Access-Catalog-OPAC---SQL-injection/blob/main/POC" + }, + { + "url": "https://vuldb.com/?id.210784", + "refsource": "MISC", + "name": "https://vuldb.com/?id.210784" + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3496.json b/2022/3xxx/CVE-2022-3496.json new file mode 100644 index 00000000000..71d995d9832 --- /dev/null +++ b/2022/3xxx/CVE-2022-3496.json @@ -0,0 +1,72 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3496", + "TITLE": "SourceCodester Human Resource Management System Admin Panel employeeadd.php access control", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Human Resource Management System", + "version": { + "version_data": [ + { + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-266 Incorrect Privilege Assignment -> CWE-284 Improper Access Controls" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in SourceCodester Human Resource Management System 1.0 and classified as critical. This issue affects some unknown processing of the file employeeadd.php of the component Admin Panel. The manipulation leads to improper access controls. The attack may be initiated remotely. The identifier VDB-210785 was assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "6.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.210785", + "refsource": "MISC", + "name": "https://vuldb.com/?id.210785" + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3497.json b/2022/3xxx/CVE-2022-3497.json new file mode 100644 index 00000000000..983e4c0a2b4 --- /dev/null +++ b/2022/3xxx/CVE-2022-3497.json @@ -0,0 +1,72 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3497", + "TITLE": "SourceCodester Human Resource Management System Master List cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Human Resource Management System", + "version": { + "version_data": [ + { + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been classified as problematic. Affected is an unknown function of the component Master List. The manipulation of the argument city/state/country/position leads to cross site scripting. It is possible to launch the attack remotely. VDB-210786 is the identifier assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.210786", + "refsource": "MISC", + "name": "https://vuldb.com/?id.210786" + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3498.json b/2022/3xxx/CVE-2022-3498.json new file mode 100644 index 00000000000..adb7e6dfa69 --- /dev/null +++ b/2022/3xxx/CVE-2022-3498.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3498", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3499.json b/2022/3xxx/CVE-2022-3499.json new file mode 100644 index 00000000000..04fa99eef51 --- /dev/null +++ b/2022/3xxx/CVE-2022-3499.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3499", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3500.json b/2022/3xxx/CVE-2022-3500.json new file mode 100644 index 00000000000..3c890c12f9c --- /dev/null +++ b/2022/3xxx/CVE-2022-3500.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3500", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3501.json b/2022/3xxx/CVE-2022-3501.json new file mode 100644 index 00000000000..05d2442eda3 --- /dev/null +++ b/2022/3xxx/CVE-2022-3501.json @@ -0,0 +1,98 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "security@otrs.com", + "DATE_PUBLIC": "2022-10-17T07:00:00.000Z", + "ID": "CVE-2022-3501", + "STATE": "PUBLIC", + "TITLE": "Information exposure of template content due to missing check of permissions" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OTRS", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "8.0.x", + "version_value": "8.0.25" + } + ] + } + } + ] + }, + "vendor_name": "Accessing template content without permissions" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Article template contents with sensitive data could be accessed from agents without permissions." + } + ] + }, + "generator": { + "engine": "vulnogram 0.1.0-rc1" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Information Exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://otrs.com/release-notes/otrs-security-advisory-2022-14/", + "name": "https://otrs.com/release-notes/otrs-security-advisory-2022-14/" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to OTRS 8.0.26" + } + ], + "source": { + "advisory": "OSA-2022-14", + "defect": [ + "2022090142001791" + ], + "discovery": "USER" + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3502.json b/2022/3xxx/CVE-2022-3502.json new file mode 100644 index 00000000000..dd3b74baf95 --- /dev/null +++ b/2022/3xxx/CVE-2022-3502.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3502", + "TITLE": "Human Resource Management System Leave cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "Human Resource Management System", + "version": { + "version_data": [ + { + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in Human Resource Management System 1.0. It has been classified as problematic. This affects an unknown part of the component Leave Handler. The manipulation of the argument Reason leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-210831." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/draco1725/POC/blob/main/Exploit/Stored%20Xss", + "refsource": "MISC", + "name": "https://github.com/draco1725/POC/blob/main/Exploit/Stored%20Xss" + }, + { + "url": "https://vuldb.com/?id.210831", + "refsource": "MISC", + "name": "https://vuldb.com/?id.210831" + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3503.json b/2022/3xxx/CVE-2022-3503.json new file mode 100644 index 00000000000..423e6a41b6f --- /dev/null +++ b/2022/3xxx/CVE-2022-3503.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3503", + "TITLE": "SourceCodester Purchase Order Management System Supplier cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Purchase Order Management System", + "version": { + "version_data": [ + { + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in SourceCodester Purchase Order Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the component Supplier Handler. The manipulation of the argument Supplier Name/Address/Contact person/Contact leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210832." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/DisguisedRoot/Exploit/blob/main/Persistent%20XSS/PoC", + "refsource": "MISC", + "name": "https://github.com/DisguisedRoot/Exploit/blob/main/Persistent%20XSS/PoC" + }, + { + "url": "https://vuldb.com/?id.210832", + "refsource": "MISC", + "name": "https://vuldb.com/?id.210832" + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3504.json b/2022/3xxx/CVE-2022-3504.json new file mode 100644 index 00000000000..29ff1e8902e --- /dev/null +++ b/2022/3xxx/CVE-2022-3504.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3504", + "TITLE": "SourceCodester Sanitization Management System sql injection", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Sanitization Management System", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-89 SQL Injection" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in SourceCodester Sanitization Management System and classified as critical. This issue affects some unknown processing of the file /php-sms/?p=services/view_service. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-210839." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "6.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Drun1baby/CVE_Pentest/blob/main/Sanitization%20Management%20System%20Project%20CMS/images/sqli.png", + "refsource": "MISC", + "name": "https://github.com/Drun1baby/CVE_Pentest/blob/main/Sanitization%20Management%20System%20Project%20CMS/images/sqli.png" + }, + { + "url": "https://vuldb.com/?id.210839", + "refsource": "MISC", + "name": "https://vuldb.com/?id.210839" + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3505.json b/2022/3xxx/CVE-2022-3505.json new file mode 100644 index 00000000000..a6b9b34c374 --- /dev/null +++ b/2022/3xxx/CVE-2022-3505.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3505", + "TITLE": "SourceCodester Sanitization Management System cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Sanitization Management System", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in SourceCodester Sanitization Management System. It has been classified as problematic. Affected is an unknown function of the file /php-sms/admin/. The manipulation of the argument page leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210840." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Drun1baby/CVE_Pentest/blob/main/Sanitization%20Management%20System%20Project%20CMS/images/reflectedXSS.png", + "refsource": "MISC", + "name": "https://github.com/Drun1baby/CVE_Pentest/blob/main/Sanitization%20Management%20System%20Project%20CMS/images/reflectedXSS.png" + }, + { + "url": "https://vuldb.com/?id.210840", + "refsource": "MISC", + "name": "https://vuldb.com/?id.210840" + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3506.json b/2022/3xxx/CVE-2022-3506.json new file mode 100644 index 00000000000..cf56ec7a20a --- /dev/null +++ b/2022/3xxx/CVE-2022-3506.json @@ -0,0 +1,89 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2022-3506", + "STATE": "PUBLIC", + "TITLE": "Cross-site Scripting (XSS) - Stored in barrykooij/related-posts-for-wp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "barrykooij/related-posts-for-wp", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2.1.3" + } + ] + } + } + ] + }, + "vendor_name": "barrykooij" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Stored in GitHub repository barrykooij/related-posts-for-wp prior to 2.1.3." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/08251542-88f6-4264-9074-a89984034828", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/08251542-88f6-4264-9074-a89984034828" + }, + { + "name": "https://github.com/barrykooij/related-posts-for-wp/commit/37733398dd88863fc0bdb3d6d378598429fd0b81", + "refsource": "MISC", + "url": "https://github.com/barrykooij/related-posts-for-wp/commit/37733398dd88863fc0bdb3d6d378598429fd0b81" + } + ] + }, + "source": { + "advisory": "08251542-88f6-4264-9074-a89984034828", + "discovery": "EXTERNAL" + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3507.json b/2022/3xxx/CVE-2022-3507.json new file mode 100644 index 00000000000..9bf479900e7 --- /dev/null +++ b/2022/3xxx/CVE-2022-3507.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3507", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3508.json b/2022/3xxx/CVE-2022-3508.json new file mode 100644 index 00000000000..fa7a92a71d0 --- /dev/null +++ b/2022/3xxx/CVE-2022-3508.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3508", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3509.json b/2022/3xxx/CVE-2022-3509.json new file mode 100644 index 00000000000..d532ac0267f --- /dev/null +++ b/2022/3xxx/CVE-2022-3509.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3509", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3510.json b/2022/3xxx/CVE-2022-3510.json new file mode 100644 index 00000000000..8957adacdd5 --- /dev/null +++ b/2022/3xxx/CVE-2022-3510.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3510", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3511.json b/2022/3xxx/CVE-2022-3511.json new file mode 100644 index 00000000000..1d1275ca05f --- /dev/null +++ b/2022/3xxx/CVE-2022-3511.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3511", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3512.json b/2022/3xxx/CVE-2022-3512.json new file mode 100644 index 00000000000..7d5415a81df --- /dev/null +++ b/2022/3xxx/CVE-2022-3512.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3512", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3513.json b/2022/3xxx/CVE-2022-3513.json new file mode 100644 index 00000000000..333f368578b --- /dev/null +++ b/2022/3xxx/CVE-2022-3513.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3513", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3514.json b/2022/3xxx/CVE-2022-3514.json new file mode 100644 index 00000000000..3a7f15c03ef --- /dev/null +++ b/2022/3xxx/CVE-2022-3514.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3514", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3515.json b/2022/3xxx/CVE-2022-3515.json new file mode 100644 index 00000000000..831ff367832 --- /dev/null +++ b/2022/3xxx/CVE-2022-3515.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3515", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3516.json b/2022/3xxx/CVE-2022-3516.json new file mode 100644 index 00000000000..44211514a40 --- /dev/null +++ b/2022/3xxx/CVE-2022-3516.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3516", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3517.json b/2022/3xxx/CVE-2022-3517.json new file mode 100644 index 00000000000..46eef4c1ed5 --- /dev/null +++ b/2022/3xxx/CVE-2022-3517.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3517", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3518.json b/2022/3xxx/CVE-2022-3518.json new file mode 100644 index 00000000000..c8877b47fe4 --- /dev/null +++ b/2022/3xxx/CVE-2022-3518.json @@ -0,0 +1,72 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3518", + "TITLE": "SourceCodester Sanitization Management System User Creation cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Sanitization Management System", + "version": { + "version_data": [ + { + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as problematic has been found in SourceCodester Sanitization Management System 1.0. Affected is an unknown function of the component User Creation Handler. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. It is possible to launch the attack remotely. VDB-211014 is the identifier assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "2.4", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.211014", + "refsource": "MISC", + "name": "https://vuldb.com/?id.211014" + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3519.json b/2022/3xxx/CVE-2022-3519.json new file mode 100644 index 00000000000..8d956b37422 --- /dev/null +++ b/2022/3xxx/CVE-2022-3519.json @@ -0,0 +1,72 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3519", + "TITLE": "SourceCodester Sanitization Management System Quote Requests Tab cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Sanitization Management System", + "version": { + "version_data": [ + { + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as problematic was found in SourceCodester Sanitization Management System 1.0. Affected by this vulnerability is an unknown functionality of the component Quote Requests Tab. The manipulation of the argument Manage Remarks leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-211015." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "2.4", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.211015", + "refsource": "MISC", + "name": "https://vuldb.com/?id.211015" + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3520.json b/2022/3xxx/CVE-2022-3520.json new file mode 100644 index 00000000000..947fdab855c --- /dev/null +++ b/2022/3xxx/CVE-2022-3520.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3520", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3521.json b/2022/3xxx/CVE-2022-3521.json new file mode 100644 index 00000000000..4a7755e05dd --- /dev/null +++ b/2022/3xxx/CVE-2022-3521.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3521", + "TITLE": "Linux Kernel kcm kcmsock.c kcm_tx_work race condition", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-362 Race Condition" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function kcm_tx_work of the file net/kcm/kcmsock.c of the component kcm. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211018 is the identifier assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "2.6", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ec7eede369fe5b0d085ac51fdbb95184f87bfc6c", + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ec7eede369fe5b0d085ac51fdbb95184f87bfc6c" + }, + { + "url": "https://vuldb.com/?id.211018", + "refsource": "MISC", + "name": "https://vuldb.com/?id.211018" + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3522.json b/2022/3xxx/CVE-2022-3522.json new file mode 100644 index 00000000000..e7208d3b559 --- /dev/null +++ b/2022/3xxx/CVE-2022-3522.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3522", + "TITLE": "Linux Kernel hugetlb.c hugetlb_no_page race condition", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-362 Race Condition" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in Linux Kernel and classified as problematic. This issue affects the function hugetlb_no_page of the file mm/hugetlb.c. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211019." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "4.6", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f9bf6c03eca1077cae8de0e6d86427656fa42a9b", + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f9bf6c03eca1077cae8de0e6d86427656fa42a9b" + }, + { + "url": "https://vuldb.com/?id.211019", + "refsource": "MISC", + "name": "https://vuldb.com/?id.211019" + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3523.json b/2022/3xxx/CVE-2022-3523.json new file mode 100644 index 00000000000..8f45a3effd6 --- /dev/null +++ b/2022/3xxx/CVE-2022-3523.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3523", + "TITLE": "Linux Kernel Driver memory.c use after free", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119 Memory Corruption -> CWE-416 Use After Free" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is an unknown function of the file mm/memory.c of the component Driver Handler. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211020." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "5.3", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=16ce101db85db694a91380aa4c89b25530871d33", + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=16ce101db85db694a91380aa4c89b25530871d33" + }, + { + "url": "https://vuldb.com/?id.211020", + "refsource": "MISC", + "name": "https://vuldb.com/?id.211020" + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3524.json b/2022/3xxx/CVE-2022-3524.json new file mode 100644 index 00000000000..74603c97379 --- /dev/null +++ b/2022/3xxx/CVE-2022-3524.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3524", + "TITLE": "Linux Kernel IPv6 ipv6_renew_options memory leak", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-404 Denial of Service -> CWE-401 Memory Leak" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "4.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c52c6bb831f6335c176a0fc7214e26f43adbd11", + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c52c6bb831f6335c176a0fc7214e26f43adbd11" + }, + { + "url": "https://vuldb.com/?id.211021", + "refsource": "MISC", + "name": "https://vuldb.com/?id.211021" + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3525.json b/2022/3xxx/CVE-2022-3525.json new file mode 100644 index 00000000000..415cdcebb19 --- /dev/null +++ b/2022/3xxx/CVE-2022-3525.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3525", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3526.json b/2022/3xxx/CVE-2022-3526.json new file mode 100644 index 00000000000..0f005580679 --- /dev/null +++ b/2022/3xxx/CVE-2022-3526.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3526", + "TITLE": "Linux Kernel skb macvlan.c macvlan_handle_frame memory leak", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-404 Denial of Service -> CWE-401 Memory Leak" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as problematic was found in Linux Kernel. This vulnerability affects the function macvlan_handle_frame of the file drivers/net/macvlan.c of the component skb. The manipulation leads to memory leak. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211024." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "5.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/pabeni/net-next.git/commit/?id=e16b859872b87650bb55b12cca5a5fcdc49c1442", + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/pabeni/net-next.git/commit/?id=e16b859872b87650bb55b12cca5a5fcdc49c1442" + }, + { + "url": "https://vuldb.com/?id.211024", + "refsource": "MISC", + "name": "https://vuldb.com/?id.211024" + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3527.json b/2022/3xxx/CVE-2022-3527.json new file mode 100644 index 00000000000..795051202e7 --- /dev/null +++ b/2022/3xxx/CVE-2022-3527.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3527", + "TITLE": "Linux Kernel iproute2 ipneigh.c ipneigh_get memory leak", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-404 Denial of Service -> CWE-401 Memory Leak" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function ipneigh_get of the file ip/ipneigh.c of the component iproute2. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211025 was assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "4.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/pub/scm/network/iproute2/iproute2-next.git/commit/?id=c5433c4b7a57d380f4cb351316f5ba5ebae9538e", + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/network/iproute2/iproute2-next.git/commit/?id=c5433c4b7a57d380f4cb351316f5ba5ebae9538e" + }, + { + "url": "https://vuldb.com/?id.211025", + "refsource": "MISC", + "name": "https://vuldb.com/?id.211025" + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3528.json b/2022/3xxx/CVE-2022-3528.json new file mode 100644 index 00000000000..388026a59e7 --- /dev/null +++ b/2022/3xxx/CVE-2022-3528.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3528", + "TITLE": "Linux Kernel iproute2 ipmptcp.c mptcp_addr_show memory leak", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-404 Denial of Service -> CWE-401 Memory Leak" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as problematic, was found in Linux Kernel. Affected is the function mptcp_addr_show of the file ip/ipmptcp.c of the component iproute2. The manipulation leads to memory leak. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. VDB-211026 is the identifier assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "4.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/pub/scm/network/iproute2/iproute2-next.git/commit/?id=afdbb0204a5872f1f76058a0db5a529b1f0c8de7", + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/network/iproute2/iproute2-next.git/commit/?id=afdbb0204a5872f1f76058a0db5a529b1f0c8de7" + }, + { + "url": "https://vuldb.com/?id.211026", + "refsource": "MISC", + "name": "https://vuldb.com/?id.211026" + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3529.json b/2022/3xxx/CVE-2022-3529.json new file mode 100644 index 00000000000..d2a120cfa10 --- /dev/null +++ b/2022/3xxx/CVE-2022-3529.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3529", + "TITLE": "Linux Kernel iproute2 fdb.c fdb_get memory leak", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-404 Denial of Service -> CWE-401 Memory Leak" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been found in Linux Kernel and classified as problematic. Affected by this vulnerability is the function fdb_get of the file bridge/fdb.c of the component iproute2. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211027." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "4.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/pub/scm/network/iproute2/iproute2-next.git/commit/?id=6db01afd60748afbba114be2773be338c5be28ff", + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/network/iproute2/iproute2-next.git/commit/?id=6db01afd60748afbba114be2773be338c5be28ff" + }, + { + "url": "https://vuldb.com/?id.211027", + "refsource": "MISC", + "name": "https://vuldb.com/?id.211027" + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3530.json b/2022/3xxx/CVE-2022-3530.json new file mode 100644 index 00000000000..7130478df9b --- /dev/null +++ b/2022/3xxx/CVE-2022-3530.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3530", + "TITLE": "Linux Kernel iproute2 ipaddress.c ipaddr_link_get memory leak", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-404 Denial of Service -> CWE-401 Memory Leak" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in Linux Kernel and classified as problematic. Affected by this issue is the function ipaddr_link_get of the file ip/ipaddress.c of the component iproute2. The manipulation leads to memory leak. The attack may be launched remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211028." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "4.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/pub/scm/network/iproute2/iproute2-next.git/commit/?id=1d540336b026ed5bfe10eefac383db7f434d842f", + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/network/iproute2/iproute2-next.git/commit/?id=1d540336b026ed5bfe10eefac383db7f434d842f" + }, + { + "url": "https://vuldb.com/?id.211028", + "refsource": "MISC", + "name": "https://vuldb.com/?id.211028" + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3531.json b/2022/3xxx/CVE-2022-3531.json new file mode 100644 index 00000000000..95bef7bd07b --- /dev/null +++ b/2022/3xxx/CVE-2022-3531.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3531", + "TITLE": "Linux Kernel BPF kprobe_multi_test.c get_syms memory leak", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-404 Denial of Service -> CWE-401 Memory Leak" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in Linux Kernel. It has been classified as problematic. This affects the function get_syms of the file tools/testing/selftests/bpf/prog_tests/kprobe_multi_test.c of the component BPF. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier VDB-211029 was assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=6d2e21dc4db3933db65293552ecc1ede26febeca", + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=6d2e21dc4db3933db65293552ecc1ede26febeca" + }, + { + "url": "https://vuldb.com/?id.211029", + "refsource": "MISC", + "name": "https://vuldb.com/?id.211029" + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3532.json b/2022/3xxx/CVE-2022-3532.json new file mode 100644 index 00000000000..53168e623c4 --- /dev/null +++ b/2022/3xxx/CVE-2022-3532.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3532", + "TITLE": "Linux Kernel BPF test_fentry memory leak", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-404 Denial of Service -> CWE-401 Memory Leak" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function test_map_kptr_success/test_fentry of the component BPF. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211030 is the identifier assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=6e8280b958c5d7edc514cf347a800b23b7732b2b", + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=6e8280b958c5d7edc514cf347a800b23b7732b2b" + }, + { + "url": "https://vuldb.com/?id.211030", + "refsource": "MISC", + "name": "https://vuldb.com/?id.211030" + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3533.json b/2022/3xxx/CVE-2022-3533.json new file mode 100644 index 00000000000..825a1f527cb --- /dev/null +++ b/2022/3xxx/CVE-2022-3533.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3533", + "TITLE": "Linux Kernel BPF usdt.c parse_usdt_arg memory leak", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-404 Denial of Service -> CWE-401 Memory Leak" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in Linux Kernel. It has been rated as problematic. This issue affects the function parse_usdt_arg of the file tools/lib/bpf/usdt.c of the component BPF. The manipulation of the argument reg_name leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211031." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=0dc9254e03704c75f2ebc9cbef2ce4de83fba603", + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=0dc9254e03704c75f2ebc9cbef2ce4de83fba603" + }, + { + "url": "https://vuldb.com/?id.211031", + "refsource": "MISC", + "name": "https://vuldb.com/?id.211031" + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3534.json b/2022/3xxx/CVE-2022-3534.json new file mode 100644 index 00000000000..88733a406f0 --- /dev/null +++ b/2022/3xxx/CVE-2022-3534.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3534", + "TITLE": "Linux Kernel libbpf btf_dump.c btf_dump_name_dups use after free", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119 Memory Corruption -> CWE-416 Use After Free" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as critical has been found in Linux Kernel. Affected is the function btf_dump_name_dups of the file tools/lib/bpf/btf_dump.c of the component libbpf. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211032." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "5.5", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=93c660ca40b5d2f7c1b1626e955a8e9fa30e0749", + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=93c660ca40b5d2f7c1b1626e955a8e9fa30e0749" + }, + { + "url": "https://vuldb.com/?id.211032", + "refsource": "MISC", + "name": "https://vuldb.com/?id.211032" + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3535.json b/2022/3xxx/CVE-2022-3535.json new file mode 100644 index 00000000000..3fc0fc23dc7 --- /dev/null +++ b/2022/3xxx/CVE-2022-3535.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3535", + "TITLE": "Linux Kernel mvpp2 mvpp2_debugfs.c mvpp2_dbgfs_port_init memory leak", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-404 Denial of Service -> CWE-401 Memory Leak" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as problematic was found in Linux Kernel. Affected by this vulnerability is the function mvpp2_dbgfs_port_init of the file drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c of the component mvpp2. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier VDB-211033 was assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=0152dfee235e87660f52a117fc9f70dc55956bb4", + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=0152dfee235e87660f52a117fc9f70dc55956bb4" + }, + { + "url": "https://vuldb.com/?id.211033", + "refsource": "MISC", + "name": "https://vuldb.com/?id.211033" + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3536.json b/2022/3xxx/CVE-2022-3536.json new file mode 100644 index 00000000000..bba9f73d8d0 --- /dev/null +++ b/2022/3xxx/CVE-2022-3536.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3536", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3537.json b/2022/3xxx/CVE-2022-3537.json new file mode 100644 index 00000000000..9db01da140b --- /dev/null +++ b/2022/3xxx/CVE-2022-3537.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3537", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3538.json b/2022/3xxx/CVE-2022-3538.json new file mode 100644 index 00000000000..12bb55180e6 --- /dev/null +++ b/2022/3xxx/CVE-2022-3538.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3538", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3539.json b/2022/3xxx/CVE-2022-3539.json new file mode 100644 index 00000000000..ed4647db75e --- /dev/null +++ b/2022/3xxx/CVE-2022-3539.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3539", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3540.json b/2022/3xxx/CVE-2022-3540.json new file mode 100644 index 00000000000..1c87efd3be2 --- /dev/null +++ b/2022/3xxx/CVE-2022-3540.json @@ -0,0 +1,89 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3540", + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "The hunter2 Contributors", + "product": { + "product_data": [ + { + "product_name": "hunter2", + "version": { + "version_data": [ + { + "version_value": "<2.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information exposure in hunter2" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/hunter2.app/hunter2/-/issues/529", + "url": "https://gitlab.com/hunter2.app/hunter2/-/issues/529", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3540.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3540.json", + "refsource": "CONFIRM" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue has been discovered in hunter2 affecting all versions before 2.1.0. Improper handling of auto-completion input allows an authenticated attacker to extract other users email addresses" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Richard Connon " + } + ] +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3541.json b/2022/3xxx/CVE-2022-3541.json new file mode 100644 index 00000000000..eb01b1e5dd9 --- /dev/null +++ b/2022/3xxx/CVE-2022-3541.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3541", + "TITLE": "Linux Kernel BPF spl2sw_driver.c spl2sw_nvmem_get_mac_address use after free", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119 Memory Corruption -> CWE-416 Use After Free" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as critical has been found in Linux Kernel. This affects the function spl2sw_nvmem_get_mac_address of the file drivers/net/ethernet/sunplus/spl2sw_driver.c of the component BPF. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211041 was assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "5.5", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=12aece8b01507a2d357a1861f470e83621fbb6f2", + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=12aece8b01507a2d357a1861f470e83621fbb6f2" + }, + { + "url": "https://vuldb.com/?id.211041", + "refsource": "MISC", + "name": "https://vuldb.com/?id.211041" + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3542.json b/2022/3xxx/CVE-2022-3542.json new file mode 100644 index 00000000000..2802bda4f5f --- /dev/null +++ b/2022/3xxx/CVE-2022-3542.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3542", + "TITLE": "Linux Kernel BPF bnx2x_cmn.c bnx2x_tpa_stop memory leak", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-404 Denial of Service -> CWE-401 Memory Leak" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as problematic was found in Linux Kernel. This vulnerability affects the function bnx2x_tpa_stop of the file drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c of the component BPF. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211042 is the identifier assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=b43f9acbb8942b05252be83ac25a81cec70cc192", + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=b43f9acbb8942b05252be83ac25a81cec70cc192" + }, + { + "url": "https://vuldb.com/?id.211042", + "refsource": "MISC", + "name": "https://vuldb.com/?id.211042" + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3543.json b/2022/3xxx/CVE-2022-3543.json new file mode 100644 index 00000000000..92bd2a4d407 --- /dev/null +++ b/2022/3xxx/CVE-2022-3543.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3543", + "TITLE": "Linux Kernel BPF af_unix.c unix_release_sock memory leak", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-404 Denial of Service -> CWE-401 Memory Leak" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function unix_sock_destructor/unix_release_sock of the file net/unix/af_unix.c of the component BPF. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211043." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=7a62ed61367b8fd01bae1e18e30602c25060d824", + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=7a62ed61367b8fd01bae1e18e30602c25060d824" + }, + { + "url": "https://vuldb.com/?id.211043", + "refsource": "MISC", + "name": "https://vuldb.com/?id.211043" + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3544.json b/2022/3xxx/CVE-2022-3544.json new file mode 100644 index 00000000000..d077994b507 --- /dev/null +++ b/2022/3xxx/CVE-2022-3544.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3544", + "TITLE": "Linux Kernel Netfilter sysfs.c damon_sysfs_add_target memory leak", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-404 Denial of Service -> CWE-401 Memory Leak" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as problematic, was found in Linux Kernel. Affected is the function damon_sysfs_add_target of the file mm/damon/sysfs.c of the component Netfilter. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211044." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next.git/commit/?id=1c8e2349f2d033f634d046063b704b2ca6c46972", + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next.git/commit/?id=1c8e2349f2d033f634d046063b704b2ca6c46972" + }, + { + "url": "https://vuldb.com/?id.211044", + "refsource": "MISC", + "name": "https://vuldb.com/?id.211044" + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3545.json b/2022/3xxx/CVE-2022-3545.json new file mode 100644 index 00000000000..1650b3fcf84 --- /dev/null +++ b/2022/3xxx/CVE-2022-3545.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3545", + "TITLE": "Linux Kernel IPsec nfp_cppcore.c area_cache_get use after free", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119 Memory Corruption -> CWE-416 Use After Free" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "5.5", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=02e1a114fdb71e59ee6770294166c30d437bf86a", + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=02e1a114fdb71e59ee6770294166c30d437bf86a" + }, + { + "url": "https://vuldb.com/?id.211045", + "refsource": "MISC", + "name": "https://vuldb.com/?id.211045" + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3546.json b/2022/3xxx/CVE-2022-3546.json new file mode 100644 index 00000000000..97e4e53e485 --- /dev/null +++ b/2022/3xxx/CVE-2022-3546.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3546", + "TITLE": "SourceCodester Simple Cold Storage Management System Create User cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Simple Cold Storage Management System", + "version": { + "version_data": [ + { + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /csms/admin/?page=user/list of the component Create User Handler. The manipulation of the argument First Name/Last Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-211046 is the identifier assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "2.4", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/thehackingverse/Stored-xss-/blob/main/Poc", + "refsource": "MISC", + "name": "https://github.com/thehackingverse/Stored-xss-/blob/main/Poc" + }, + { + "url": "https://vuldb.com/?id.211046", + "refsource": "MISC", + "name": "https://vuldb.com/?id.211046" + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3547.json b/2022/3xxx/CVE-2022-3547.json new file mode 100644 index 00000000000..11b6402ec90 --- /dev/null +++ b/2022/3xxx/CVE-2022-3547.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3547", + "TITLE": "SourceCodester Simple Cold Storage Management System Setting cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Simple Cold Storage Management System", + "version": { + "version_data": [ + { + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /csms/admin/?page=system_info of the component Setting Handler. The manipulation of the argument System Name/System Short Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-211047." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "2.4", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/lakshaya0557/POCs/blob/main/POC", + "refsource": "MISC", + "name": "https://github.com/lakshaya0557/POCs/blob/main/POC" + }, + { + "url": "https://vuldb.com/?id.211047", + "refsource": "MISC", + "name": "https://vuldb.com/?id.211047" + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3548.json b/2022/3xxx/CVE-2022-3548.json new file mode 100644 index 00000000000..d7596e36a01 --- /dev/null +++ b/2022/3xxx/CVE-2022-3548.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3548", + "TITLE": "SourceCodester Simple Cold Storage Management System Add New Storage cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Simple Cold Storage Management System", + "version": { + "version_data": [ + { + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the component Add New Storage Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-211048." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "2.4", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Ramansh123454/POCs/blob/main/POC", + "refsource": "MISC", + "name": "https://github.com/Ramansh123454/POCs/blob/main/POC" + }, + { + "url": "https://vuldb.com/?id.211048", + "refsource": "MISC", + "name": "https://vuldb.com/?id.211048" + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3549.json b/2022/3xxx/CVE-2022-3549.json new file mode 100644 index 00000000000..a4a33be81a2 --- /dev/null +++ b/2022/3xxx/CVE-2022-3549.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3549", + "TITLE": "SourceCodester Simple Cold Storage Management System Avatar unrestricted upload", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Simple Cold Storage Management System", + "version": { + "version_data": [ + { + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-266 Incorrect Privilege Assignment -> CWE-284 Improper Access Controls -> CWE-434 Unrestricted Upload" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /csms/admin/?page=user/manage_user of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211049 was assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "4.7", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Ramansh123454/POCs/blob/main/CSMS_RCE", + "refsource": "MISC", + "name": "https://github.com/Ramansh123454/POCs/blob/main/CSMS_RCE" + }, + { + "url": "https://vuldb.com/?id.211049", + "refsource": "MISC", + "name": "https://vuldb.com/?id.211049" + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3550.json b/2022/3xxx/CVE-2022-3550.json new file mode 100644 index 00000000000..56a03b2a73e --- /dev/null +++ b/2022/3xxx/CVE-2022-3550.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3550", + "TITLE": "X.org Server xkb.c _GetCountedString buffer overflow", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "X.org", + "product": { + "product_data": [ + { + "product_name": "Server", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119 Memory Corruption -> CWE-120 Buffer Overflow" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211051." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "5.5", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://cgit.freedesktop.org/xorg/xserver/commit/?id=11beef0b7f1ed290348e45618e5fa0d2bffcb72e", + "refsource": "MISC", + "name": "https://cgit.freedesktop.org/xorg/xserver/commit/?id=11beef0b7f1ed290348e45618e5fa0d2bffcb72e" + }, + { + "url": "https://vuldb.com/?id.211051", + "refsource": "MISC", + "name": "https://vuldb.com/?id.211051" + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3551.json b/2022/3xxx/CVE-2022-3551.json new file mode 100644 index 00000000000..ddcb9a1c402 --- /dev/null +++ b/2022/3xxx/CVE-2022-3551.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3551", + "TITLE": "X.org Server xkb.c ProcXkbGetKbdByName memory leak", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "X.org", + "product": { + "product_data": [ + { + "product_name": "Server", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-404 Denial of Service -> CWE-401 Memory Leak" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211052." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://cgit.freedesktop.org/xorg/xserver/commit/?id=18f91b950e22c2a342a4fbc55e9ddf7534a707d2", + "refsource": "MISC", + "name": "https://cgit.freedesktop.org/xorg/xserver/commit/?id=18f91b950e22c2a342a4fbc55e9ddf7534a707d2" + }, + { + "url": "https://vuldb.com/?id.211052", + "refsource": "MISC", + "name": "https://vuldb.com/?id.211052" + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3552.json b/2022/3xxx/CVE-2022-3552.json new file mode 100644 index 00000000000..80a91fe342b --- /dev/null +++ b/2022/3xxx/CVE-2022-3552.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3552", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3553.json b/2022/3xxx/CVE-2022-3553.json new file mode 100644 index 00000000000..1aa09fec2d4 --- /dev/null +++ b/2022/3xxx/CVE-2022-3553.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3553", + "TITLE": "X.org Server xquartz X11Controller.m denial of service", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "X.org", + "product": { + "product_data": [ + { + "product_name": "Server", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-404 Denial of Service" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as problematic, was found in X.org Server. This affects an unknown part of the file hw/xquartz/X11Controller.m of the component xquartz. The manipulation leads to denial of service. It is recommended to apply a patch to fix this issue. The identifier VDB-211053 was assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://cgit.freedesktop.org/xorg/xserver/commit/?id=dfd057996b26420309c324ec844a5ba6dd07eda3", + "refsource": "MISC", + "name": "https://cgit.freedesktop.org/xorg/xserver/commit/?id=dfd057996b26420309c324ec844a5ba6dd07eda3" + }, + { + "url": "https://vuldb.com/?id.211053", + "refsource": "MISC", + "name": "https://vuldb.com/?id.211053" + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3554.json b/2022/3xxx/CVE-2022-3554.json new file mode 100644 index 00000000000..b0b1a3ce1e9 --- /dev/null +++ b/2022/3xxx/CVE-2022-3554.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3554", + "TITLE": "X.org libX11 imsClbk.c _XimRegisterIMInstantiateCallback memory leak", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "X.org", + "product": { + "product_data": [ + { + "product_name": "libX11", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-404 Denial of Service -> CWE-401 Memory Leak" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been found in X.org libX11 and classified as problematic. This vulnerability affects the function _XimRegisterIMInstantiateCallback of the file modules/im/ximcp/imsClbk.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211054 is the identifier assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=1d11822601fd24a396b354fa616b04ed3df8b4ef", + "refsource": "MISC", + "name": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=1d11822601fd24a396b354fa616b04ed3df8b4ef" + }, + { + "url": "https://vuldb.com/?id.211054", + "refsource": "MISC", + "name": "https://vuldb.com/?id.211054" + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3555.json b/2022/3xxx/CVE-2022-3555.json new file mode 100644 index 00000000000..752375ad59a --- /dev/null +++ b/2022/3xxx/CVE-2022-3555.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3555", + "TITLE": "X.org libX11 xcb_disp.c _XFreeX11XCBStructure memory leak", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "X.org", + "product": { + "product_data": [ + { + "product_name": "libX11", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-404 Denial of Service -> CWE-401 Memory Leak" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in X.org libX11 and classified as problematic. This issue affects the function _XFreeX11XCBStructure of the file xcb_disp.c. The manipulation of the argument dpy leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211055." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8a368d808fec166b5fb3dfe6312aab22c7ee20af", + "refsource": "MISC", + "name": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8a368d808fec166b5fb3dfe6312aab22c7ee20af" + }, + { + "url": "https://vuldb.com/?id.211055", + "refsource": "MISC", + "name": "https://vuldb.com/?id.211055" + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3556.json b/2022/3xxx/CVE-2022-3556.json new file mode 100644 index 00000000000..6ce156e8232 --- /dev/null +++ b/2022/3xxx/CVE-2022-3556.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3556", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3557.json b/2022/3xxx/CVE-2022-3557.json new file mode 100644 index 00000000000..102758f746e --- /dev/null +++ b/2022/3xxx/CVE-2022-3557.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3557", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3558.json b/2022/3xxx/CVE-2022-3558.json new file mode 100644 index 00000000000..392a6dcd348 --- /dev/null +++ b/2022/3xxx/CVE-2022-3558.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3558", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3559.json b/2022/3xxx/CVE-2022-3559.json new file mode 100644 index 00000000000..c21c90fd268 --- /dev/null +++ b/2022/3xxx/CVE-2022-3559.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3559", + "TITLE": "Exim Regex use after free", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "Exim", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119 Memory Corruption -> CWE-416 Use After Free" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in Exim and classified as critical. This issue affects some unknown processing of the component Regex Handler. The manipulation leads to use after free. The name of the patch is 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2. It is recommended to apply a patch to fix this issue. The identifier VDB-211073 was assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "5.5", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.exim.org/exim.git/commit/4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2", + "refsource": "MISC", + "name": "https://git.exim.org/exim.git/commit/4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2" + }, + { + "url": "https://vuldb.com/?id.211073", + "refsource": "MISC", + "name": "https://vuldb.com/?id.211073" + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3560.json b/2022/3xxx/CVE-2022-3560.json new file mode 100644 index 00000000000..0e8d0e40ffb --- /dev/null +++ b/2022/3xxx/CVE-2022-3560.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3560", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3561.json b/2022/3xxx/CVE-2022-3561.json new file mode 100644 index 00000000000..709bff227cd --- /dev/null +++ b/2022/3xxx/CVE-2022-3561.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3561", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3562.json b/2022/3xxx/CVE-2022-3562.json new file mode 100644 index 00000000000..575f4dc44eb --- /dev/null +++ b/2022/3xxx/CVE-2022-3562.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3562", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3563.json b/2022/3xxx/CVE-2022-3563.json new file mode 100644 index 00000000000..03aede7ef5b --- /dev/null +++ b/2022/3xxx/CVE-2022-3563.json @@ -0,0 +1,73 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3563", + "TITLE": "Linux Kernel BlueZ mgmt-tester.c read_50_controller_cap_complete null pointer dereference", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-404 Denial of Service -> CWE-476 NULL Pointer Dereference" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function read_50_controller_cap_complete of the file tools\/mgmt-tester.c of the component BlueZ. The manipulation of the argument cap_len leads to null pointer dereference. It is recommended to apply a patch to fix this issue. VDB-211086 is the identifier assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1\/AV:A\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/git.kernel.org\/pub\/scm\/bluetooth\/bluez.git\/commit\/?id=e3c92f1f786f0b55440bd908b55894d0c792cf0e" + }, + { + "url": "https:\/\/vuldb.com\/?id.211086" + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3564.json b/2022/3xxx/CVE-2022-3564.json new file mode 100644 index 00000000000..360fa85f429 --- /dev/null +++ b/2022/3xxx/CVE-2022-3564.json @@ -0,0 +1,73 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3564", + "TITLE": "Linux Kernel Bluetooth l2cap_core.c l2cap_reassemble_sdu use after free", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119 Memory Corruption -> CWE-416 Use After Free" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net\/bluetooth\/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "5.5", + "vectorString": "CVSS:3.1\/AV:A\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/git.kernel.org\/pub\/scm\/linux\/kernel\/git\/bluetooth\/bluetooth-next.git\/commit\/?id=89f9f3cb86b1c63badaf392a83dd661d56cc50b1" + }, + { + "url": "https:\/\/vuldb.com\/?id.211087" + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3565.json b/2022/3xxx/CVE-2022-3565.json new file mode 100644 index 00000000000..d2b05ada098 --- /dev/null +++ b/2022/3xxx/CVE-2022-3565.json @@ -0,0 +1,73 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3565", + "TITLE": "Linux Kernel Bluetooth l1oip_core.c del_timer use after free", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119 Memory Corruption -> CWE-416 Use After Free" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers\/isdn\/mISDN\/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "4.6", + "vectorString": "CVSS:3.1\/AV:A\/AC:H\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/git.kernel.org\/pub\/scm\/linux\/kernel\/git\/bluetooth\/bluetooth-next.git\/commit\/?id=2568a7e0832ee30b0a351016d03062ab4e0e0a3f" + }, + { + "url": "https:\/\/vuldb.com\/?id.211088" + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3566.json b/2022/3xxx/CVE-2022-3566.json new file mode 100644 index 00000000000..da02b5e5164 --- /dev/null +++ b/2022/3xxx/CVE-2022-3566.json @@ -0,0 +1,73 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3566", + "TITLE": "Linux Kernel TCP tcp_setsockopt race condition", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-362 Race Condition" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcp_getsockopt\/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier VDB-211089 was assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "4.6", + "vectorString": "CVSS:3.1\/AV:A\/AC:H\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/git.kernel.org\/pub\/scm\/linux\/kernel\/git\/stable\/linux.git\/commit\/?id=f49cd2f4d6170d27a2c61f1fecb03d8a70c91f57" + }, + { + "url": "https:\/\/vuldb.com\/?id.211089" + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3567.json b/2022/3xxx/CVE-2022-3567.json new file mode 100644 index 00000000000..074306fedd4 --- /dev/null +++ b/2022/3xxx/CVE-2022-3567.json @@ -0,0 +1,73 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3567", + "TITLE": "Linux Kernel IPv6 inet6_dgram_ops race condition", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-362 Race Condition" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6_stream_ops\/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "4.6", + "vectorString": "CVSS:3.1\/AV:A\/AC:H\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/git.kernel.org\/pub\/scm\/linux\/kernel\/git\/stable\/linux.git\/commit\/?id=364f997b5cfe1db0d63a390fe7c801fa2b3115f6" + }, + { + "url": "https:\/\/vuldb.com\/?id.211090" + } + ] + } +} \ No newline at end of file diff --git a/2022/40xxx/CVE-2022-40055.json b/2022/40xxx/CVE-2022-40055.json index 399a9734da4..c7183d343e2 100644 --- a/2022/40xxx/CVE-2022-40055.json +++ b/2022/40xxx/CVE-2022-40055.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-40055", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-40055", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in GX Group GPON ONT Titanium 2122A T2122-V1.26EXL allows attackers to escalate privileges via a brute force attack at the login page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://gpon.com", + "refsource": "MISC", + "name": "http://gpon.com" + }, + { + "url": "http://gx.com", + "refsource": "MISC", + "name": "http://gx.com" + }, + { + "refsource": "MISC", + "name": "https://blog.alphathreat.in/index.php?post/2022/10/01/Achieving-CVE-2022-40055", + "url": "https://blog.alphathreat.in/index.php?post/2022/10/01/Achieving-CVE-2022-40055" } ] } diff --git a/2022/40xxx/CVE-2022-40187.json b/2022/40xxx/CVE-2022-40187.json index 30970e8329a..5099139d6c5 100644 --- a/2022/40xxx/CVE-2022-40187.json +++ b/2022/40xxx/CVE-2022-40187.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-40187", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-40187", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Foresight GC3 Launch Monitor 1.3.15.68 ships with a Target Communication Framework (TCF) service enabled. This service listens on a TCP port on all interfaces and allows for process debugging, file system modification, and terminal access as the root user. In conjunction with a hosted wireless access point and the known passphrase of FSSPORTS, an attacker could use this service to modify a device and steal intellectual property." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.eclipse.org/TCF", + "refsource": "MISC", + "name": "https://wiki.eclipse.org/TCF" + }, + { + "url": "https://www.foresightsports.com/gc3", + "refsource": "MISC", + "name": "https://www.foresightsports.com/gc3" + }, + { + "refsource": "MISC", + "name": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2022-0003.md", + "url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2022-0003.md" + }, + { + "refsource": "MISC", + "name": "https://www.bushnellgolf.com/products/launch-monitors/launch-pro/", + "url": "https://www.bushnellgolf.com/products/launch-monitors/launch-pro/" } ] } diff --git a/2022/40xxx/CVE-2022-40664.json b/2022/40xxx/CVE-2022-40664.json index 11e898836b6..54d7ff7376d 100644 --- a/2022/40xxx/CVE-2022-40664.json +++ b/2022/40xxx/CVE-2022-40664.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[oss-security] 20221012 Re: CVE-2022-40664: Apache Shiro: Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher", "url": "http://www.openwall.com/lists/oss-security/2022/10/12/2" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221012 Re: CVE-2022-40664: Apache Shiro: Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher", + "url": "http://www.openwall.com/lists/oss-security/2022/10/13/1" } ] }, diff --git a/2022/40xxx/CVE-2022-40674.json b/2022/40xxx/CVE-2022-40674.json index a1516e2565a..9d7c65315ed 100644 --- a/2022/40xxx/CVE-2022-40674.json +++ b/2022/40xxx/CVE-2022-40674.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-15ec504440", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2ZKEPGFCZ7R6DRVH3K6RBJPT42ZBEG/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-c68d90efc3", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J2IGJNHFV53PYST7VQV3T4NHVYAMXA36/" } ] } diff --git a/2022/40xxx/CVE-2022-40768.json b/2022/40xxx/CVE-2022-40768.json index 9a99004738b..3d73583e306 100644 --- a/2022/40xxx/CVE-2022-40768.json +++ b/2022/40xxx/CVE-2022-40768.json @@ -71,6 +71,16 @@ "refsource": "MLIST", "name": "[oss-security] 20220919 Re: Linux kernel: information disclosure in stex_queuecommand_lck", "url": "http://www.openwall.com/lists/oss-security/2022/09/19/1" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-2cfbe17910", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-b948fc3cfb", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/" } ] } diff --git a/2022/41xxx/CVE-2022-41166.json b/2022/41xxx/CVE-2022-41166.json index 8c143c64538..3c7c26b05ea 100644 --- a/2022/41xxx/CVE-2022-41166.json +++ b/2022/41xxx/CVE-2022-41166.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "9" } ] diff --git a/2022/41xxx/CVE-2022-41167.json b/2022/41xxx/CVE-2022-41167.json index 9142b9f89c5..fa3fcf80464 100644 --- a/2022/41xxx/CVE-2022-41167.json +++ b/2022/41xxx/CVE-2022-41167.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "9" } ] diff --git a/2022/41xxx/CVE-2022-41168.json b/2022/41xxx/CVE-2022-41168.json index 180a90272d8..2f8082c0b4f 100644 --- a/2022/41xxx/CVE-2022-41168.json +++ b/2022/41xxx/CVE-2022-41168.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "9" } ] diff --git a/2022/41xxx/CVE-2022-41169.json b/2022/41xxx/CVE-2022-41169.json index e3b41024c48..29921cb4908 100644 --- a/2022/41xxx/CVE-2022-41169.json +++ b/2022/41xxx/CVE-2022-41169.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "9" } ] diff --git a/2022/41xxx/CVE-2022-41170.json b/2022/41xxx/CVE-2022-41170.json index a25eadda022..7890c0e4c94 100644 --- a/2022/41xxx/CVE-2022-41170.json +++ b/2022/41xxx/CVE-2022-41170.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "9" } ] diff --git a/2022/41xxx/CVE-2022-41171.json b/2022/41xxx/CVE-2022-41171.json index 1d5cd6dbd1c..32ff7f05dbb 100644 --- a/2022/41xxx/CVE-2022-41171.json +++ b/2022/41xxx/CVE-2022-41171.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "9" } ] diff --git a/2022/41xxx/CVE-2022-41172.json b/2022/41xxx/CVE-2022-41172.json index 17c39c022c1..bf52bb290e6 100644 --- a/2022/41xxx/CVE-2022-41172.json +++ b/2022/41xxx/CVE-2022-41172.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "9" } ] diff --git a/2022/41xxx/CVE-2022-41173.json b/2022/41xxx/CVE-2022-41173.json index 8f7363f100a..9e01ed26b45 100644 --- a/2022/41xxx/CVE-2022-41173.json +++ b/2022/41xxx/CVE-2022-41173.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "9" } ] diff --git a/2022/41xxx/CVE-2022-41174.json b/2022/41xxx/CVE-2022-41174.json index 680956fc797..91ae93253ac 100644 --- a/2022/41xxx/CVE-2022-41174.json +++ b/2022/41xxx/CVE-2022-41174.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "9" } ] diff --git a/2022/41xxx/CVE-2022-41175.json b/2022/41xxx/CVE-2022-41175.json index 8cfb4758754..065e8fc8a90 100644 --- a/2022/41xxx/CVE-2022-41175.json +++ b/2022/41xxx/CVE-2022-41175.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "9" } ] diff --git a/2022/41xxx/CVE-2022-41176.json b/2022/41xxx/CVE-2022-41176.json index 8e2aea7f4f6..7cb9afb685d 100644 --- a/2022/41xxx/CVE-2022-41176.json +++ b/2022/41xxx/CVE-2022-41176.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "9" } ] diff --git a/2022/41xxx/CVE-2022-41177.json b/2022/41xxx/CVE-2022-41177.json index b551492ab2e..4be2aaaae5a 100644 --- a/2022/41xxx/CVE-2022-41177.json +++ b/2022/41xxx/CVE-2022-41177.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "9" } ] diff --git a/2022/41xxx/CVE-2022-41178.json b/2022/41xxx/CVE-2022-41178.json index a23a7307608..acab8a200ff 100644 --- a/2022/41xxx/CVE-2022-41178.json +++ b/2022/41xxx/CVE-2022-41178.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "9" } ] diff --git a/2022/41xxx/CVE-2022-41179.json b/2022/41xxx/CVE-2022-41179.json index e869e04a996..1e41c50d47b 100644 --- a/2022/41xxx/CVE-2022-41179.json +++ b/2022/41xxx/CVE-2022-41179.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "9" } ] diff --git a/2022/41xxx/CVE-2022-41180.json b/2022/41xxx/CVE-2022-41180.json index a7473656532..f4c931ac7c8 100644 --- a/2022/41xxx/CVE-2022-41180.json +++ b/2022/41xxx/CVE-2022-41180.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "9" } ] diff --git a/2022/41xxx/CVE-2022-41181.json b/2022/41xxx/CVE-2022-41181.json index 9c11e8c6bbd..cb118405bb8 100644 --- a/2022/41xxx/CVE-2022-41181.json +++ b/2022/41xxx/CVE-2022-41181.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "9" } ] diff --git a/2022/41xxx/CVE-2022-41182.json b/2022/41xxx/CVE-2022-41182.json index cf786648258..506dc5e7e70 100644 --- a/2022/41xxx/CVE-2022-41182.json +++ b/2022/41xxx/CVE-2022-41182.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "9" } ] diff --git a/2022/41xxx/CVE-2022-41183.json b/2022/41xxx/CVE-2022-41183.json index 77cc4901fdc..0b6cbd667bc 100644 --- a/2022/41xxx/CVE-2022-41183.json +++ b/2022/41xxx/CVE-2022-41183.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "9" } ] diff --git a/2022/41xxx/CVE-2022-41184.json b/2022/41xxx/CVE-2022-41184.json index 8a9aec5bc78..d5863680b3e 100644 --- a/2022/41xxx/CVE-2022-41184.json +++ b/2022/41xxx/CVE-2022-41184.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "9" } ] diff --git a/2022/41xxx/CVE-2022-41185.json b/2022/41xxx/CVE-2022-41185.json index 80d8bc5da64..5cf1c236959 100644 --- a/2022/41xxx/CVE-2022-41185.json +++ b/2022/41xxx/CVE-2022-41185.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "9" } ] diff --git a/2022/41xxx/CVE-2022-41186.json b/2022/41xxx/CVE-2022-41186.json index 5ef56b6e2c0..3c4e348fd48 100644 --- a/2022/41xxx/CVE-2022-41186.json +++ b/2022/41xxx/CVE-2022-41186.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "9" } ] diff --git a/2022/41xxx/CVE-2022-41187.json b/2022/41xxx/CVE-2022-41187.json index a28f83f9710..77381285bf0 100644 --- a/2022/41xxx/CVE-2022-41187.json +++ b/2022/41xxx/CVE-2022-41187.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "9" } ] diff --git a/2022/41xxx/CVE-2022-41188.json b/2022/41xxx/CVE-2022-41188.json index 45177c1c1d1..5d3ec2c3fa1 100644 --- a/2022/41xxx/CVE-2022-41188.json +++ b/2022/41xxx/CVE-2022-41188.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "9" } ] diff --git a/2022/41xxx/CVE-2022-41189.json b/2022/41xxx/CVE-2022-41189.json index 6722da3c386..6d876cfbc16 100644 --- a/2022/41xxx/CVE-2022-41189.json +++ b/2022/41xxx/CVE-2022-41189.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "9" } ] diff --git a/2022/41xxx/CVE-2022-41190.json b/2022/41xxx/CVE-2022-41190.json index 8be966439b0..6b9044bbc79 100644 --- a/2022/41xxx/CVE-2022-41190.json +++ b/2022/41xxx/CVE-2022-41190.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "9" } ] diff --git a/2022/41xxx/CVE-2022-41191.json b/2022/41xxx/CVE-2022-41191.json index 6b1e03cbc6f..984b8f60900 100644 --- a/2022/41xxx/CVE-2022-41191.json +++ b/2022/41xxx/CVE-2022-41191.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "9" } ] diff --git a/2022/41xxx/CVE-2022-41192.json b/2022/41xxx/CVE-2022-41192.json index 510cbf2cd0e..e97e647319c 100644 --- a/2022/41xxx/CVE-2022-41192.json +++ b/2022/41xxx/CVE-2022-41192.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "9" } ] diff --git a/2022/41xxx/CVE-2022-41193.json b/2022/41xxx/CVE-2022-41193.json index 69ce0bef14a..2ce2c625835 100644 --- a/2022/41xxx/CVE-2022-41193.json +++ b/2022/41xxx/CVE-2022-41193.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "9" } ] diff --git a/2022/41xxx/CVE-2022-41194.json b/2022/41xxx/CVE-2022-41194.json index 792c2d1dd61..3066999cbfd 100644 --- a/2022/41xxx/CVE-2022-41194.json +++ b/2022/41xxx/CVE-2022-41194.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "9" } ] diff --git a/2022/41xxx/CVE-2022-41195.json b/2022/41xxx/CVE-2022-41195.json index accdbcc3f57..e56b433c103 100644 --- a/2022/41xxx/CVE-2022-41195.json +++ b/2022/41xxx/CVE-2022-41195.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "9" } ] diff --git a/2022/41xxx/CVE-2022-41196.json b/2022/41xxx/CVE-2022-41196.json index a87e7c99a28..0ce619242f1 100644 --- a/2022/41xxx/CVE-2022-41196.json +++ b/2022/41xxx/CVE-2022-41196.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "9" } ] diff --git a/2022/41xxx/CVE-2022-41197.json b/2022/41xxx/CVE-2022-41197.json index 812aebec9eb..a5fbfda6795 100644 --- a/2022/41xxx/CVE-2022-41197.json +++ b/2022/41xxx/CVE-2022-41197.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "9" } ] diff --git a/2022/41xxx/CVE-2022-41198.json b/2022/41xxx/CVE-2022-41198.json index 0b7f8cd5fa4..ff1ea9cbbe9 100644 --- a/2022/41xxx/CVE-2022-41198.json +++ b/2022/41xxx/CVE-2022-41198.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "9" } ] diff --git a/2022/41xxx/CVE-2022-41199.json b/2022/41xxx/CVE-2022-41199.json index 852fc6ab030..21a4dfa06a1 100644 --- a/2022/41xxx/CVE-2022-41199.json +++ b/2022/41xxx/CVE-2022-41199.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "9" } ] diff --git a/2022/41xxx/CVE-2022-41200.json b/2022/41xxx/CVE-2022-41200.json index a68ec82ba00..3743c1e4c07 100644 --- a/2022/41xxx/CVE-2022-41200.json +++ b/2022/41xxx/CVE-2022-41200.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "9" } ] diff --git a/2022/41xxx/CVE-2022-41201.json b/2022/41xxx/CVE-2022-41201.json index c92e505d38e..05b2ef24992 100644 --- a/2022/41xxx/CVE-2022-41201.json +++ b/2022/41xxx/CVE-2022-41201.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "9" } ] diff --git a/2022/41xxx/CVE-2022-41202.json b/2022/41xxx/CVE-2022-41202.json index 2f220141639..39d9c4a803e 100644 --- a/2022/41xxx/CVE-2022-41202.json +++ b/2022/41xxx/CVE-2022-41202.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "9" } ] diff --git a/2022/41xxx/CVE-2022-41204.json b/2022/41xxx/CVE-2022-41204.json index d3cc15f8536..68db92c8a2a 100644 --- a/2022/41xxx/CVE-2022-41204.json +++ b/2022/41xxx/CVE-2022-41204.json @@ -19,23 +19,23 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "1905" }, { - "version_name": "<", + "version_affected": "=", "version_value": "2005" }, { - "version_name": "<", + "version_affected": "=", "version_value": "2105" }, { - "version_name": "<", + "version_affected": "=", "version_value": "2011" }, { - "version_name": "<", + "version_affected": "=", "version_value": "2205" } ] diff --git a/2022/41xxx/CVE-2022-41206.json b/2022/41xxx/CVE-2022-41206.json index 09f291baa9a..654f2536c0a 100644 --- a/2022/41xxx/CVE-2022-41206.json +++ b/2022/41xxx/CVE-2022-41206.json @@ -19,11 +19,11 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "420" }, { - "version_name": "<", + "version_affected": "=", "version_value": "430" } ] diff --git a/2022/41xxx/CVE-2022-41209.json b/2022/41xxx/CVE-2022-41209.json index 8ed3266979f..965366d652d 100644 --- a/2022/41xxx/CVE-2022-41209.json +++ b/2022/41xxx/CVE-2022-41209.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "7.4" } ] diff --git a/2022/41xxx/CVE-2022-41210.json b/2022/41xxx/CVE-2022-41210.json index 70505f2156b..4fb19a86fe4 100644 --- a/2022/41xxx/CVE-2022-41210.json +++ b/2022/41xxx/CVE-2022-41210.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_name": "<", + "version_affected": "=", "version_value": "7.4" } ] diff --git a/2022/41xxx/CVE-2022-41301.json b/2022/41xxx/CVE-2022-41301.json index 4a37dd38df1..4275e023d09 100644 --- a/2022/41xxx/CVE-2022-41301.json +++ b/2022/41xxx/CVE-2022-41301.json @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process." + "value": "A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process." } ] } diff --git a/2022/41xxx/CVE-2022-41302.json b/2022/41xxx/CVE-2022-41302.json index 0f9cb0ec7bd..c8b5ed8b260 100644 --- a/2022/41xxx/CVE-2022-41302.json +++ b/2022/41xxx/CVE-2022-41302.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41302", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "FBX SDK", + "version": { + "version_data": [ + { + "version_value": "2020.3.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-Of-Bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Out-Of-Bounds Read Vulnerability in Autodesk FBX SDK version 2020. and prior may lead to code execution or information disclosure through maliciously crafted FBX files. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process." } ] } diff --git a/2022/41xxx/CVE-2022-41303.json b/2022/41xxx/CVE-2022-41303.json index 1f0c8d1fb6d..e45da40f216 100644 --- a/2022/41xxx/CVE-2022-41303.json +++ b/2022/41xxx/CVE-2022-41303.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41303", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "FBX SDK", + "version": { + "version_data": [ + { + "version_value": "2020.3.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-Of-Bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in Autodesk FBX SDK 2020 version causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system." } ] } diff --git a/2022/41xxx/CVE-2022-41304.json b/2022/41xxx/CVE-2022-41304.json index dd15833d3c9..fee011a9e0e 100644 --- a/2022/41xxx/CVE-2022-41304.json +++ b/2022/41xxx/CVE-2022-41304.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41304", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "FBX SDK", + "version": { + "version_data": [ + { + "version_value": "2020.3.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-After-Free " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Out-Of-Bounds Write Vulnerability in Autodesk FBX SDK 2020 version and prior may lead to code execution through maliciously crafted FBX files or information disclosure." } ] } diff --git a/2022/41xxx/CVE-2022-41305.json b/2022/41xxx/CVE-2022-41305.json index 90ceb9f4054..e6626690799 100644 --- a/2022/41xxx/CVE-2022-41305.json +++ b/2022/41xxx/CVE-2022-41305.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41305", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Subassembly Composer", + "version": { + "version_data": [ + { + "version_value": "2023, 2022, 2021, 2020" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0019", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0019" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process." } ] } diff --git a/2022/41xxx/CVE-2022-41306.json b/2022/41xxx/CVE-2022-41306.json index eb3f21020dd..bfccfb259d2 100644 --- a/2022/41xxx/CVE-2022-41306.json +++ b/2022/41xxx/CVE-2022-41306.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41306", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Autodesk\u00ae Design Review", + "version": { + "version_data": [ + { + "version_value": "2018" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory corruption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A maliciously crafted PCT file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process." } ] } diff --git a/2022/41xxx/CVE-2022-41307.json b/2022/41xxx/CVE-2022-41307.json index db0ce369b56..26661ba1c75 100644 --- a/2022/41xxx/CVE-2022-41307.json +++ b/2022/41xxx/CVE-2022-41307.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41307", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Subassembly Composer", + "version": { + "version_data": [ + { + "version_value": "2023, 2022, 2021, 2021" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process." } ] } diff --git a/2022/41xxx/CVE-2022-41308.json b/2022/41xxx/CVE-2022-41308.json index 9fc1888c484..f8ccc136974 100644 --- a/2022/41xxx/CVE-2022-41308.json +++ b/2022/41xxx/CVE-2022-41308.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41308", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Subassembly Composer", + "version": { + "version_data": [ + { + "version_value": "2023, 2022, 2021, 2022" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0021", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0021" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process." } ] } diff --git a/2022/41xxx/CVE-2022-41323.json b/2022/41xxx/CVE-2022-41323.json index 77c862fb335..12cfa7501c3 100644 --- a/2022/41xxx/CVE-2022-41323.json +++ b/2022/41xxx/CVE-2022-41323.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41323", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41323", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://groups.google.com/forum/#!forum/django-announce", + "refsource": "MISC", + "name": "https://groups.google.com/forum/#!forum/django-announce" + }, + { + "url": "https://docs.djangoproject.com/en/4.0/releases/security/", + "refsource": "MISC", + "name": "https://docs.djangoproject.com/en/4.0/releases/security/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.djangoproject.com/weblog/2022/oct/04/security-releases/", + "url": "https://www.djangoproject.com/weblog/2022/oct/04/security-releases/" + }, + { + "refsource": "MISC", + "name": "https://github.com/django/django/commit/5b6b257fa7ec37ff27965358800c67e2dd11c924", + "url": "https://github.com/django/django/commit/5b6b257fa7ec37ff27965358800c67e2dd11c924" } ] } diff --git a/2022/41xxx/CVE-2022-41390.json b/2022/41xxx/CVE-2022-41390.json index fd96d3daea1..f113d0d2609 100644 --- a/2022/41xxx/CVE-2022-41390.json +++ b/2022/41xxx/CVE-2022-41390.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41390", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41390", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at download.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gist.github.com/fgimenesp/a30dcc4fb7912334b6fb1b145a56ad88", + "url": "https://gist.github.com/fgimenesp/a30dcc4fb7912334b6fb1b145a56ad88" } ] } diff --git a/2022/41xxx/CVE-2022-41391.json b/2022/41xxx/CVE-2022-41391.json index 9486fd37afb..b782c54ad36 100644 --- a/2022/41xxx/CVE-2022-41391.json +++ b/2022/41xxx/CVE-2022-41391.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41391", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41391", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at showImg.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gist.github.com/fgimenesp/a30dcc4fb7912334b6fb1b145a56ad88", + "url": "https://gist.github.com/fgimenesp/a30dcc4fb7912334b6fb1b145a56ad88" } ] } diff --git a/2022/41xxx/CVE-2022-41416.json b/2022/41xxx/CVE-2022-41416.json index 1f6e48c050a..eef198d4fc7 100644 --- a/2022/41xxx/CVE-2022-41416.json +++ b/2022/41xxx/CVE-2022-41416.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41416", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41416", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /user/update_booking.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/ouoer/bug_report/blob/main/vendors/mayuri_k/online-tours-travels-management-system/SQLi-1.md", + "url": "https://github.com/ouoer/bug_report/blob/main/vendors/mayuri_k/online-tours-travels-management-system/SQLi-1.md" } ] } diff --git a/2022/41xxx/CVE-2022-41436.json b/2022/41xxx/CVE-2022-41436.json index 7b572b51e94..a8a16dd8c3f 100644 --- a/2022/41xxx/CVE-2022-41436.json +++ b/2022/41xxx/CVE-2022-41436.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41436", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41436", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in OXHOO TP50 OXH1.50 allows unauthenticated attackers to access the administrative panel via browsing to the URL http://device_ip/index1.html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/NF-Security-Team/CVEs/blob/main/CVE-OXHOO/Readme.md", + "refsource": "MISC", + "name": "https://github.com/NF-Security-Team/CVEs/blob/main/CVE-OXHOO/Readme.md" } ] } diff --git a/2022/41xxx/CVE-2022-41471.json b/2022/41xxx/CVE-2022-41471.json index e9c686e5c1a..fec3525770a 100644 --- a/2022/41xxx/CVE-2022-41471.json +++ b/2022/41xxx/CVE-2022-41471.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41471", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41471", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "74cmsSE v3.12.0 allows authenticated attackers with low-level privileges to arbitrarily change the rights and credentials of the Super Administrator account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/xxhzz1/74cmsSE-Improper-permission-configuration-vulnerability/issues/1", + "refsource": "MISC", + "name": "https://github.com/xxhzz1/74cmsSE-Improper-permission-configuration-vulnerability/issues/1" } ] } diff --git a/2022/41xxx/CVE-2022-41472.json b/2022/41xxx/CVE-2022-41472.json index 215679fd177..3ee7b2b2a73 100644 --- a/2022/41xxx/CVE-2022-41472.json +++ b/2022/41xxx/CVE-2022-41472.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41472", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41472", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "74cmsSE v3.12.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /apiadmin/notice/add. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/xxhzz1/74cmsSE-Storage-cross-site-scripting-vulnerability/issues/1", + "refsource": "MISC", + "name": "https://github.com/xxhzz1/74cmsSE-Storage-cross-site-scripting-vulnerability/issues/1" } ] } diff --git a/2022/41xxx/CVE-2022-41473.json b/2022/41xxx/CVE-2022-41473.json index a9716d2eaa5..854b4c5111c 100644 --- a/2022/41xxx/CVE-2022-41473.json +++ b/2022/41xxx/CVE-2022-41473.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41473", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41473", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "RPCMS v3.0.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Search function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ralap-z/rpcms/issues/1", + "refsource": "MISC", + "name": "https://github.com/ralap-z/rpcms/issues/1" } ] } diff --git a/2022/41xxx/CVE-2022-41474.json b/2022/41xxx/CVE-2022-41474.json index d3da3c37d05..b190dfe8147 100644 --- a/2022/41xxx/CVE-2022-41474.json +++ b/2022/41xxx/CVE-2022-41474.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41474", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41474", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily change the password of any account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ralap-z/rpcms/issues/3", + "refsource": "MISC", + "name": "https://github.com/ralap-z/rpcms/issues/3" } ] } diff --git a/2022/41xxx/CVE-2022-41475.json b/2022/41xxx/CVE-2022-41475.json index 62160308d71..83e75f6de5e 100644 --- a/2022/41xxx/CVE-2022-41475.json +++ b/2022/41xxx/CVE-2022-41475.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41475", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41475", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add an administrator account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ralap-z/rpcms/issues/2", + "refsource": "MISC", + "name": "https://github.com/ralap-z/rpcms/issues/2" } ] } diff --git a/2022/41xxx/CVE-2022-41477.json b/2022/41xxx/CVE-2022-41477.json index 42bd728e659..f6820e34f6c 100644 --- a/2022/41xxx/CVE-2022-41477.json +++ b/2022/41xxx/CVE-2022-41477.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41477", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41477", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A security issue was discovered in WeBid <=1.2.2. A Server-Side Request Forgery (SSRF) vulnerability in the admin/theme.php file allows remote attackers to inject payloads via theme parameters to read files across directories." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/zer0yu/CVE_Request/blob/master/Webid/WeBid_Path_Traversal.md", + "refsource": "MISC", + "name": "https://github.com/zer0yu/CVE_Request/blob/master/Webid/WeBid_Path_Traversal.md" } ] } diff --git a/2022/41xxx/CVE-2022-41480.json b/2022/41xxx/CVE-2022-41480.json index c5b31bfff02..f342c339693 100644 --- a/2022/41xxx/CVE-2022-41480.json +++ b/2022/41xxx/CVE-2022-41480.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41480", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41480", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x475dc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.tendacn.com/download/detail-3794.html", + "refsource": "MISC", + "name": "https://www.tendacn.com/download/detail-3794.html" + }, + { + "url": "https://github.com/Davidteeri/Bug-Report/blob/main/tenda-AC6-%200x47c5dc%20-%20name.md", + "refsource": "MISC", + "name": "https://github.com/Davidteeri/Bug-Report/blob/main/tenda-AC6-%200x47c5dc%20-%20name.md" } ] } diff --git a/2022/41xxx/CVE-2022-41481.json b/2022/41xxx/CVE-2022-41481.json index 65c3976f65d..aa7e5613956 100644 --- a/2022/41xxx/CVE-2022-41481.json +++ b/2022/41xxx/CVE-2022-41481.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41481", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41481", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x47de1c function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.tendacn.com/download/detail-3794.html", + "refsource": "MISC", + "name": "https://www.tendacn.com/download/detail-3794.html" + }, + { + "url": "https://github.com/Davidteeri/Bug-Report/blob/main/tenda-AC6-%200x47de1c.md", + "refsource": "MISC", + "name": "https://github.com/Davidteeri/Bug-Report/blob/main/tenda-AC6-%200x47de1c.md" } ] } diff --git a/2022/41xxx/CVE-2022-41482.json b/2022/41xxx/CVE-2022-41482.json index 151e3795390..19394b855d0 100644 --- a/2022/41xxx/CVE-2022-41482.json +++ b/2022/41xxx/CVE-2022-41482.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41482", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41482", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x47c5dc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.tendacn.com/download/detail-3794.html", + "refsource": "MISC", + "name": "https://www.tendacn.com/download/detail-3794.html" + }, + { + "url": "https://github.com/Davidteeri/Bug-Report/blob/main/tenda-AC6-%200x47c5dc_value.md", + "refsource": "MISC", + "name": "https://github.com/Davidteeri/Bug-Report/blob/main/tenda-AC6-%200x47c5dc_value.md" } ] } diff --git a/2022/41xxx/CVE-2022-41483.json b/2022/41xxx/CVE-2022-41483.json index 9843ac2ee6f..9ce5513bcc2 100644 --- a/2022/41xxx/CVE-2022-41483.json +++ b/2022/41xxx/CVE-2022-41483.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41483", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41483", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x4a12cc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.tendacn.com/download/detail-3794.html", + "refsource": "MISC", + "name": "https://www.tendacn.com/download/detail-3794.html" + }, + { + "url": "https://github.com/Davidteeri/Bug-Report/blob/main/tenda-AC6-%200x4212cc.md", + "refsource": "MISC", + "name": "https://github.com/Davidteeri/Bug-Report/blob/main/tenda-AC6-%200x4212cc.md" } ] } diff --git a/2022/41xxx/CVE-2022-41484.json b/2022/41xxx/CVE-2022-41484.json index f9dbc7378a6..be64151cae6 100644 --- a/2022/41xxx/CVE-2022-41484.json +++ b/2022/41xxx/CVE-2022-41484.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41484", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41484", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC1900 AP500(US)_V1_180320(Beta) was discovered to contain a buffer overflow in the 0x32384 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.tp-link.com/us/support/download/ap500/#Firmware", + "refsource": "MISC", + "name": "https://www.tp-link.com/us/support/download/ap500/#Firmware" + }, + { + "url": "https://github.com/Davidteeri/Bug-Report/blob/main/tplink-AC1900%20.md", + "refsource": "MISC", + "name": "https://github.com/Davidteeri/Bug-Report/blob/main/tplink-AC1900%20.md" } ] } diff --git a/2022/41xxx/CVE-2022-41485.json b/2022/41xxx/CVE-2022-41485.json index d4432ea3a27..5a2aea363ca 100644 --- a/2022/41xxx/CVE-2022-41485.json +++ b/2022/41xxx/CVE-2022-41485.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41485", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41485", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x47ce00 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.tendacn.com/download/detail-3794.html", + "refsource": "MISC", + "name": "https://www.tendacn.com/download/detail-3794.html" + }, + { + "url": "https://github.com/Davidteeri/Bug-Report/blob/main/tenda-AC6-%200x47ce00.md", + "refsource": "MISC", + "name": "https://github.com/Davidteeri/Bug-Report/blob/main/tenda-AC6-%200x47ce00.md" } ] } diff --git a/2022/41xxx/CVE-2022-41489.json b/2022/41xxx/CVE-2022-41489.json index 2724ec322db..7255a4d8c25 100644 --- a/2022/41xxx/CVE-2022-41489.json +++ b/2022/41xxx/CVE-2022-41489.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41489", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41489", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WAYOS LQ_09 22.03.17V was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to send crafted requests to the server from the affected device. This vulnerability is exploitable due to a lack of authentication in the component Usb_upload.htm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/splashsc/IOT_Vulnerability_Discovery/blob/main/wayos/wayos_LQ-09%2022_enterprise-class/3_csrf.md", + "refsource": "MISC", + "name": "https://github.com/splashsc/IOT_Vulnerability_Discovery/blob/main/wayos/wayos_LQ-09%2022_enterprise-class/3_csrf.md" } ] } diff --git a/2022/41xxx/CVE-2022-41495.json b/2022/41xxx/CVE-2022-41495.json index b39a3e44b2b..2dbfd2f209c 100644 --- a/2022/41xxx/CVE-2022-41495.json +++ b/2022/41xxx/CVE-2022-41495.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41495", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41495", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the rss_url_news parameter at /manager/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/jayus0821/insight/blob/master/ClipperCMS%20SSRF2.md", + "refsource": "MISC", + "name": "https://github.com/jayus0821/insight/blob/master/ClipperCMS%20SSRF2.md" } ] } diff --git a/2022/41xxx/CVE-2022-41496.json b/2022/41xxx/CVE-2022-41496.json index ec1bbcc3b7d..574d6b2209b 100644 --- a/2022/41xxx/CVE-2022-41496.json +++ b/2022/41xxx/CVE-2022-41496.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41496", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41496", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at admincp.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/jayus0821/insight/blob/master/iCMS%20SSRF.md", + "refsource": "MISC", + "name": "https://github.com/jayus0821/insight/blob/master/iCMS%20SSRF.md" } ] } diff --git a/2022/41xxx/CVE-2022-41497.json b/2022/41xxx/CVE-2022-41497.json index ef19d246ab9..647e46b9904 100644 --- a/2022/41xxx/CVE-2022-41497.json +++ b/2022/41xxx/CVE-2022-41497.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41497", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41497", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the pkg_url parameter at /manager/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/jayus0821/insight/blob/master/ClipperCMS%20SSRF.md", + "refsource": "MISC", + "name": "https://github.com/jayus0821/insight/blob/master/ClipperCMS%20SSRF.md" } ] } diff --git a/2022/41xxx/CVE-2022-41498.json b/2022/41xxx/CVE-2022-41498.json index 45e21a32e64..e1116ddfe15 100644 --- a/2022/41xxx/CVE-2022-41498.json +++ b/2022/41xxx/CVE-2022-41498.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41498", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41498", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/editbrand.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/aurigee/bug_report/blob/main/vendors/mayuri_k/billing-system-project/SQLi-1.md", + "url": "https://github.com/aurigee/bug_report/blob/main/vendors/mayuri_k/billing-system-project/SQLi-1.md" } ] } diff --git a/2022/41xxx/CVE-2022-41533.json b/2022/41xxx/CVE-2022-41533.json index 3ae16c77c1b..42730386ffe 100644 --- a/2022/41xxx/CVE-2022-41533.json +++ b/2022/41xxx/CVE-2022-41533.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41533", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41533", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/xuewawa/bug_report/blob/main/vendors/mayuri_k/online-diagnostic-lab-management-system/RCE-1.md", + "url": "https://github.com/xuewawa/bug_report/blob/main/vendors/mayuri_k/online-diagnostic-lab-management-system/RCE-1.md" } ] } diff --git a/2022/41xxx/CVE-2022-41534.json b/2022/41xxx/CVE-2022-41534.json index ab77d535938..f10160e6923 100644 --- a/2022/41xxx/CVE-2022-41534.json +++ b/2022/41xxx/CVE-2022-41534.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41534", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41534", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/createOrder.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/xuewawa/bug_report/blob/main/vendors/mayuri_k/online-diagnostic-lab-management-system/RCE-2.md", + "url": "https://github.com/xuewawa/bug_report/blob/main/vendors/mayuri_k/online-diagnostic-lab-management-system/RCE-2.md" } ] } diff --git a/2022/41xxx/CVE-2022-41535.json b/2022/41xxx/CVE-2022-41535.json index 6cc9bdc0fbc..da18269df17 100644 --- a/2022/41xxx/CVE-2022-41535.json +++ b/2022/41xxx/CVE-2022-41535.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41535", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41535", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/manage_borrower.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/coues/bug_report/blob/main/vendors/mayuri_k/open-source-sacco-management-system/SQLi-1.md", + "url": "https://github.com/coues/bug_report/blob/main/vendors/mayuri_k/open-source-sacco-management-system/SQLi-1.md" } ] } diff --git a/2022/41xxx/CVE-2022-41536.json b/2022/41xxx/CVE-2022-41536.json index 207be3a375d..d5627ac2ab7 100644 --- a/2022/41xxx/CVE-2022-41536.json +++ b/2022/41xxx/CVE-2022-41536.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41536", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41536", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/manage_user.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/coues/bug_report/blob/main/vendors/mayuri_k/open-source-sacco-management-system/SQLi-2.md", + "url": "https://github.com/coues/bug_report/blob/main/vendors/mayuri_k/open-source-sacco-management-system/SQLi-2.md" } ] } diff --git a/2022/41xxx/CVE-2022-41538.json b/2022/41xxx/CVE-2022-41538.json index 06eeb34fe5a..36aa8c9bf49 100644 --- a/2022/41xxx/CVE-2022-41538.json +++ b/2022/41xxx/CVE-2022-41538.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41538", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41538", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /Wedding-Management-PHP/admin/photos_add.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/gougou123-hash/bug_report/blob/main/vendors/pushpam02/wedding-planner/RCE-1.md", + "url": "https://github.com/gougou123-hash/bug_report/blob/main/vendors/pushpam02/wedding-planner/RCE-1.md" } ] } diff --git a/2022/41xxx/CVE-2022-41539.json b/2022/41xxx/CVE-2022-41539.json index 8405935f834..c5cf9bf06e8 100644 --- a/2022/41xxx/CVE-2022-41539.json +++ b/2022/41xxx/CVE-2022-41539.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41539", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41539", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /admin/users_add.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/gougou123-hash/bug_report/blob/main/vendors/pushpam02/wedding-planner/RCE-2.md", + "url": "https://github.com/gougou123-hash/bug_report/blob/main/vendors/pushpam02/wedding-planner/RCE-2.md" } ] } diff --git a/2022/41xxx/CVE-2022-41542.json b/2022/41xxx/CVE-2022-41542.json index 7a3d1de8aad..fe97761e35c 100644 --- a/2022/41xxx/CVE-2022-41542.json +++ b/2022/41xxx/CVE-2022-41542.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41542", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41542", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "devhub 0.102.0 was discovered to contain a broken session control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://devhub.com", + "refsource": "MISC", + "name": "http://devhub.com" + }, + { + "url": "https://app.devhubapp.com/", + "refsource": "MISC", + "name": "https://app.devhubapp.com/" + }, + { + "url": "https://devhubapp.com/", + "refsource": "MISC", + "name": "https://devhubapp.com/" + }, + { + "refsource": "MISC", + "name": "https://medium.com/@sc0p3hacker/cve-2022-41542-session-mis-configuration-in-devhub-application-ca956bb9027a", + "url": "https://medium.com/@sc0p3hacker/cve-2022-41542-session-mis-configuration-in-devhub-application-ca956bb9027a" } ] } diff --git a/2022/41xxx/CVE-2022-41576.json b/2022/41xxx/CVE-2022-41576.json index 4516c710602..b2e46e80d40 100644 --- a/2022/41xxx/CVE-2022-41576.json +++ b/2022/41xxx/CVE-2022-41576.json @@ -1,17 +1,82 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-41576", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The rphone module has a script that can be maliciously modified.Successful exploitation of this vulnerability may cause irreversible programs to be implanted on user devices." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Weaknesses Introduced During Design" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/10/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/10/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697" } ] } diff --git a/2022/41xxx/CVE-2022-41577.json b/2022/41xxx/CVE-2022-41577.json index 6febe6c3fb8..0e545474c07 100644 --- a/2022/41xxx/CVE-2022-41577.json +++ b/2022/41xxx/CVE-2022-41577.json @@ -1,17 +1,82 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-41577", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + }, + { + "version_affected": "=", + "version_value": "2.1" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The kernel server has a vulnerability of not verifying the length of the data transferred in the user space.Successful exploitation of this vulnerability may cause out-of-bounds read in the kernel, which affects the device confidentiality and availability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/10/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/10/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697" } ] } diff --git a/2022/41xxx/CVE-2022-41578.json b/2022/41xxx/CVE-2022-41578.json index c99db67c630..20d2a0cb449 100644 --- a/2022/41xxx/CVE-2022-41578.json +++ b/2022/41xxx/CVE-2022-41578.json @@ -1,17 +1,86 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-41578", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + }, + { + "version_affected": "=", + "version_value": "2.1" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The MPTCP module has an out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause root privilege escalation attacks implemented by modifying program information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds write vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/10/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/10/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697" } ] } diff --git a/2022/41xxx/CVE-2022-41580.json b/2022/41xxx/CVE-2022-41580.json index 1995ae14135..24679c65d51 100644 --- a/2022/41xxx/CVE-2022-41580.json +++ b/2022/41xxx/CVE-2022-41580.json @@ -1,17 +1,82 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-41580", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds access vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/10/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/10/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697" } ] } diff --git a/2022/41xxx/CVE-2022-41581.json b/2022/41xxx/CVE-2022-41581.json index fdef561bda2..99e78cfafd0 100644 --- a/2022/41xxx/CVE-2022-41581.json +++ b/2022/41xxx/CVE-2022-41581.json @@ -1,17 +1,82 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-41581", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds access vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/10/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/10/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697" } ] } diff --git a/2022/41xxx/CVE-2022-41582.json b/2022/41xxx/CVE-2022-41582.json index 95af835531c..33f36f76656 100644 --- a/2022/41xxx/CVE-2022-41582.json +++ b/2022/41xxx/CVE-2022-41582.json @@ -1,17 +1,82 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-41582", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The security module has configuration defects.Successful exploitation of this vulnerability may affect system availability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Configuration defects" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/10/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/10/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697" } ] } diff --git a/2022/41xxx/CVE-2022-41583.json b/2022/41xxx/CVE-2022-41583.json index 33c88717f39..ba7e18de963 100644 --- a/2022/41xxx/CVE-2022-41583.json +++ b/2022/41xxx/CVE-2022-41583.json @@ -1,17 +1,78 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-41583", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The storage maintenance and debugging module has an array out-of-bounds read vulnerability.Successful exploitation of this vulnerability will cause incorrect statistics of this module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Array out-of-bounds read vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/10/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/10/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697" } ] } diff --git a/2022/41xxx/CVE-2022-41584.json b/2022/41xxx/CVE-2022-41584.json index 3a71de05873..8f280f774b2 100644 --- a/2022/41xxx/CVE-2022-41584.json +++ b/2022/41xxx/CVE-2022-41584.json @@ -1,17 +1,86 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-41584", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + }, + { + "version_affected": "=", + "version_value": "2.1" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/10/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/10/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697" } ] } diff --git a/2022/41xxx/CVE-2022-41585.json b/2022/41xxx/CVE-2022-41585.json index 2dab73bc56e..19f4a3ea8e4 100644 --- a/2022/41xxx/CVE-2022-41585.json +++ b/2022/41xxx/CVE-2022-41585.json @@ -1,17 +1,86 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-41585", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + }, + { + "version_affected": "=", + "version_value": "2.1" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/10/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/10/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697" } ] } diff --git a/2022/41xxx/CVE-2022-41586.json b/2022/41xxx/CVE-2022-41586.json index b4fd5ff374a..d307426e874 100644 --- a/2022/41xxx/CVE-2022-41586.json +++ b/2022/41xxx/CVE-2022-41586.json @@ -1,17 +1,86 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-41586", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + }, + { + "version_affected": "=", + "version_value": "2.1" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The communication framework module has a vulnerability of not truncating data properly.Successful exploitation of this vulnerability may affect data confidentiality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untruncated data vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/10/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/10/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697" } ] } diff --git a/2022/41xxx/CVE-2022-41587.json b/2022/41xxx/CVE-2022-41587.json index 7be2fe49844..07b88087ae8 100644 --- a/2022/41xxx/CVE-2022-41587.json +++ b/2022/41xxx/CVE-2022-41587.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41587", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_value": "EMUI 11.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Configuration defects" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/10/", + "url": "https://consumer.huawei.com/en/support/bulletin/2022/10/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncaptured exceptions in the home screen module. Successful exploitation of this vulnerability may affect stability." } ] } diff --git a/2022/41xxx/CVE-2022-41588.json b/2022/41xxx/CVE-2022-41588.json index eac6ce8a8d4..daeb62e90cb 100644 --- a/2022/41xxx/CVE-2022-41588.json +++ b/2022/41xxx/CVE-2022-41588.json @@ -1,17 +1,86 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-41588", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + }, + { + "version_affected": "=", + "version_value": "2.1" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The home screen module has a vulnerability in service logic processing.Successful exploitation of this vulnerability may affect data integrity." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Service logic exception vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/10/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/10/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697" } ] } diff --git a/2022/41xxx/CVE-2022-41589.json b/2022/41xxx/CVE-2022-41589.json index 4be9f95664f..380dbd0ee37 100644 --- a/2022/41xxx/CVE-2022-41589.json +++ b/2022/41xxx/CVE-2022-41589.json @@ -1,17 +1,78 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-41589", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The DFX unwind stack module of the ArkCompiler has a vulnerability in interface calling.Successful exploitation of this vulnerability affects system services and device availability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Interface misuse vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/10/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/10/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697" } ] } diff --git a/2022/41xxx/CVE-2022-41592.json b/2022/41xxx/CVE-2022-41592.json index 5ccd96da7f7..4679c0599a3 100644 --- a/2022/41xxx/CVE-2022-41592.json +++ b/2022/41xxx/CVE-2022-41592.json @@ -1,17 +1,82 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-41592", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap overflow/Out-of-bounds read/Null pointer vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/10/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/10/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697" } ] } diff --git a/2022/41xxx/CVE-2022-41593.json b/2022/41xxx/CVE-2022-41593.json index e437d160421..39cc9a2b6e4 100644 --- a/2022/41xxx/CVE-2022-41593.json +++ b/2022/41xxx/CVE-2022-41593.json @@ -1,17 +1,82 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-41593", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap overflow/Out-of-bounds read/Null pointer vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/10/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/10/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697" } ] } diff --git a/2022/41xxx/CVE-2022-41594.json b/2022/41xxx/CVE-2022-41594.json index 1a8dd664869..dec7ecf4bcd 100644 --- a/2022/41xxx/CVE-2022-41594.json +++ b/2022/41xxx/CVE-2022-41594.json @@ -1,17 +1,82 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-41594", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap overflow/Out-of-bounds read/Null pointer vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/10/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/10/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697" } ] } diff --git a/2022/41xxx/CVE-2022-41595.json b/2022/41xxx/CVE-2022-41595.json index 2edb5addae2..3e4c8cd8e3a 100644 --- a/2022/41xxx/CVE-2022-41595.json +++ b/2022/41xxx/CVE-2022-41595.json @@ -1,17 +1,82 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-41595", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap overflow/Out-of-bounds read/Null pointer vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/10/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/10/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697" } ] } diff --git a/2022/41xxx/CVE-2022-41597.json b/2022/41xxx/CVE-2022-41597.json index b4016f8770a..5bc19fdcce7 100644 --- a/2022/41xxx/CVE-2022-41597.json +++ b/2022/41xxx/CVE-2022-41597.json @@ -1,17 +1,82 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-41597", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap overflow/Out-of-bounds read/Null pointer vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/10/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/10/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697" } ] } diff --git a/2022/41xxx/CVE-2022-41598.json b/2022/41xxx/CVE-2022-41598.json index cd0f448f987..a6db3375906 100644 --- a/2022/41xxx/CVE-2022-41598.json +++ b/2022/41xxx/CVE-2022-41598.json @@ -1,17 +1,82 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-41598", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap overflow/Out-of-bounds read/Null pointer vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/10/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/10/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697" } ] } diff --git a/2022/41xxx/CVE-2022-41600.json b/2022/41xxx/CVE-2022-41600.json index 402c0f25982..8359c8aec34 100644 --- a/2022/41xxx/CVE-2022-41600.json +++ b/2022/41xxx/CVE-2022-41600.json @@ -1,17 +1,82 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-41600", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap overflow/Out-of-bounds read/Null pointer vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/10/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/10/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697" } ] } diff --git a/2022/41xxx/CVE-2022-41601.json b/2022/41xxx/CVE-2022-41601.json index 5c0d2b76d7f..4efe7fbadd9 100644 --- a/2022/41xxx/CVE-2022-41601.json +++ b/2022/41xxx/CVE-2022-41601.json @@ -1,17 +1,82 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-41601", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap overflow/Out-of-bounds read/Null pointer vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/10/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/10/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697" } ] } diff --git a/2022/41xxx/CVE-2022-41602.json b/2022/41xxx/CVE-2022-41602.json index abcabdb3a03..c1464c4e465 100644 --- a/2022/41xxx/CVE-2022-41602.json +++ b/2022/41xxx/CVE-2022-41602.json @@ -1,17 +1,82 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-41602", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap overflow/Out-of-bounds read/Null pointer vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/10/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/10/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697" } ] } diff --git a/2022/41xxx/CVE-2022-41603.json b/2022/41xxx/CVE-2022-41603.json index cd715c7d8ee..e5957ae1e8e 100644 --- a/2022/41xxx/CVE-2022-41603.json +++ b/2022/41xxx/CVE-2022-41603.json @@ -1,17 +1,82 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-41603", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap overflow/Out-of-bounds read/Null pointer vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/10/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/10/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697" } ] } diff --git a/2022/41xxx/CVE-2022-41623.json b/2022/41xxx/CVE-2022-41623.json index 8cf97567e08..0f25e5119fb 100644 --- a/2022/41xxx/CVE-2022-41623.json +++ b/2022/41xxx/CVE-2022-41623.json @@ -1,18 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-10-12T20:03:00.000Z", "ID": "CVE-2022-41623", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress ALD - AliExpress Dropshipping and Fulfillment for WooCommerce premium plugin <= 1.1.0 - Sensitive Data Exposure vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ALD - AliExpress Dropshipping and Fulfillment for WooCommerce (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 1.1.0", + "version_value": "1.1.0" + } + ] + } + } + ] + }, + "vendor_name": "Villatheme" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Dave Jong (Patchstack)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sensitive Data Exposure in Villatheme ALD - AliExpress Dropshipping and Fulfillment for WooCommerce premium plugin <= 1.1.0 on WordPress." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-202 Exposure of Sensitive Data Through Data Queries" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://patchstack.com/database/vulnerability/woocommerce-alidropship/wordpress-ald-aliexpress-dropshipping-and-fulfillment-for-woocommerce-plugin-1-1-0-sensitive-data-exposure?_s_id=cve", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/woocommerce-alidropship/wordpress-ald-aliexpress-dropshipping-and-fulfillment-for-woocommerce-plugin-1-1-0-sensitive-data-exposure?_s_id=cve" + }, + { + "name": "https://villatheme.com/extensions/aliexpress-dropshipping-and-fulfillment-for-woocommerce/#tab-changelog", + "refsource": "CONFIRM", + "url": "https://villatheme.com/extensions/aliexpress-dropshipping-and-fulfillment-for-woocommerce/#tab-changelog" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to 1.1.1 or higher version." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41674.json b/2022/41xxx/CVE-2022-41674.json index e95e36f867d..8cda748d86e 100644 --- a/2022/41xxx/CVE-2022-41674.json +++ b/2022/41xxx/CVE-2022-41674.json @@ -1,17 +1,91 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41674", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41674", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1203770", + "refsource": "MISC", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1203770" + }, + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/net/mac80211/scan.c", + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/net/mac80211/scan.c" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2022/10/13/2", + "url": "http://www.openwall.com/lists/oss-security/2022/10/13/2" + }, + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2022/10/13/5", + "url": "https://www.openwall.com/lists/oss-security/2022/10/13/5" + }, + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=aebe9f4639b13a1f4e9a6b42cdd2e38c617b442d", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=aebe9f4639b13a1f4e9a6b42cdd2e38c617b442d" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-2cfbe17910", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-b948fc3cfb", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/" } ] } diff --git a/2022/41xxx/CVE-2022-41686.json b/2022/41xxx/CVE-2022-41686.json index b10bd7fda1c..87d858c0e18 100644 --- a/2022/41xxx/CVE-2022-41686.json +++ b/2022/41xxx/CVE-2022-41686.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "scy@openharmony.io", + "DATE_PUBLIC": "2022-10-11T00:00:00.000Z", "ID": "CVE-2022-41686", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Out-of-bound memory read and write in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound memory leading sensitive to information disclosure. The processes with system user UID run on the device would be able to write out-of-bound memory which could lead to unspecified memory corruption." }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OpenHarmony", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "OpenHarmony-v3.1.x-Release", + "version_value": "3.1.2" + }, + { + "version_affected": "<=", + "version_name": "OpenHarmony-v3.0.x-LTS", + "version_value": "3.0.6" + } + ] + } + } + ] + }, + "vendor_name": "OpenHarmony" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound memory leading sensitive to information disclosure. The processes with system user UID run on the device would be able to write out-of-bound memory which could lead to unspecified memory corruption." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787 Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-10.md", + "name": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-10.md" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41715.json b/2022/41xxx/CVE-2022-41715.json index 713cffd6539..de18671a88f 100644 --- a/2022/41xxx/CVE-2022-41715.json +++ b/2022/41xxx/CVE-2022-41715.json @@ -1,18 +1,92 @@ { + "CVE_data_meta": { + "ASSIGNER": "security@golang.org", + "ID": "CVE-2022-41715", + "STATE": "PUBLIC" + }, "data_type": "CVE", "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-41715", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "regexp/syntax", + "version": { + "version_data": [ + { + "version_value": "1.18.7", + "version_affected": "<" + }, + { + "version_value": "1.19.0", + "version_affected": ">=" + }, + { + "version_value": "1.19.2", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Go standard library" + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE 400: Uncontrolled Resource Consumption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU", + "refsource": "MISC", + "name": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU" + }, + { + "url": "https://go.dev/issue/55949", + "refsource": "MISC", + "name": "https://go.dev/issue/55949" + }, + { + "url": "https://go.dev/cl/439356", + "refsource": "MISC", + "name": "https://go.dev/cl/439356" + }, + { + "url": "https://pkg.go.dev/vuln/GO-2022-1039", + "refsource": "MISC", + "name": "https://pkg.go.dev/vuln/GO-2022-1039" + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Adam Korczynski (ADA Logics) and OSS-Fuzz" + } + ] } \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41751.json b/2022/41xxx/CVE-2022-41751.json index f0e1862b147..0116b7e3675 100644 --- a/2022/41xxx/CVE-2022-41751.json +++ b/2022/41xxx/CVE-2022-41751.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41751", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41751", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Matthias-Wandel/jhead", + "refsource": "MISC", + "name": "https://github.com/Matthias-Wandel/jhead" + }, + { + "url": "https://github.com/Matthias-Wandel/jhead/blob/63ce118c6a59ea64ac357236a11a47aaf569d622/jhead.c#L788", + "refsource": "MISC", + "name": "https://github.com/Matthias-Wandel/jhead/blob/63ce118c6a59ea64ac357236a11a47aaf569d622/jhead.c#L788" + }, + { + "refsource": "MISC", + "name": "https://github.com/Matthias-Wandel/jhead/pull/57", + "url": "https://github.com/Matthias-Wandel/jhead/pull/57" } ] } diff --git a/2022/41xxx/CVE-2022-41828.json b/2022/41xxx/CVE-2022-41828.json index 00809a4d1d9..20c1030195b 100644 --- a/2022/41xxx/CVE-2022-41828.json +++ b/2022/41xxx/CVE-2022-41828.json @@ -56,6 +56,11 @@ "url": "https://github.com/aws/amazon-redshift-jdbc-driver/commit/40b143b4698faf90c788ffa89f2d4d8d2ad068b5", "refsource": "MISC", "name": "https://github.com/aws/amazon-redshift-jdbc-driver/commit/40b143b4698faf90c788ffa89f2d4d8d2ad068b5" + }, + { + "refsource": "MISC", + "name": "https://github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-jc69-hjw2-fm86", + "url": "https://github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-jc69-hjw2-fm86" } ] } diff --git a/2022/42xxx/CVE-2022-42003.json b/2022/42xxx/CVE-2022-42003.json index 8e2d8d0c64b..7cab9c41afa 100644 --- a/2022/42xxx/CVE-2022-42003.json +++ b/2022/42xxx/CVE-2022-42003.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled." + "value": "In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. Additional fix version in 2.13.4.1 and 2.12.17.1" } ] }, diff --git a/2022/42xxx/CVE-2022-42010.json b/2022/42xxx/CVE-2022-42010.json index 65141224882..caa4506ce5d 100644 --- a/2022/42xxx/CVE-2022-42010.json +++ b/2022/42xxx/CVE-2022-42010.json @@ -61,6 +61,11 @@ "refsource": "CONFIRM", "name": "https://www.openwall.com/lists/oss-security/2022/10/06/1", "url": "https://www.openwall.com/lists/oss-security/2022/10/06/1" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-076544c8aa", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/" } ] } diff --git a/2022/42xxx/CVE-2022-42011.json b/2022/42xxx/CVE-2022-42011.json index 31c2176e5b0..11e5b1db41f 100644 --- a/2022/42xxx/CVE-2022-42011.json +++ b/2022/42xxx/CVE-2022-42011.json @@ -61,6 +61,11 @@ "refsource": "CONFIRM", "name": "https://www.openwall.com/lists/oss-security/2022/10/06/1", "url": "https://www.openwall.com/lists/oss-security/2022/10/06/1" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-076544c8aa", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/" } ] } diff --git a/2022/42xxx/CVE-2022-42012.json b/2022/42xxx/CVE-2022-42012.json index 43f85ee1dc3..ec9d54ed2e9 100644 --- a/2022/42xxx/CVE-2022-42012.json +++ b/2022/42xxx/CVE-2022-42012.json @@ -61,6 +61,11 @@ "refsource": "CONFIRM", "name": "https://www.openwall.com/lists/oss-security/2022/10/06/1", "url": "https://www.openwall.com/lists/oss-security/2022/10/06/1" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-076544c8aa", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/" } ] } diff --git a/2022/42xxx/CVE-2022-42029.json b/2022/42xxx/CVE-2022-42029.json index 364e6a09df4..9e71dd290c2 100644 --- a/2022/42xxx/CVE-2022-42029.json +++ b/2022/42xxx/CVE-2022-42029.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-42029", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-42029", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to 'big file uploads' to copy/move files from anywhere in the file system into the web directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-95-2022-09-14-High-impact-Moderate-risk-Authenticated-Local-file-inclusion", + "refsource": "MISC", + "name": "https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-95-2022-09-14-High-impact-Moderate-risk-Authenticated-Local-file-inclusion" } ] } diff --git a/2022/42xxx/CVE-2022-42064.json b/2022/42xxx/CVE-2022-42064.json index 12b1787838c..51cc0669071 100644 --- a/2022/42xxx/CVE-2022-42064.json +++ b/2022/42xxx/CVE-2022-42064.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-42064", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-42064", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Online Diagnostic Lab Management System version 1.0 remote exploit that bypasses login with SQL injection and then uploads a shell." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://packetstormsecurity.com/files/168498/Online-Diagnostic-Lab-Management-System-1.0-SQL-Injection-Shell-Upload.html", + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/168498/Online-Diagnostic-Lab-Management-System-1.0-SQL-Injection-Shell-Upload.html" } ] } diff --git a/2022/42xxx/CVE-2022-42066.json b/2022/42xxx/CVE-2022-42066.json index 83d2ea05c8b..cc360b92518 100644 --- a/2022/42xxx/CVE-2022-42066.json +++ b/2022/42xxx/CVE-2022-42066.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-42066", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-42066", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Online Examination System version 1.0 suffers from a cross site scripting vulnerability via index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://packetstormsecurity.com/files/168549/Online-Examination-System-1.0-Cross-Site-Scripting.html", + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/168549/Online-Examination-System-1.0-Cross-Site-Scripting.html" + }, + { + "url": "https://projectworlds.in/free-projects/php-projects/online-examination/", + "refsource": "MISC", + "name": "https://projectworlds.in/free-projects/php-projects/online-examination/" } ] } diff --git a/2022/42xxx/CVE-2022-42067.json b/2022/42xxx/CVE-2022-42067.json index 57df5814d96..9a9a48de9a9 100644 --- a/2022/42xxx/CVE-2022-42067.json +++ b/2022/42xxx/CVE-2022-42067.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-42067", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-42067", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Online Birth Certificate Management System version 1.0 suffers from an Insecure Direct Object Reference (IDOR) vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://packetstormsecurity.com/files/168524/Online-Birth-Certificate-Management-System-1.0-Insecure-Direct-Object-Reference.html", + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/168524/Online-Birth-Certificate-Management-System-1.0-Insecure-Direct-Object-Reference.html" + }, + { + "url": "https://www.sourcecodester.com/php/15683/online-birth-certificate-management-system-php-free-download.html", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/php/15683/online-birth-certificate-management-system-php-free-download.html" } ] } diff --git a/2022/42xxx/CVE-2022-42069.json b/2022/42xxx/CVE-2022-42069.json index 6c82336badf..6fc4522abee 100644 --- a/2022/42xxx/CVE-2022-42069.json +++ b/2022/42xxx/CVE-2022-42069.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-42069", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-42069", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Online Birth Certificate Management System version 1.0 suffers from a persistent Cross Site Scripting (XSS) vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sourcecodester.com/php/15683/online-birth-certificate-management-system-php-free-download.html", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/php/15683/online-birth-certificate-management-system-php-free-download.html" + }, + { + "url": "https://packetstormsecurity.com/files/168529/Online-Birth-Certificate-Management-System-1.0-Cross-Site-Scripting.html", + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/168529/Online-Birth-Certificate-Management-System-1.0-Cross-Site-Scripting.html" } ] } diff --git a/2022/42xxx/CVE-2022-42070.json b/2022/42xxx/CVE-2022-42070.json index e7ca4207326..398db2f90e6 100644 --- a/2022/42xxx/CVE-2022-42070.json +++ b/2022/42xxx/CVE-2022-42070.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-42070", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-42070", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Online Birth Certificate Management System version 1.0 is vulnerable to Cross Site Request Forgery (CSRF)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sourcecodester.com/php/15683/online-birth-certificate-management-system-php-free-download.html", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/php/15683/online-birth-certificate-management-system-php-free-download.html" + }, + { + "url": "https://packetstormsecurity.com/files/168522/Online-Birth-Certificate-Management-System-1.0-Cross-Site-Request-Forgery.html", + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/168522/Online-Birth-Certificate-Management-System-1.0-Cross-Site-Request-Forgery.html" } ] } diff --git a/2022/42xxx/CVE-2022-42071.json b/2022/42xxx/CVE-2022-42071.json index d515f565c2b..b0a38c28f7a 100644 --- a/2022/42xxx/CVE-2022-42071.json +++ b/2022/42xxx/CVE-2022-42071.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-42071", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-42071", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Online Birth Certificate Management System version 1.0 suffers from a Cross Site Scripting (XSS) Vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sourcecodester.com/php/15683/online-birth-certificate-management-system-php-free-download.html", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/php/15683/online-birth-certificate-management-system-php-free-download.html" + }, + { + "url": "https://packetstormsecurity.com/files/168533/Online-Birth-Certificate-Management-System-1.0-Cross-Site-Scripting.html", + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/168533/Online-Birth-Certificate-Management-System-1.0-Cross-Site-Scripting.html" } ] } diff --git a/2022/42xxx/CVE-2022-42154.json b/2022/42xxx/CVE-2022-42154.json index c300a15b6fe..bf73402e06f 100644 --- a/2022/42xxx/CVE-2022-42154.json +++ b/2022/42xxx/CVE-2022-42154.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-42154", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-42154", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An arbitrary file upload vulnerability in the component /apiadmin/upload/attach of 74cmsSE v3.13.0 allows attackers to execute arbitrary code via a crafted PHP file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/xxhzz1/74cmsSE-Arbitrary-file-upload-vulnerability/issues/1", + "refsource": "MISC", + "name": "https://github.com/xxhzz1/74cmsSE-Arbitrary-file-upload-vulnerability/issues/1" } ] } diff --git a/2022/42xxx/CVE-2022-42156.json b/2022/42xxx/CVE-2022-42156.json index 3fabb9b399e..eaabbd33569 100644 --- a/2022/42xxx/CVE-2022-42156.json +++ b/2022/42xxx/CVE-2022-42156.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-42156", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-42156", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "D-Link COVR 1200,1203 v1.08 was discovered to contain a command injection vulnerability via the tomography_ping_number parameter at function SetNetworkTomographySettings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.dlink.com/en/security-bulletin/", + "refsource": "MISC", + "name": "https://www.dlink.com/en/security-bulletin/" + }, + { + "url": "https://github.com/14isnot40/vul_discovery/blob/master/D-Link%20COVR%2012xx%20.pdf", + "refsource": "MISC", + "name": "https://github.com/14isnot40/vul_discovery/blob/master/D-Link%20COVR%2012xx%20.pdf" } ] } diff --git a/2022/42xxx/CVE-2022-42159.json b/2022/42xxx/CVE-2022-42159.json index caf4b44416a..1711a4b9039 100644 --- a/2022/42xxx/CVE-2022-42159.json +++ b/2022/42xxx/CVE-2022-42159.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-42159", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-42159", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "D-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable seed in a Pseudo-Random Number Generator." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.dlink.com/en/security-bulletin/", + "refsource": "MISC", + "name": "https://www.dlink.com/en/security-bulletin/" + }, + { + "url": "https://github.com/14isnot40/vul_discovery/blob/master/D-Link%20COVR%2012xx%20.pdf", + "refsource": "MISC", + "name": "https://github.com/14isnot40/vul_discovery/blob/master/D-Link%20COVR%2012xx%20.pdf" } ] } diff --git a/2022/42xxx/CVE-2022-42160.json b/2022/42xxx/CVE-2022-42160.json index 8614b8e3076..1a54b446c25 100644 --- a/2022/42xxx/CVE-2022-42160.json +++ b/2022/42xxx/CVE-2022-42160.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-42160", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-42160", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the system_time_timezone parameter at function SetNTPServerSettings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.dlink.com/en/security-bulletin/", + "refsource": "MISC", + "name": "https://www.dlink.com/en/security-bulletin/" + }, + { + "url": "https://github.com/14isnot40/vul_discovery/blob/master/D-Link%20COVR%2012xx%20.pdf", + "refsource": "MISC", + "name": "https://github.com/14isnot40/vul_discovery/blob/master/D-Link%20COVR%2012xx%20.pdf" } ] } diff --git a/2022/42xxx/CVE-2022-42161.json b/2022/42xxx/CVE-2022-42161.json index 3bc4657a86d..f1c9d9f7285 100644 --- a/2022/42xxx/CVE-2022-42161.json +++ b/2022/42xxx/CVE-2022-42161.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-42161", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-42161", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the /SetTriggerWPS/PIN parameter at function SetTriggerWPS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.dlink.com/en/security-bulletin/", + "refsource": "MISC", + "name": "https://www.dlink.com/en/security-bulletin/" + }, + { + "url": "https://github.com/14isnot40/vul_discovery/blob/master/D-Link%20COVR%2012xx%20.pdf", + "refsource": "MISC", + "name": "https://github.com/14isnot40/vul_discovery/blob/master/D-Link%20COVR%2012xx%20.pdf" } ] } diff --git a/2022/42xxx/CVE-2022-42163.json b/2022/42xxx/CVE-2022-42163.json index 9a9c476e393..65ad81a7a31 100644 --- a/2022/42xxx/CVE-2022-42163.json +++ b/2022/42xxx/CVE-2022-42163.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-42163", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-42163", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromNatStaticSetting." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/z1r00/IOT_Vul/blob/main/Tenda/AC10/fromNatStaticSetting/readme.md", + "refsource": "MISC", + "name": "https://github.com/z1r00/IOT_Vul/blob/main/Tenda/AC10/fromNatStaticSetting/readme.md" } ] } diff --git a/2022/42xxx/CVE-2022-42164.json b/2022/42xxx/CVE-2022-42164.json index 8fcf3ea60ea..59b6f545c6c 100644 --- a/2022/42xxx/CVE-2022-42164.json +++ b/2022/42xxx/CVE-2022-42164.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-42164", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-42164", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetClientState." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/z1r00/IOT_Vul/blob/main/Tenda/AC10/formSetClientState/readme.md", + "refsource": "MISC", + "name": "https://github.com/z1r00/IOT_Vul/blob/main/Tenda/AC10/formSetClientState/readme.md" } ] } diff --git a/2022/42xxx/CVE-2022-42165.json b/2022/42xxx/CVE-2022-42165.json index 6bcdf8b2373..c5ee9802a23 100644 --- a/2022/42xxx/CVE-2022-42165.json +++ b/2022/42xxx/CVE-2022-42165.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-42165", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-42165", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetDeviceName." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/z1r00/IOT_Vul/blob/main/Tenda/AC10/formSetDeviceName/readme.md", + "refsource": "MISC", + "name": "https://github.com/z1r00/IOT_Vul/blob/main/Tenda/AC10/formSetDeviceName/readme.md" } ] } diff --git a/2022/42xxx/CVE-2022-42166.json b/2022/42xxx/CVE-2022-42166.json index d247fa03e77..0529e9103b5 100644 --- a/2022/42xxx/CVE-2022-42166.json +++ b/2022/42xxx/CVE-2022-42166.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-42166", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-42166", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetSpeedWan." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/z1r00/IOT_Vul/blob/main/Tenda/AC10/formSetSpeedWan/readme.md", + "refsource": "MISC", + "name": "https://github.com/z1r00/IOT_Vul/blob/main/Tenda/AC10/formSetSpeedWan/readme.md" } ] } diff --git a/2022/42xxx/CVE-2022-42167.json b/2022/42xxx/CVE-2022-42167.json index 9a57f826bf7..3ba63444c7e 100644 --- a/2022/42xxx/CVE-2022-42167.json +++ b/2022/42xxx/CVE-2022-42167.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-42167", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-42167", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetFirewallCfg." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/z1r00/IOT_Vul/blob/main/Tenda/AC10/formSetFirewallCfg/readme.md", + "refsource": "MISC", + "name": "https://github.com/z1r00/IOT_Vul/blob/main/Tenda/AC10/formSetFirewallCfg/readme.md" } ] } diff --git a/2022/42xxx/CVE-2022-42168.json b/2022/42xxx/CVE-2022-42168.json index 22daa568603..3a7acb1e19d 100644 --- a/2022/42xxx/CVE-2022-42168.json +++ b/2022/42xxx/CVE-2022-42168.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-42168", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-42168", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromSetIpMacBind." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/z1r00/IOT_Vul/blob/main/Tenda/AC10/fromSetIpMacBind/readme.md", + "refsource": "MISC", + "name": "https://github.com/z1r00/IOT_Vul/blob/main/Tenda/AC10/fromSetIpMacBind/readme.md" } ] } diff --git a/2022/42xxx/CVE-2022-42169.json b/2022/42xxx/CVE-2022-42169.json index df9c1c51a50..837f77bfb83 100644 --- a/2022/42xxx/CVE-2022-42169.json +++ b/2022/42xxx/CVE-2022-42169.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-42169", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-42169", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/addWifiMacFilter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/z1r00/IOT_Vul/blob/main/Tenda/AC10/addWifiMacFilter/readme.md", + "refsource": "MISC", + "name": "https://github.com/z1r00/IOT_Vul/blob/main/Tenda/AC10/addWifiMacFilter/readme.md" } ] } diff --git a/2022/42xxx/CVE-2022-42170.json b/2022/42xxx/CVE-2022-42170.json index e53e2e1d4d0..8208806253e 100644 --- a/2022/42xxx/CVE-2022-42170.json +++ b/2022/42xxx/CVE-2022-42170.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-42170", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-42170", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formWifiWpsStart." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/z1r00/IOT_Vul/blob/main/Tenda/AC10/formWifiWpsStart/readme.md", + "refsource": "MISC", + "name": "https://github.com/z1r00/IOT_Vul/blob/main/Tenda/AC10/formWifiWpsStart/readme.md" } ] } diff --git a/2022/42xxx/CVE-2022-42171.json b/2022/42xxx/CVE-2022-42171.json index 7ddf08d7813..e3537146b7a 100644 --- a/2022/42xxx/CVE-2022-42171.json +++ b/2022/42xxx/CVE-2022-42171.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-42171", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-42171", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/saveParentControlInfo." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/z1r00/IOT_Vul/blob/main/Tenda/AC10/saveParentControlInfo/readme.md", + "refsource": "MISC", + "name": "https://github.com/z1r00/IOT_Vul/blob/main/Tenda/AC10/saveParentControlInfo/readme.md" } ] } diff --git a/2022/42xxx/CVE-2022-42221.json b/2022/42xxx/CVE-2022-42221.json index 233c84b6605..77a8fc3bc3e 100644 --- a/2022/42xxx/CVE-2022-42221.json +++ b/2022/42xxx/CVE-2022-42221.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-42221", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-42221", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Netgear R6220 v1.1.0.114_1.0.1 suffers from Incorrect Access Control, resulting in a command injection vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.netgear.com/about/security/", + "refsource": "MISC", + "name": "https://www.netgear.com/about/security/" + }, + { + "url": "https://github.com/Cj775995/CVE_Report/tree/main/Netgear/R6220", + "refsource": "MISC", + "name": "https://github.com/Cj775995/CVE_Report/tree/main/Netgear/R6220" } ] } diff --git a/2022/42xxx/CVE-2022-42232.json b/2022/42xxx/CVE-2022-42232.json index 73225841680..489fda2ad07 100644 --- a/2022/42xxx/CVE-2022-42232.json +++ b/2022/42xxx/CVE-2022-42232.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-42232", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-42232", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Simple Cold Storage Management System v1.0 is vulnerable to SQL Injection via /csms/classes/Master.php?f=delete_storage." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/debug601/bug_report/blob/main/vendors/oretnom23/simple-cold-storage-management-system/SQLi-1.md", + "url": "https://github.com/debug601/bug_report/blob/main/vendors/oretnom23/simple-cold-storage-management-system/SQLi-1.md" } ] } diff --git a/2022/42xxx/CVE-2022-42234.json b/2022/42xxx/CVE-2022-42234.json index 9d10d9d3245..ea0be068ea2 100644 --- a/2022/42xxx/CVE-2022-42234.json +++ b/2022/42xxx/CVE-2022-42234.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-42234", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-42234", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a file inclusion vulnerability in the template management module in UCMS 1.6" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/luoyangchangan/bug/issues/1", + "refsource": "MISC", + "name": "https://github.com/luoyangchangan/bug/issues/1" } ] } diff --git a/2022/42xxx/CVE-2022-42237.json b/2022/42xxx/CVE-2022-42237.json index 2153a92742d..9e0f5e10fb7 100644 --- a/2022/42xxx/CVE-2022-42237.json +++ b/2022/42xxx/CVE-2022-42237.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-42237", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-42237", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A SQL Injection issue in Merchandise Online Store v.1.0 allows an attacker to log in to the admin account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/draco1725/sqlinj/blob/main/poc", + "refsource": "MISC", + "name": "https://github.com/draco1725/sqlinj/blob/main/poc" } ] } diff --git a/2022/42xxx/CVE-2022-42339.json b/2022/42xxx/CVE-2022-42339.json index 976eb9255cf..2ebe5b6dfc0 100644 --- a/2022/42xxx/CVE-2022-42339.json +++ b/2022/42xxx/CVE-2022-42339.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "NoneT23:00:00.000Z", "ID": "CVE-2022-42339", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Acrobat Reader DC XFA Parsing Stack Overflow Remote Code Execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "20.005.30381" + }, + { + "version_affected": "<=", + "version_value": "22.002.20212" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stack-based Buffer Overflow (CWE-121)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb22-46.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb22-46.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42340.json b/2022/42xxx/CVE-2022-42340.json index 62c084340ab..ab89bcb65be 100644 --- a/2022/42xxx/CVE-2022-42340.json +++ b/2022/42xxx/CVE-2022-42340.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "NoneT23:00:00.000Z", "ID": "CVE-2022-42340", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe ColdFusion Improper Input Validation Arbitrary file system read" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ColdFusion", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "CF2021U4" + }, + { + "version_affected": "<=", + "version_value": "CF2018u14" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 7.5, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation (CWE-20)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html", + "name": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42341.json b/2022/42xxx/CVE-2022-42341.json index 5127d035dc3..92f22839dda 100644 --- a/2022/42xxx/CVE-2022-42341.json +++ b/2022/42xxx/CVE-2022-42341.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "NoneT23:00:00.000Z", "ID": "CVE-2022-42341", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe ColdFusion Improper Restriction of XML External Entity Reference Arbitrary file system read" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ColdFusion", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "CF2021U4" + }, + { + "version_affected": "<=", + "version_value": "CF2018u14" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 7.5, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Restriction of XML External Entity Reference ('XXE') (CWE-611)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html", + "name": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42342.json b/2022/42xxx/CVE-2022-42342.json index 4b2a40137fc..7489d1eb0ea 100644 --- a/2022/42xxx/CVE-2022-42342.json +++ b/2022/42xxx/CVE-2022-42342.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "NoneT23:00:00.000Z", "ID": "CVE-2022-42342", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "20.005.30381" + }, + { + "version_affected": "<=", + "version_value": "22.002.20212" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "None", + "baseScore": 5.5, + "baseSeverity": "Medium", + "confidentialityImpact": "High", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read (CWE-125)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb22-46.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb22-46.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42463.json b/2022/42xxx/CVE-2022-42463.json index 4f91f8eb23a..977a027b773 100644 --- a/2022/42xxx/CVE-2022-42463.json +++ b/2022/42xxx/CVE-2022-42463.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "scy@openharmony.io", + "DATE_PUBLIC": "2022-10-11T00:00:00.000Z", "ID": "CVE-2022-42463", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Softbus_server in communication subsystem has a authenication bypass vulnerability in a callback handler function. Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary commands." }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OpenHarmony", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "OpenHarmony-v3.1.x-Release", + "version_value": "3.1.2" + } + ] + } + } + ] + }, + "vendor_name": "OpenHarmony" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OpenHarmony-v3.1.2 and prior versions have an authenication bypass vulnerability in a callback handler function of Softbus_server in communication subsystem. Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary commands." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287 Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-10.md", + "name": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-10.md" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42464.json b/2022/42xxx/CVE-2022-42464.json index c25f25cec8e..4d50cf7a48f 100644 --- a/2022/42xxx/CVE-2022-42464.json +++ b/2022/42xxx/CVE-2022-42464.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "scy@openharmony.io", + "DATE_PUBLIC": "2022-10-11T00:00:00.000Z", "ID": "CVE-2022-42464", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Kernel memory pool override in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could disclose sensitive information including kernel pointer, which could be used in further attacks. The processes with system user UID run on the device would be able to mmap memory pools used by kernel and override them which could be used to gain kernel code execution on the device, gain root privileges, or cause device reboot." }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OpenHarmony", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "OpenHarmony-v3.1.x-Release", + "version_value": "3.1.2" + }, + { + "version_affected": "<=", + "version_name": "OpenHarmony-v3.0.x-LTS", + "version_value": "3.0.6" + } + ] + } + } + ] + }, + "vendor_name": "OpenHarmony" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have a Kernel memory pool override vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could disclose sensitive information including kernel pointer, which could be used in further attacks. The processes with system user UID run on the device would be able to mmap memory pools used by kernel and override them which could be used to gain kernel code execution on the device, gain root privileges, or cause device reboot." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-276 Incorrect Default Permissions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-10.md", + "name": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-10.md" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42488.json b/2022/42xxx/CVE-2022-42488.json index 4d1b2d7f12f..0cd2d652f2a 100644 --- a/2022/42xxx/CVE-2022-42488.json +++ b/2022/42xxx/CVE-2022-42488.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "scy@openharmony.io", + "DATE_PUBLIC": "2022-10-11T00:00:00.000Z", "ID": "CVE-2022-42488", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Startup subsystem missed permission validation in param service. An malicious application installed on the device could elevate its privileges to the root user, disable security features, or cause DoS by disabling particular services." }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OpenHarmony", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "OpenHarmony-v3.1.x-Release", + "version_value": "3.1.2" + } + ] + } + } + ] + }, + "vendor_name": "OpenHarmony" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OpenHarmony-v3.1.2 and prior versions have a Missing permission validation vulnerability in param service of startup subsystem. An malicious application installed on the device could elevate its privileges to the root user, disable security features, or cause DoS by disabling particular services." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287 Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-10.md", + "name": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-10.md" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42715.json b/2022/42xxx/CVE-2022-42715.json index a15247cc998..192ea92484e 100644 --- a/2022/42xxx/CVE-2022-42715.json +++ b/2022/42xxx/CVE-2022-42715.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://redcap.med.usc.edu/_shib/assets/ChangeLog_Standard.pdf", "url": "https://redcap.med.usc.edu/_shib/assets/ChangeLog_Standard.pdf" + }, + { + "refsource": "MISC", + "name": "https://github.com/uclahs-secops/security-research/tree/main/reports/20221011-recap-xss", + "url": "https://github.com/uclahs-secops/security-research/tree/main/reports/20221011-recap-xss" } ] } diff --git a/2022/42xxx/CVE-2022-42719.json b/2022/42xxx/CVE-2022-42719.json index 68e9c4e1beb..9f51a01b066 100644 --- a/2022/42xxx/CVE-2022-42719.json +++ b/2022/42xxx/CVE-2022-42719.json @@ -1,17 +1,86 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-42719", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-42719", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1204051", + "refsource": "MISC", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1204051" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2022/10/13/2", + "url": "http://www.openwall.com/lists/oss-security/2022/10/13/2" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2022/10/13/5", + "url": "http://www.openwall.com/lists/oss-security/2022/10/13/5" + }, + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=ff05d4b45dd89b922578dac497dcabf57cf771c6", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=ff05d4b45dd89b922578dac497dcabf57cf771c6" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-2cfbe17910", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-b948fc3cfb", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/" } ] } diff --git a/2022/42xxx/CVE-2022-42720.json b/2022/42xxx/CVE-2022-42720.json index e85fc5b06ac..ad89fcd33f3 100644 --- a/2022/42xxx/CVE-2022-42720.json +++ b/2022/42xxx/CVE-2022-42720.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-42720", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-42720", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1204059", + "refsource": "MISC", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1204059" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2022/10/13/5", + "url": "http://www.openwall.com/lists/oss-security/2022/10/13/5" + }, + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=0b7808818cb9df6680f98996b8e9a439fa7bcc2f", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=0b7808818cb9df6680f98996b8e9a439fa7bcc2f" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-2cfbe17910", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-b948fc3cfb", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/" } ] } diff --git a/2022/42xxx/CVE-2022-42721.json b/2022/42xxx/CVE-2022-42721.json index 0189dc63228..17c56f76f52 100644 --- a/2022/42xxx/CVE-2022-42721.json +++ b/2022/42xxx/CVE-2022-42721.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-42721", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-42721", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1204060", + "refsource": "MISC", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1204060" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2022/10/13/5", + "url": "http://www.openwall.com/lists/oss-security/2022/10/13/5" + }, + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=bcca852027e5878aec911a347407ecc88d6fff7f", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=bcca852027e5878aec911a347407ecc88d6fff7f" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-2cfbe17910", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-b948fc3cfb", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/" } ] } diff --git a/2022/42xxx/CVE-2022-42722.json b/2022/42xxx/CVE-2022-42722.json index fa591887596..e7ca0da4141 100644 --- a/2022/42xxx/CVE-2022-42722.json +++ b/2022/42xxx/CVE-2022-42722.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-42722", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-42722", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1204125", + "refsource": "MISC", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1204125" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2022/10/13/5", + "url": "http://www.openwall.com/lists/oss-security/2022/10/13/5" + }, + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=b2d03cabe2b2e150ff5a381731ea0355459be09f", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=b2d03cabe2b2e150ff5a381731ea0355459be09f" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-2cfbe17910", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-b948fc3cfb", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/" } ] } diff --git a/2022/42xxx/CVE-2022-42889.json b/2022/42xxx/CVE-2022-42889.json index 6693b8f3ce4..44cbe49616b 100644 --- a/2022/42xxx/CVE-2022-42889.json +++ b/2022/42xxx/CVE-2022-42889.json @@ -1,18 +1,91 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@apache.org", "ID": "CVE-2022-42889", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Commons Text", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_name": "Apache Commons Text", + "version_value": "1.5" + }, + { + "version_affected": "<=", + "version_value": "1.9" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is \"${prefix:name}\", where \"prefix\" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - \"script\" - execute expressions using the JVM script execution engine (javax.script) - \"dns\" - resolve dns records - \"url\" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default." } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": [ + { + "other": "important" + } + ], + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unexpected variable interpolation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om", + "name": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221013 CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults", + "url": "http://www.openwall.com/lists/oss-security/2022/10/13/4" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + }, + "work_around": [ + { + "lang": "eng", + "value": "Upgrade to Apache Commons Text 1.10.0." + } + ] } \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42897.json b/2022/42xxx/CVE-2022-42897.json new file mode 100644 index 00000000000..129bde22694 --- /dev/null +++ b/2022/42xxx/CVE-2022-42897.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2022-42897", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_Remote_Injection_Vulnerability_in_Array_VPN_Product_ID-11961_%20V2.1.pdf", + "refsource": "MISC", + "name": "https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_Remote_Injection_Vulnerability_in_Array_VPN_Product_ID-11961_%20V2.1.pdf" + }, + { + "url": "https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/fieldnotices.html", + "refsource": "MISC", + "name": "https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/fieldnotices.html" + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42898.json b/2022/42xxx/CVE-2022-42898.json new file mode 100644 index 00000000000..4651d0ce158 --- /dev/null +++ b/2022/42xxx/CVE-2022-42898.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42898", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42899.json b/2022/42xxx/CVE-2022-42899.json new file mode 100644 index 00000000000..5798a8271e9 --- /dev/null +++ b/2022/42xxx/CVE-2022-42899.json @@ -0,0 +1,76 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2022-42899", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read and stack overflow issues when opening crafted SKP files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.bentley.com/legal/common-vulnerability-exposure-be-2022-0017/", + "refsource": "MISC", + "name": "https://www.bentley.com/legal/common-vulnerability-exposure-be-2022-0017/" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:U/UI:R", + "version": "3.1" + } + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42900.json b/2022/42xxx/CVE-2022-42900.json new file mode 100644 index 00000000000..371e03216ad --- /dev/null +++ b/2022/42xxx/CVE-2022-42900.json @@ -0,0 +1,76 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2022-42900", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read issues when opening crafted FBX files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.bentley.com/legal/common-vulnerability-exposure-be-2022-0019/", + "refsource": "MISC", + "name": "https://www.bentley.com/legal/common-vulnerability-exposure-be-2022-0019/" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:U/UI:R", + "version": "3.1" + } + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42901.json b/2022/42xxx/CVE-2022-42901.json new file mode 100644 index 00000000000..c68f3c5dff1 --- /dev/null +++ b/2022/42xxx/CVE-2022-42901.json @@ -0,0 +1,76 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2022-42901", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds and stack overflow issues when opening crafted XMT files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.bentley.com/legal/common-vulnerability-exposure-be-2022-0018/", + "refsource": "MISC", + "name": "https://www.bentley.com/legal/common-vulnerability-exposure-be-2022-0018/" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:U/UI:R", + "version": "3.1" + } + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42902.json b/2022/42xxx/CVE-2022-42902.json new file mode 100644 index 00000000000..225f75c98f3 --- /dev/null +++ b/2022/42xxx/CVE-2022-42902.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2022-42902", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://git.lavasoftware.org/lava/lava/-/merge_requests/1834", + "refsource": "MISC", + "name": "https://git.lavasoftware.org/lava/lava/-/merge_requests/1834" + }, + { + "url": "https://git.lavasoftware.org/lava/lava/-/commit/e66b74cd6c175ff8826b8f3431740963be228b52?merge_request_iid=1834", + "refsource": "MISC", + "name": "https://git.lavasoftware.org/lava/lava/-/commit/e66b74cd6c175ff8826b8f3431740963be228b52?merge_request_iid=1834" + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42903.json b/2022/42xxx/CVE-2022-42903.json new file mode 100644 index 00000000000..b800fad22dc --- /dev/null +++ b/2022/42xxx/CVE-2022-42903.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42903", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42904.json b/2022/42xxx/CVE-2022-42904.json new file mode 100644 index 00000000000..36b97790855 --- /dev/null +++ b/2022/42xxx/CVE-2022-42904.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42904", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42905.json b/2022/42xxx/CVE-2022-42905.json new file mode 100644 index 00000000000..2ad2a52f97c --- /dev/null +++ b/2022/42xxx/CVE-2022-42905.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42905", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42906.json b/2022/42xxx/CVE-2022-42906.json new file mode 100644 index 00000000000..2dd7bfd1a0f --- /dev/null +++ b/2022/42xxx/CVE-2022-42906.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2022-42906", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbitrary code execution. git repositories can contain per-repository configuration that changes the behavior of git, including running arbitrary commands. When using powerline-gitstatus, changing to a directory automatically runs git commands in order to display information about the current repository in the prompt. If an attacker can convince a user to change their current directory to one controlled by the attacker, such as in a shared filesystem or extracted archive, powerline-gitstatus will run arbitrary commands under the attacker's control. NOTE: this is similar to CVE-2022-20001." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/jaspernbrouwer/powerline-gitstatus/issues/45", + "refsource": "MISC", + "name": "https://github.com/jaspernbrouwer/powerline-gitstatus/issues/45" + }, + { + "url": "https://github.com/jaspernbrouwer/powerline-gitstatus/releases/tag/v1.3.2", + "refsource": "MISC", + "name": "https://github.com/jaspernbrouwer/powerline-gitstatus/releases/tag/v1.3.2" + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42907.json b/2022/42xxx/CVE-2022-42907.json new file mode 100644 index 00000000000..5de06124cb5 --- /dev/null +++ b/2022/42xxx/CVE-2022-42907.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42907", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42908.json b/2022/42xxx/CVE-2022-42908.json new file mode 100644 index 00000000000..948195f97ba --- /dev/null +++ b/2022/42xxx/CVE-2022-42908.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42908", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42909.json b/2022/42xxx/CVE-2022-42909.json new file mode 100644 index 00000000000..337be418c64 --- /dev/null +++ b/2022/42xxx/CVE-2022-42909.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42909", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42910.json b/2022/42xxx/CVE-2022-42910.json new file mode 100644 index 00000000000..164caaf4003 --- /dev/null +++ b/2022/42xxx/CVE-2022-42910.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42910", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42911.json b/2022/42xxx/CVE-2022-42911.json new file mode 100644 index 00000000000..4d8a308ab18 --- /dev/null +++ b/2022/42xxx/CVE-2022-42911.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42911", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42912.json b/2022/42xxx/CVE-2022-42912.json new file mode 100644 index 00000000000..fa2dce1bbc1 --- /dev/null +++ b/2022/42xxx/CVE-2022-42912.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42912", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42913.json b/2022/42xxx/CVE-2022-42913.json new file mode 100644 index 00000000000..ebcb28baffe --- /dev/null +++ b/2022/42xxx/CVE-2022-42913.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42913", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42914.json b/2022/42xxx/CVE-2022-42914.json new file mode 100644 index 00000000000..d99a90d49c9 --- /dev/null +++ b/2022/42xxx/CVE-2022-42914.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42914", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42915.json b/2022/42xxx/CVE-2022-42915.json new file mode 100644 index 00000000000..370fae56434 --- /dev/null +++ b/2022/42xxx/CVE-2022-42915.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42915", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42916.json b/2022/42xxx/CVE-2022-42916.json new file mode 100644 index 00000000000..c1eb6a27429 --- /dev/null +++ b/2022/42xxx/CVE-2022-42916.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42916", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42917.json b/2022/42xxx/CVE-2022-42917.json new file mode 100644 index 00000000000..b747901a73d --- /dev/null +++ b/2022/42xxx/CVE-2022-42917.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42917", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42918.json b/2022/42xxx/CVE-2022-42918.json new file mode 100644 index 00000000000..ce71e29fbe3 --- /dev/null +++ b/2022/42xxx/CVE-2022-42918.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42918", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42919.json b/2022/42xxx/CVE-2022-42919.json new file mode 100644 index 00000000000..b6abfcea43e --- /dev/null +++ b/2022/42xxx/CVE-2022-42919.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42919", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42920.json b/2022/42xxx/CVE-2022-42920.json new file mode 100644 index 00000000000..1902c8fc575 --- /dev/null +++ b/2022/42xxx/CVE-2022-42920.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42920", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42921.json b/2022/42xxx/CVE-2022-42921.json new file mode 100644 index 00000000000..d37b7b7f7d8 --- /dev/null +++ b/2022/42xxx/CVE-2022-42921.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42921", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42922.json b/2022/42xxx/CVE-2022-42922.json new file mode 100644 index 00000000000..1086d873e9f --- /dev/null +++ b/2022/42xxx/CVE-2022-42922.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42922", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42923.json b/2022/42xxx/CVE-2022-42923.json new file mode 100644 index 00000000000..f98acb4ef57 --- /dev/null +++ b/2022/42xxx/CVE-2022-42923.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42923", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42924.json b/2022/42xxx/CVE-2022-42924.json new file mode 100644 index 00000000000..6084cd66f5d --- /dev/null +++ b/2022/42xxx/CVE-2022-42924.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42924", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42925.json b/2022/42xxx/CVE-2022-42925.json new file mode 100644 index 00000000000..9808aa0aed0 --- /dev/null +++ b/2022/42xxx/CVE-2022-42925.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42925", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42926.json b/2022/42xxx/CVE-2022-42926.json new file mode 100644 index 00000000000..65354ca167d --- /dev/null +++ b/2022/42xxx/CVE-2022-42926.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42926", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42927.json b/2022/42xxx/CVE-2022-42927.json new file mode 100644 index 00000000000..48a3bb33523 --- /dev/null +++ b/2022/42xxx/CVE-2022-42927.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42927", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42928.json b/2022/42xxx/CVE-2022-42928.json new file mode 100644 index 00000000000..32dc6a0212b --- /dev/null +++ b/2022/42xxx/CVE-2022-42928.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42928", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42929.json b/2022/42xxx/CVE-2022-42929.json new file mode 100644 index 00000000000..9e854016fa0 --- /dev/null +++ b/2022/42xxx/CVE-2022-42929.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42929", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42930.json b/2022/42xxx/CVE-2022-42930.json new file mode 100644 index 00000000000..b260da17934 --- /dev/null +++ b/2022/42xxx/CVE-2022-42930.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42930", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42931.json b/2022/42xxx/CVE-2022-42931.json new file mode 100644 index 00000000000..820d8c58eb2 --- /dev/null +++ b/2022/42xxx/CVE-2022-42931.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42931", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42932.json b/2022/42xxx/CVE-2022-42932.json new file mode 100644 index 00000000000..1a38f72ad18 --- /dev/null +++ b/2022/42xxx/CVE-2022-42932.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42932", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42933.json b/2022/42xxx/CVE-2022-42933.json new file mode 100644 index 00000000000..25d100a687d --- /dev/null +++ b/2022/42xxx/CVE-2022-42933.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42933", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42934.json b/2022/42xxx/CVE-2022-42934.json new file mode 100644 index 00000000000..3c0c374f748 --- /dev/null +++ b/2022/42xxx/CVE-2022-42934.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42934", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42935.json b/2022/42xxx/CVE-2022-42935.json new file mode 100644 index 00000000000..c2e3f491a14 --- /dev/null +++ b/2022/42xxx/CVE-2022-42935.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42935", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42936.json b/2022/42xxx/CVE-2022-42936.json new file mode 100644 index 00000000000..d292cde07e9 --- /dev/null +++ b/2022/42xxx/CVE-2022-42936.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42936", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42937.json b/2022/42xxx/CVE-2022-42937.json new file mode 100644 index 00000000000..57531a4ebfe --- /dev/null +++ b/2022/42xxx/CVE-2022-42937.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42937", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42938.json b/2022/42xxx/CVE-2022-42938.json new file mode 100644 index 00000000000..28023de65a7 --- /dev/null +++ b/2022/42xxx/CVE-2022-42938.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42938", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42939.json b/2022/42xxx/CVE-2022-42939.json new file mode 100644 index 00000000000..39119bf44d3 --- /dev/null +++ b/2022/42xxx/CVE-2022-42939.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42939", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42940.json b/2022/42xxx/CVE-2022-42940.json new file mode 100644 index 00000000000..d056bfe5b13 --- /dev/null +++ b/2022/42xxx/CVE-2022-42940.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42940", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42941.json b/2022/42xxx/CVE-2022-42941.json new file mode 100644 index 00000000000..cd311aab8ee --- /dev/null +++ b/2022/42xxx/CVE-2022-42941.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42941", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42942.json b/2022/42xxx/CVE-2022-42942.json new file mode 100644 index 00000000000..3b1cc75aa5e --- /dev/null +++ b/2022/42xxx/CVE-2022-42942.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42942", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42943.json b/2022/42xxx/CVE-2022-42943.json new file mode 100644 index 00000000000..8ce0c2fedf6 --- /dev/null +++ b/2022/42xxx/CVE-2022-42943.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42943", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42944.json b/2022/42xxx/CVE-2022-42944.json new file mode 100644 index 00000000000..8375e218993 --- /dev/null +++ b/2022/42xxx/CVE-2022-42944.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42944", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42945.json b/2022/42xxx/CVE-2022-42945.json new file mode 100644 index 00000000000..1c47395d625 --- /dev/null +++ b/2022/42xxx/CVE-2022-42945.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42945", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42946.json b/2022/42xxx/CVE-2022-42946.json new file mode 100644 index 00000000000..cb134dbb1d8 --- /dev/null +++ b/2022/42xxx/CVE-2022-42946.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42946", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42947.json b/2022/42xxx/CVE-2022-42947.json new file mode 100644 index 00000000000..2b3ee8cba3b --- /dev/null +++ b/2022/42xxx/CVE-2022-42947.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42947", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42948.json b/2022/42xxx/CVE-2022-42948.json new file mode 100644 index 00000000000..23d4780eb66 --- /dev/null +++ b/2022/42xxx/CVE-2022-42948.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42948", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42949.json b/2022/42xxx/CVE-2022-42949.json new file mode 100644 index 00000000000..377b2e322db --- /dev/null +++ b/2022/42xxx/CVE-2022-42949.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42949", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42950.json b/2022/42xxx/CVE-2022-42950.json new file mode 100644 index 00000000000..f04934e576b --- /dev/null +++ b/2022/42xxx/CVE-2022-42950.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42950", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42951.json b/2022/42xxx/CVE-2022-42951.json new file mode 100644 index 00000000000..856d35ba0ad --- /dev/null +++ b/2022/42xxx/CVE-2022-42951.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42951", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42952.json b/2022/42xxx/CVE-2022-42952.json new file mode 100644 index 00000000000..de066a9efdb --- /dev/null +++ b/2022/42xxx/CVE-2022-42952.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42952", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42953.json b/2022/42xxx/CVE-2022-42953.json new file mode 100644 index 00000000000..ee4ef849abf --- /dev/null +++ b/2022/42xxx/CVE-2022-42953.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42953", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42954.json b/2022/42xxx/CVE-2022-42954.json new file mode 100644 index 00000000000..8d52e7bff7d --- /dev/null +++ b/2022/42xxx/CVE-2022-42954.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42954", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42955.json b/2022/42xxx/CVE-2022-42955.json new file mode 100644 index 00000000000..af21f87063e --- /dev/null +++ b/2022/42xxx/CVE-2022-42955.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42955", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42956.json b/2022/42xxx/CVE-2022-42956.json new file mode 100644 index 00000000000..785fc8e864a --- /dev/null +++ b/2022/42xxx/CVE-2022-42956.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42956", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42957.json b/2022/42xxx/CVE-2022-42957.json new file mode 100644 index 00000000000..04752a4d388 --- /dev/null +++ b/2022/42xxx/CVE-2022-42957.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42957", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42958.json b/2022/42xxx/CVE-2022-42958.json new file mode 100644 index 00000000000..1bcd3e4a0db --- /dev/null +++ b/2022/42xxx/CVE-2022-42958.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42958", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42959.json b/2022/42xxx/CVE-2022-42959.json new file mode 100644 index 00000000000..c8b0a74f793 --- /dev/null +++ b/2022/42xxx/CVE-2022-42959.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42959", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42960.json b/2022/42xxx/CVE-2022-42960.json new file mode 100644 index 00000000000..d3d3a76a2be --- /dev/null +++ b/2022/42xxx/CVE-2022-42960.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42960", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42961.json b/2022/42xxx/CVE-2022-42961.json new file mode 100644 index 00000000000..2d8ec6776f7 --- /dev/null +++ b/2022/42xxx/CVE-2022-42961.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2022-42961", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be processed via an advanced technique for ECDSA key recovery. (In 5.5.0 and later, WOLFSSL_CHECK_SIG_FAULTS can be used to address the vulnerability.)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.0-stable", + "refsource": "MISC", + "name": "https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.0-stable" + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42962.json b/2022/42xxx/CVE-2022-42962.json new file mode 100644 index 00000000000..504e37c1202 --- /dev/null +++ b/2022/42xxx/CVE-2022-42962.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42962", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42963.json b/2022/42xxx/CVE-2022-42963.json new file mode 100644 index 00000000000..5220bbe23ac --- /dev/null +++ b/2022/42xxx/CVE-2022-42963.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42963", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42964.json b/2022/42xxx/CVE-2022-42964.json new file mode 100644 index 00000000000..5a420861799 --- /dev/null +++ b/2022/42xxx/CVE-2022-42964.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42964", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42965.json b/2022/42xxx/CVE-2022-42965.json new file mode 100644 index 00000000000..145472f6b4b --- /dev/null +++ b/2022/42xxx/CVE-2022-42965.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42965", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42966.json b/2022/42xxx/CVE-2022-42966.json new file mode 100644 index 00000000000..5d2e2cc656d --- /dev/null +++ b/2022/42xxx/CVE-2022-42966.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42966", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42967.json b/2022/42xxx/CVE-2022-42967.json new file mode 100644 index 00000000000..742a5d286c1 --- /dev/null +++ b/2022/42xxx/CVE-2022-42967.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42967", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42968.json b/2022/42xxx/CVE-2022-42968.json new file mode 100644 index 00000000000..1e298b63fc5 --- /dev/null +++ b/2022/42xxx/CVE-2022-42968.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2022-42968", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Gitea before 1.17.3 does not sanitize and escape refs in the git backend. Arguments to git commands are mishandled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/go-gitea/gitea/pull/21463", + "refsource": "MISC", + "name": "https://github.com/go-gitea/gitea/pull/21463" + }, + { + "url": "https://github.com/go-gitea/gitea/releases/tag/v1.17.3", + "refsource": "MISC", + "name": "https://github.com/go-gitea/gitea/releases/tag/v1.17.3" + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42969.json b/2022/42xxx/CVE-2022-42969.json new file mode 100644 index 00000000000..c0d8ef56683 --- /dev/null +++ b/2022/42xxx/CVE-2022-42969.json @@ -0,0 +1,86 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2022-42969", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pypi.org/project/py", + "refsource": "MISC", + "name": "https://pypi.org/project/py" + }, + { + "url": "https://github.com/pytest-dev/py/issues/287", + "refsource": "MISC", + "name": "https://github.com/pytest-dev/py/issues/287" + }, + { + "url": "https://github.com/pytest-dev/py/blob/cb87a83960523a2367d0f19226a73aed4ce4291d/py/_path/svnurl.py#L316", + "refsource": "MISC", + "name": "https://github.com/pytest-dev/py/blob/cb87a83960523a2367d0f19226a73aed4ce4291d/py/_path/svnurl.py#L316" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:L/C:N/I:N/PR:N/S:U/UI:N", + "version": "3.1" + } + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42970.json b/2022/42xxx/CVE-2022-42970.json new file mode 100644 index 00000000000..04ec824a436 --- /dev/null +++ b/2022/42xxx/CVE-2022-42970.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42970", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42971.json b/2022/42xxx/CVE-2022-42971.json new file mode 100644 index 00000000000..87f654bec8c --- /dev/null +++ b/2022/42xxx/CVE-2022-42971.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42971", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42972.json b/2022/42xxx/CVE-2022-42972.json new file mode 100644 index 00000000000..64f412aa6c2 --- /dev/null +++ b/2022/42xxx/CVE-2022-42972.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42972", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42973.json b/2022/42xxx/CVE-2022-42973.json new file mode 100644 index 00000000000..8111e45757c --- /dev/null +++ b/2022/42xxx/CVE-2022-42973.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42973", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42974.json b/2022/42xxx/CVE-2022-42974.json new file mode 100644 index 00000000000..24ddb1f93ec --- /dev/null +++ b/2022/42xxx/CVE-2022-42974.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42974", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42975.json b/2022/42xxx/CVE-2022-42975.json new file mode 100644 index 00000000000..474d9ae24fe --- /dev/null +++ b/2022/42xxx/CVE-2022-42975.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2022-42975", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin wildcarding. NOTE: LiveView applications are unaffected by default because of the presence of a LiveView CSRF token." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/phoenixframework/phoenix/commit/6e7185b33a59e0b1d1c0b4223adf340a73e963ae", + "refsource": "MISC", + "name": "https://github.com/phoenixframework/phoenix/commit/6e7185b33a59e0b1d1c0b4223adf340a73e963ae" + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42976.json b/2022/42xxx/CVE-2022-42976.json new file mode 100644 index 00000000000..6b569c5dbba --- /dev/null +++ b/2022/42xxx/CVE-2022-42976.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42976", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42977.json b/2022/42xxx/CVE-2022-42977.json new file mode 100644 index 00000000000..54a7b83fadd --- /dev/null +++ b/2022/42xxx/CVE-2022-42977.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42977", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42978.json b/2022/42xxx/CVE-2022-42978.json new file mode 100644 index 00000000000..2146c6563fe --- /dev/null +++ b/2022/42xxx/CVE-2022-42978.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42978", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42979.json b/2022/42xxx/CVE-2022-42979.json new file mode 100644 index 00000000000..aaaeda94d7d --- /dev/null +++ b/2022/42xxx/CVE-2022-42979.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42979", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42980.json b/2022/42xxx/CVE-2022-42980.json new file mode 100644 index 00000000000..51faea15d47 --- /dev/null +++ b/2022/42xxx/CVE-2022-42980.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2022-42980", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a production JWT key." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/go-admin-team/go-admin/issues/716", + "refsource": "MISC", + "name": "https://github.com/go-admin-team/go-admin/issues/716" + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42981.json b/2022/42xxx/CVE-2022-42981.json new file mode 100644 index 00000000000..1c6e6f0ed80 --- /dev/null +++ b/2022/42xxx/CVE-2022-42981.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42981", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42982.json b/2022/42xxx/CVE-2022-42982.json new file mode 100644 index 00000000000..9dba728da28 --- /dev/null +++ b/2022/42xxx/CVE-2022-42982.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42982", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42983.json b/2022/42xxx/CVE-2022-42983.json new file mode 100644 index 00000000000..4992e236dbd --- /dev/null +++ b/2022/42xxx/CVE-2022-42983.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2022-42983", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login authentication by spoofing JWT Tokens." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/anji-plus/report/issues/7", + "refsource": "MISC", + "name": "https://github.com/anji-plus/report/issues/7" + }, + { + "url": "https://gitee.com/anji-plus/report/issues/I5VVZ0", + "refsource": "MISC", + "name": "https://gitee.com/anji-plus/report/issues/I5VVZ0" + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42984.json b/2022/42xxx/CVE-2022-42984.json new file mode 100644 index 00000000000..243c50b2d6c --- /dev/null +++ b/2022/42xxx/CVE-2022-42984.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42984", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42985.json b/2022/42xxx/CVE-2022-42985.json new file mode 100644 index 00000000000..375d5363d72 --- /dev/null +++ b/2022/42xxx/CVE-2022-42985.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42985", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42986.json b/2022/42xxx/CVE-2022-42986.json new file mode 100644 index 00000000000..eac062bea5b --- /dev/null +++ b/2022/42xxx/CVE-2022-42986.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42986", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42987.json b/2022/42xxx/CVE-2022-42987.json new file mode 100644 index 00000000000..b54cb3c3bec --- /dev/null +++ b/2022/42xxx/CVE-2022-42987.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42987", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42988.json b/2022/42xxx/CVE-2022-42988.json new file mode 100644 index 00000000000..56c9d813b92 --- /dev/null +++ b/2022/42xxx/CVE-2022-42988.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42988", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42989.json b/2022/42xxx/CVE-2022-42989.json new file mode 100644 index 00000000000..b9d1e0e8b29 --- /dev/null +++ b/2022/42xxx/CVE-2022-42989.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42989", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42990.json b/2022/42xxx/CVE-2022-42990.json new file mode 100644 index 00000000000..02db0db0d67 --- /dev/null +++ b/2022/42xxx/CVE-2022-42990.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42990", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42991.json b/2022/42xxx/CVE-2022-42991.json new file mode 100644 index 00000000000..2c576e3aeb2 --- /dev/null +++ b/2022/42xxx/CVE-2022-42991.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42991", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42992.json b/2022/42xxx/CVE-2022-42992.json new file mode 100644 index 00000000000..cf64296978d --- /dev/null +++ b/2022/42xxx/CVE-2022-42992.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42992", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42993.json b/2022/42xxx/CVE-2022-42993.json new file mode 100644 index 00000000000..8d46c2bb7f7 --- /dev/null +++ b/2022/42xxx/CVE-2022-42993.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42993", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42994.json b/2022/42xxx/CVE-2022-42994.json new file mode 100644 index 00000000000..57abeb9095d --- /dev/null +++ b/2022/42xxx/CVE-2022-42994.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42994", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42995.json b/2022/42xxx/CVE-2022-42995.json new file mode 100644 index 00000000000..814bbb2ed52 --- /dev/null +++ b/2022/42xxx/CVE-2022-42995.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42995", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42996.json b/2022/42xxx/CVE-2022-42996.json new file mode 100644 index 00000000000..085576ed257 --- /dev/null +++ b/2022/42xxx/CVE-2022-42996.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42996", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42997.json b/2022/42xxx/CVE-2022-42997.json new file mode 100644 index 00000000000..2fa923d68bd --- /dev/null +++ b/2022/42xxx/CVE-2022-42997.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42997", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42998.json b/2022/42xxx/CVE-2022-42998.json new file mode 100644 index 00000000000..ef7a52d3d75 --- /dev/null +++ b/2022/42xxx/CVE-2022-42998.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42998", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42999.json b/2022/42xxx/CVE-2022-42999.json new file mode 100644 index 00000000000..3ec319929e5 --- /dev/null +++ b/2022/42xxx/CVE-2022-42999.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42999", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43000.json b/2022/43xxx/CVE-2022-43000.json new file mode 100644 index 00000000000..214616177a2 --- /dev/null +++ b/2022/43xxx/CVE-2022-43000.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43000", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43001.json b/2022/43xxx/CVE-2022-43001.json new file mode 100644 index 00000000000..2bd4decce4a --- /dev/null +++ b/2022/43xxx/CVE-2022-43001.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43001", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43002.json b/2022/43xxx/CVE-2022-43002.json new file mode 100644 index 00000000000..9c12c28b30e --- /dev/null +++ b/2022/43xxx/CVE-2022-43002.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43002", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43003.json b/2022/43xxx/CVE-2022-43003.json new file mode 100644 index 00000000000..e2b90393577 --- /dev/null +++ b/2022/43xxx/CVE-2022-43003.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43003", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43004.json b/2022/43xxx/CVE-2022-43004.json new file mode 100644 index 00000000000..cb549fabd86 --- /dev/null +++ b/2022/43xxx/CVE-2022-43004.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43004", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43005.json b/2022/43xxx/CVE-2022-43005.json new file mode 100644 index 00000000000..c832314305c --- /dev/null +++ b/2022/43xxx/CVE-2022-43005.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43005", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43006.json b/2022/43xxx/CVE-2022-43006.json new file mode 100644 index 00000000000..9fd8176182f --- /dev/null +++ b/2022/43xxx/CVE-2022-43006.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43006", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43007.json b/2022/43xxx/CVE-2022-43007.json new file mode 100644 index 00000000000..47e171b4667 --- /dev/null +++ b/2022/43xxx/CVE-2022-43007.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43007", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43008.json b/2022/43xxx/CVE-2022-43008.json new file mode 100644 index 00000000000..b2b28cb10f8 --- /dev/null +++ b/2022/43xxx/CVE-2022-43008.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43008", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43009.json b/2022/43xxx/CVE-2022-43009.json new file mode 100644 index 00000000000..930e7025a6a --- /dev/null +++ b/2022/43xxx/CVE-2022-43009.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43009", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43010.json b/2022/43xxx/CVE-2022-43010.json new file mode 100644 index 00000000000..9c09d36e95d --- /dev/null +++ b/2022/43xxx/CVE-2022-43010.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43010", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43011.json b/2022/43xxx/CVE-2022-43011.json new file mode 100644 index 00000000000..e58d309614f --- /dev/null +++ b/2022/43xxx/CVE-2022-43011.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43011", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43012.json b/2022/43xxx/CVE-2022-43012.json new file mode 100644 index 00000000000..a9d620e32da --- /dev/null +++ b/2022/43xxx/CVE-2022-43012.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43012", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43013.json b/2022/43xxx/CVE-2022-43013.json new file mode 100644 index 00000000000..5163614d473 --- /dev/null +++ b/2022/43xxx/CVE-2022-43013.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43013", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43014.json b/2022/43xxx/CVE-2022-43014.json new file mode 100644 index 00000000000..61c12d8fd8f --- /dev/null +++ b/2022/43xxx/CVE-2022-43014.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43014", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43015.json b/2022/43xxx/CVE-2022-43015.json new file mode 100644 index 00000000000..6bac7db2aa9 --- /dev/null +++ b/2022/43xxx/CVE-2022-43015.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43015", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43016.json b/2022/43xxx/CVE-2022-43016.json new file mode 100644 index 00000000000..0386df084b5 --- /dev/null +++ b/2022/43xxx/CVE-2022-43016.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43016", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43017.json b/2022/43xxx/CVE-2022-43017.json new file mode 100644 index 00000000000..7f94f7f8341 --- /dev/null +++ b/2022/43xxx/CVE-2022-43017.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43017", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43018.json b/2022/43xxx/CVE-2022-43018.json new file mode 100644 index 00000000000..6c2cdd1bfee --- /dev/null +++ b/2022/43xxx/CVE-2022-43018.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43018", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43019.json b/2022/43xxx/CVE-2022-43019.json new file mode 100644 index 00000000000..18d0a6adbc1 --- /dev/null +++ b/2022/43xxx/CVE-2022-43019.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43019", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43020.json b/2022/43xxx/CVE-2022-43020.json new file mode 100644 index 00000000000..f72ecfe5a2b --- /dev/null +++ b/2022/43xxx/CVE-2022-43020.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43020", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43021.json b/2022/43xxx/CVE-2022-43021.json new file mode 100644 index 00000000000..60192bbce45 --- /dev/null +++ b/2022/43xxx/CVE-2022-43021.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43021", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43022.json b/2022/43xxx/CVE-2022-43022.json new file mode 100644 index 00000000000..563c01c8843 --- /dev/null +++ b/2022/43xxx/CVE-2022-43022.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43022", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43023.json b/2022/43xxx/CVE-2022-43023.json new file mode 100644 index 00000000000..6d1724d6920 --- /dev/null +++ b/2022/43xxx/CVE-2022-43023.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43023", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43024.json b/2022/43xxx/CVE-2022-43024.json new file mode 100644 index 00000000000..b1d8a85ee80 --- /dev/null +++ b/2022/43xxx/CVE-2022-43024.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43024", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43025.json b/2022/43xxx/CVE-2022-43025.json new file mode 100644 index 00000000000..6e7487e18b6 --- /dev/null +++ b/2022/43xxx/CVE-2022-43025.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43025", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43026.json b/2022/43xxx/CVE-2022-43026.json new file mode 100644 index 00000000000..0dec532f1ce --- /dev/null +++ b/2022/43xxx/CVE-2022-43026.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43026", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43027.json b/2022/43xxx/CVE-2022-43027.json new file mode 100644 index 00000000000..9ec910d8f12 --- /dev/null +++ b/2022/43xxx/CVE-2022-43027.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43027", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43028.json b/2022/43xxx/CVE-2022-43028.json new file mode 100644 index 00000000000..90312eb6e41 --- /dev/null +++ b/2022/43xxx/CVE-2022-43028.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43028", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43029.json b/2022/43xxx/CVE-2022-43029.json new file mode 100644 index 00000000000..05c88adb655 --- /dev/null +++ b/2022/43xxx/CVE-2022-43029.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43029", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43030.json b/2022/43xxx/CVE-2022-43030.json new file mode 100644 index 00000000000..bf5e4cbf528 --- /dev/null +++ b/2022/43xxx/CVE-2022-43030.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43030", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43031.json b/2022/43xxx/CVE-2022-43031.json new file mode 100644 index 00000000000..c569b6fe052 --- /dev/null +++ b/2022/43xxx/CVE-2022-43031.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43031", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43032.json b/2022/43xxx/CVE-2022-43032.json new file mode 100644 index 00000000000..28c4bda71c6 --- /dev/null +++ b/2022/43xxx/CVE-2022-43032.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43032", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43033.json b/2022/43xxx/CVE-2022-43033.json new file mode 100644 index 00000000000..86b2a077fb6 --- /dev/null +++ b/2022/43xxx/CVE-2022-43033.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43033", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43034.json b/2022/43xxx/CVE-2022-43034.json new file mode 100644 index 00000000000..a937c4de1b2 --- /dev/null +++ b/2022/43xxx/CVE-2022-43034.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43034", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43035.json b/2022/43xxx/CVE-2022-43035.json new file mode 100644 index 00000000000..e119be5385b --- /dev/null +++ b/2022/43xxx/CVE-2022-43035.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43035", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43036.json b/2022/43xxx/CVE-2022-43036.json new file mode 100644 index 00000000000..7e47a721427 --- /dev/null +++ b/2022/43xxx/CVE-2022-43036.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43036", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43037.json b/2022/43xxx/CVE-2022-43037.json new file mode 100644 index 00000000000..05c53c82def --- /dev/null +++ b/2022/43xxx/CVE-2022-43037.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43037", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43038.json b/2022/43xxx/CVE-2022-43038.json new file mode 100644 index 00000000000..5bc604f6bcc --- /dev/null +++ b/2022/43xxx/CVE-2022-43038.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43038", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43039.json b/2022/43xxx/CVE-2022-43039.json new file mode 100644 index 00000000000..ae01ed71b48 --- /dev/null +++ b/2022/43xxx/CVE-2022-43039.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43039", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43040.json b/2022/43xxx/CVE-2022-43040.json new file mode 100644 index 00000000000..6fd633b508a --- /dev/null +++ b/2022/43xxx/CVE-2022-43040.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43040", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43041.json b/2022/43xxx/CVE-2022-43041.json new file mode 100644 index 00000000000..786276d3599 --- /dev/null +++ b/2022/43xxx/CVE-2022-43041.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43041", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43042.json b/2022/43xxx/CVE-2022-43042.json new file mode 100644 index 00000000000..e285ffbede5 --- /dev/null +++ b/2022/43xxx/CVE-2022-43042.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43042", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43043.json b/2022/43xxx/CVE-2022-43043.json new file mode 100644 index 00000000000..35c3afc741a --- /dev/null +++ b/2022/43xxx/CVE-2022-43043.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43043", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43044.json b/2022/43xxx/CVE-2022-43044.json new file mode 100644 index 00000000000..26edadf49b9 --- /dev/null +++ b/2022/43xxx/CVE-2022-43044.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43044", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43045.json b/2022/43xxx/CVE-2022-43045.json new file mode 100644 index 00000000000..a7a79f28664 --- /dev/null +++ b/2022/43xxx/CVE-2022-43045.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43045", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43046.json b/2022/43xxx/CVE-2022-43046.json new file mode 100644 index 00000000000..340352eb26c --- /dev/null +++ b/2022/43xxx/CVE-2022-43046.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43046", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43047.json b/2022/43xxx/CVE-2022-43047.json new file mode 100644 index 00000000000..cd21ed8a9d8 --- /dev/null +++ b/2022/43xxx/CVE-2022-43047.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43047", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43048.json b/2022/43xxx/CVE-2022-43048.json new file mode 100644 index 00000000000..e4c21fa8b15 --- /dev/null +++ b/2022/43xxx/CVE-2022-43048.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43048", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43049.json b/2022/43xxx/CVE-2022-43049.json new file mode 100644 index 00000000000..5a310857e8d --- /dev/null +++ b/2022/43xxx/CVE-2022-43049.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43049", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43050.json b/2022/43xxx/CVE-2022-43050.json new file mode 100644 index 00000000000..52b41a78376 --- /dev/null +++ b/2022/43xxx/CVE-2022-43050.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43050", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43051.json b/2022/43xxx/CVE-2022-43051.json new file mode 100644 index 00000000000..6c9ef7dfd29 --- /dev/null +++ b/2022/43xxx/CVE-2022-43051.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43051", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43052.json b/2022/43xxx/CVE-2022-43052.json new file mode 100644 index 00000000000..86b75d7bc9b --- /dev/null +++ b/2022/43xxx/CVE-2022-43052.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43052", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43053.json b/2022/43xxx/CVE-2022-43053.json new file mode 100644 index 00000000000..99cdf16e8a1 --- /dev/null +++ b/2022/43xxx/CVE-2022-43053.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43053", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43054.json b/2022/43xxx/CVE-2022-43054.json new file mode 100644 index 00000000000..fb0a466466b --- /dev/null +++ b/2022/43xxx/CVE-2022-43054.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43054", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43055.json b/2022/43xxx/CVE-2022-43055.json new file mode 100644 index 00000000000..1cfbf91f54e --- /dev/null +++ b/2022/43xxx/CVE-2022-43055.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43055", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43056.json b/2022/43xxx/CVE-2022-43056.json new file mode 100644 index 00000000000..aedb005f118 --- /dev/null +++ b/2022/43xxx/CVE-2022-43056.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43056", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43057.json b/2022/43xxx/CVE-2022-43057.json new file mode 100644 index 00000000000..77b9c4d2c0c --- /dev/null +++ b/2022/43xxx/CVE-2022-43057.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43057", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43058.json b/2022/43xxx/CVE-2022-43058.json new file mode 100644 index 00000000000..2b035a3a3a7 --- /dev/null +++ b/2022/43xxx/CVE-2022-43058.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43058", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43059.json b/2022/43xxx/CVE-2022-43059.json new file mode 100644 index 00000000000..1e076eecf7b --- /dev/null +++ b/2022/43xxx/CVE-2022-43059.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43059", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43060.json b/2022/43xxx/CVE-2022-43060.json new file mode 100644 index 00000000000..b1533b404a5 --- /dev/null +++ b/2022/43xxx/CVE-2022-43060.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43060", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43061.json b/2022/43xxx/CVE-2022-43061.json new file mode 100644 index 00000000000..dad558d5325 --- /dev/null +++ b/2022/43xxx/CVE-2022-43061.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43061", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43062.json b/2022/43xxx/CVE-2022-43062.json new file mode 100644 index 00000000000..f520c176779 --- /dev/null +++ b/2022/43xxx/CVE-2022-43062.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43062", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43063.json b/2022/43xxx/CVE-2022-43063.json new file mode 100644 index 00000000000..bc845c159fd --- /dev/null +++ b/2022/43xxx/CVE-2022-43063.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43063", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43064.json b/2022/43xxx/CVE-2022-43064.json new file mode 100644 index 00000000000..9f7fc8a71c3 --- /dev/null +++ b/2022/43xxx/CVE-2022-43064.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43064", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43065.json b/2022/43xxx/CVE-2022-43065.json new file mode 100644 index 00000000000..7e1fb01ff3b --- /dev/null +++ b/2022/43xxx/CVE-2022-43065.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43065", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43066.json b/2022/43xxx/CVE-2022-43066.json new file mode 100644 index 00000000000..6880bf2a49d --- /dev/null +++ b/2022/43xxx/CVE-2022-43066.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43066", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43067.json b/2022/43xxx/CVE-2022-43067.json new file mode 100644 index 00000000000..0285a795e04 --- /dev/null +++ b/2022/43xxx/CVE-2022-43067.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43067", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43068.json b/2022/43xxx/CVE-2022-43068.json new file mode 100644 index 00000000000..c2b177b3e48 --- /dev/null +++ b/2022/43xxx/CVE-2022-43068.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43068", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43069.json b/2022/43xxx/CVE-2022-43069.json new file mode 100644 index 00000000000..2900aa554a5 --- /dev/null +++ b/2022/43xxx/CVE-2022-43069.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43069", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43070.json b/2022/43xxx/CVE-2022-43070.json new file mode 100644 index 00000000000..41c46ddddd4 --- /dev/null +++ b/2022/43xxx/CVE-2022-43070.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43070", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43071.json b/2022/43xxx/CVE-2022-43071.json new file mode 100644 index 00000000000..e14b379c2e2 --- /dev/null +++ b/2022/43xxx/CVE-2022-43071.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43071", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43072.json b/2022/43xxx/CVE-2022-43072.json new file mode 100644 index 00000000000..ca45b05a01f --- /dev/null +++ b/2022/43xxx/CVE-2022-43072.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43072", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43073.json b/2022/43xxx/CVE-2022-43073.json new file mode 100644 index 00000000000..2d584a30522 --- /dev/null +++ b/2022/43xxx/CVE-2022-43073.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43073", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43074.json b/2022/43xxx/CVE-2022-43074.json new file mode 100644 index 00000000000..544f60f37ff --- /dev/null +++ b/2022/43xxx/CVE-2022-43074.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43074", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43075.json b/2022/43xxx/CVE-2022-43075.json new file mode 100644 index 00000000000..83680447e28 --- /dev/null +++ b/2022/43xxx/CVE-2022-43075.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43075", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43076.json b/2022/43xxx/CVE-2022-43076.json new file mode 100644 index 00000000000..c440841d0b0 --- /dev/null +++ b/2022/43xxx/CVE-2022-43076.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43076", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43077.json b/2022/43xxx/CVE-2022-43077.json new file mode 100644 index 00000000000..f4c00d4fd1f --- /dev/null +++ b/2022/43xxx/CVE-2022-43077.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43077", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43078.json b/2022/43xxx/CVE-2022-43078.json new file mode 100644 index 00000000000..e6b10f78ea5 --- /dev/null +++ b/2022/43xxx/CVE-2022-43078.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43078", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43079.json b/2022/43xxx/CVE-2022-43079.json new file mode 100644 index 00000000000..b5b66e1c61d --- /dev/null +++ b/2022/43xxx/CVE-2022-43079.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43079", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43080.json b/2022/43xxx/CVE-2022-43080.json new file mode 100644 index 00000000000..1569931b699 --- /dev/null +++ b/2022/43xxx/CVE-2022-43080.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43080", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43081.json b/2022/43xxx/CVE-2022-43081.json new file mode 100644 index 00000000000..2dcd95c664f --- /dev/null +++ b/2022/43xxx/CVE-2022-43081.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43081", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43082.json b/2022/43xxx/CVE-2022-43082.json new file mode 100644 index 00000000000..7598b45e9e5 --- /dev/null +++ b/2022/43xxx/CVE-2022-43082.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43082", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43083.json b/2022/43xxx/CVE-2022-43083.json new file mode 100644 index 00000000000..6df93acb626 --- /dev/null +++ b/2022/43xxx/CVE-2022-43083.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43083", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43084.json b/2022/43xxx/CVE-2022-43084.json new file mode 100644 index 00000000000..5b12aa369a6 --- /dev/null +++ b/2022/43xxx/CVE-2022-43084.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43084", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43085.json b/2022/43xxx/CVE-2022-43085.json new file mode 100644 index 00000000000..cdd4a5a0913 --- /dev/null +++ b/2022/43xxx/CVE-2022-43085.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43085", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43086.json b/2022/43xxx/CVE-2022-43086.json new file mode 100644 index 00000000000..8cca2e11b02 --- /dev/null +++ b/2022/43xxx/CVE-2022-43086.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43086", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43087.json b/2022/43xxx/CVE-2022-43087.json new file mode 100644 index 00000000000..7bf2187b185 --- /dev/null +++ b/2022/43xxx/CVE-2022-43087.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43087", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43088.json b/2022/43xxx/CVE-2022-43088.json new file mode 100644 index 00000000000..f50c186370a --- /dev/null +++ b/2022/43xxx/CVE-2022-43088.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43088", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43089.json b/2022/43xxx/CVE-2022-43089.json new file mode 100644 index 00000000000..b8ef5352f38 --- /dev/null +++ b/2022/43xxx/CVE-2022-43089.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43089", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43090.json b/2022/43xxx/CVE-2022-43090.json new file mode 100644 index 00000000000..436c75f4a8e --- /dev/null +++ b/2022/43xxx/CVE-2022-43090.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43090", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43091.json b/2022/43xxx/CVE-2022-43091.json new file mode 100644 index 00000000000..29f9f427271 --- /dev/null +++ b/2022/43xxx/CVE-2022-43091.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43091", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43092.json b/2022/43xxx/CVE-2022-43092.json new file mode 100644 index 00000000000..2a399b9482b --- /dev/null +++ b/2022/43xxx/CVE-2022-43092.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43092", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43093.json b/2022/43xxx/CVE-2022-43093.json new file mode 100644 index 00000000000..774d8eae42b --- /dev/null +++ b/2022/43xxx/CVE-2022-43093.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43093", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43094.json b/2022/43xxx/CVE-2022-43094.json new file mode 100644 index 00000000000..6e329eeb351 --- /dev/null +++ b/2022/43xxx/CVE-2022-43094.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43094", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43095.json b/2022/43xxx/CVE-2022-43095.json new file mode 100644 index 00000000000..0aa0b544877 --- /dev/null +++ b/2022/43xxx/CVE-2022-43095.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43095", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43096.json b/2022/43xxx/CVE-2022-43096.json new file mode 100644 index 00000000000..5bdf4f6100e --- /dev/null +++ b/2022/43xxx/CVE-2022-43096.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43096", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43097.json b/2022/43xxx/CVE-2022-43097.json new file mode 100644 index 00000000000..362a2923048 --- /dev/null +++ b/2022/43xxx/CVE-2022-43097.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43097", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43098.json b/2022/43xxx/CVE-2022-43098.json new file mode 100644 index 00000000000..3a561a62c84 --- /dev/null +++ b/2022/43xxx/CVE-2022-43098.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43098", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43099.json b/2022/43xxx/CVE-2022-43099.json new file mode 100644 index 00000000000..621c99725e0 --- /dev/null +++ b/2022/43xxx/CVE-2022-43099.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43099", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43100.json b/2022/43xxx/CVE-2022-43100.json new file mode 100644 index 00000000000..7bd666d701f --- /dev/null +++ b/2022/43xxx/CVE-2022-43100.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43100", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43101.json b/2022/43xxx/CVE-2022-43101.json new file mode 100644 index 00000000000..a626a3a7602 --- /dev/null +++ b/2022/43xxx/CVE-2022-43101.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43101", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43102.json b/2022/43xxx/CVE-2022-43102.json new file mode 100644 index 00000000000..b28a916d272 --- /dev/null +++ b/2022/43xxx/CVE-2022-43102.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43102", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43103.json b/2022/43xxx/CVE-2022-43103.json new file mode 100644 index 00000000000..e690b9b7dc3 --- /dev/null +++ b/2022/43xxx/CVE-2022-43103.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43103", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43104.json b/2022/43xxx/CVE-2022-43104.json new file mode 100644 index 00000000000..597cb521df3 --- /dev/null +++ b/2022/43xxx/CVE-2022-43104.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43104", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43105.json b/2022/43xxx/CVE-2022-43105.json new file mode 100644 index 00000000000..9baa5bbd0bb --- /dev/null +++ b/2022/43xxx/CVE-2022-43105.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43105", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43106.json b/2022/43xxx/CVE-2022-43106.json new file mode 100644 index 00000000000..043a31ddf91 --- /dev/null +++ b/2022/43xxx/CVE-2022-43106.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43106", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43107.json b/2022/43xxx/CVE-2022-43107.json new file mode 100644 index 00000000000..3835ac64311 --- /dev/null +++ b/2022/43xxx/CVE-2022-43107.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43107", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43108.json b/2022/43xxx/CVE-2022-43108.json new file mode 100644 index 00000000000..1dd9be6ea7a --- /dev/null +++ b/2022/43xxx/CVE-2022-43108.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43108", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43109.json b/2022/43xxx/CVE-2022-43109.json new file mode 100644 index 00000000000..dbef93198aa --- /dev/null +++ b/2022/43xxx/CVE-2022-43109.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43109", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43110.json b/2022/43xxx/CVE-2022-43110.json new file mode 100644 index 00000000000..602a4c100aa --- /dev/null +++ b/2022/43xxx/CVE-2022-43110.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43110", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43111.json b/2022/43xxx/CVE-2022-43111.json new file mode 100644 index 00000000000..224000f516f --- /dev/null +++ b/2022/43xxx/CVE-2022-43111.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43111", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43112.json b/2022/43xxx/CVE-2022-43112.json new file mode 100644 index 00000000000..6393e112e5d --- /dev/null +++ b/2022/43xxx/CVE-2022-43112.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43112", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43113.json b/2022/43xxx/CVE-2022-43113.json new file mode 100644 index 00000000000..a32d6e3d4b0 --- /dev/null +++ b/2022/43xxx/CVE-2022-43113.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43113", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43114.json b/2022/43xxx/CVE-2022-43114.json new file mode 100644 index 00000000000..adde6a243b6 --- /dev/null +++ b/2022/43xxx/CVE-2022-43114.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43114", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43115.json b/2022/43xxx/CVE-2022-43115.json new file mode 100644 index 00000000000..d1f3e5babdf --- /dev/null +++ b/2022/43xxx/CVE-2022-43115.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43115", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43116.json b/2022/43xxx/CVE-2022-43116.json new file mode 100644 index 00000000000..427593b4cbe --- /dev/null +++ b/2022/43xxx/CVE-2022-43116.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43116", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43117.json b/2022/43xxx/CVE-2022-43117.json new file mode 100644 index 00000000000..14fb233f5d9 --- /dev/null +++ b/2022/43xxx/CVE-2022-43117.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43117", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43118.json b/2022/43xxx/CVE-2022-43118.json new file mode 100644 index 00000000000..8ea589c527d --- /dev/null +++ b/2022/43xxx/CVE-2022-43118.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43118", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43119.json b/2022/43xxx/CVE-2022-43119.json new file mode 100644 index 00000000000..1515766723d --- /dev/null +++ b/2022/43xxx/CVE-2022-43119.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43119", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43120.json b/2022/43xxx/CVE-2022-43120.json new file mode 100644 index 00000000000..bbfa1730ac7 --- /dev/null +++ b/2022/43xxx/CVE-2022-43120.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43120", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43121.json b/2022/43xxx/CVE-2022-43121.json new file mode 100644 index 00000000000..d2f40a37940 --- /dev/null +++ b/2022/43xxx/CVE-2022-43121.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43121", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43122.json b/2022/43xxx/CVE-2022-43122.json new file mode 100644 index 00000000000..502b9d66a61 --- /dev/null +++ b/2022/43xxx/CVE-2022-43122.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43122", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43123.json b/2022/43xxx/CVE-2022-43123.json new file mode 100644 index 00000000000..d76c4017bbe --- /dev/null +++ b/2022/43xxx/CVE-2022-43123.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43123", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43124.json b/2022/43xxx/CVE-2022-43124.json new file mode 100644 index 00000000000..40b6b34764d --- /dev/null +++ b/2022/43xxx/CVE-2022-43124.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43124", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43125.json b/2022/43xxx/CVE-2022-43125.json new file mode 100644 index 00000000000..e758caf7aeb --- /dev/null +++ b/2022/43xxx/CVE-2022-43125.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43125", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43126.json b/2022/43xxx/CVE-2022-43126.json new file mode 100644 index 00000000000..600770b4a66 --- /dev/null +++ b/2022/43xxx/CVE-2022-43126.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43126", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43127.json b/2022/43xxx/CVE-2022-43127.json new file mode 100644 index 00000000000..02fe1671a8d --- /dev/null +++ b/2022/43xxx/CVE-2022-43127.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43127", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43128.json b/2022/43xxx/CVE-2022-43128.json new file mode 100644 index 00000000000..42c03ec9643 --- /dev/null +++ b/2022/43xxx/CVE-2022-43128.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43128", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43129.json b/2022/43xxx/CVE-2022-43129.json new file mode 100644 index 00000000000..612ecc4ed49 --- /dev/null +++ b/2022/43xxx/CVE-2022-43129.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43129", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43130.json b/2022/43xxx/CVE-2022-43130.json new file mode 100644 index 00000000000..89c5a7231e8 --- /dev/null +++ b/2022/43xxx/CVE-2022-43130.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43130", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43131.json b/2022/43xxx/CVE-2022-43131.json new file mode 100644 index 00000000000..29ed67568ff --- /dev/null +++ b/2022/43xxx/CVE-2022-43131.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43131", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43132.json b/2022/43xxx/CVE-2022-43132.json new file mode 100644 index 00000000000..e181c5044d7 --- /dev/null +++ b/2022/43xxx/CVE-2022-43132.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43132", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43133.json b/2022/43xxx/CVE-2022-43133.json new file mode 100644 index 00000000000..ecd9595d6d8 --- /dev/null +++ b/2022/43xxx/CVE-2022-43133.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43133", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43134.json b/2022/43xxx/CVE-2022-43134.json new file mode 100644 index 00000000000..c92227e7d3f --- /dev/null +++ b/2022/43xxx/CVE-2022-43134.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43134", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43135.json b/2022/43xxx/CVE-2022-43135.json new file mode 100644 index 00000000000..8d1428fe6c9 --- /dev/null +++ b/2022/43xxx/CVE-2022-43135.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43135", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43136.json b/2022/43xxx/CVE-2022-43136.json new file mode 100644 index 00000000000..e0ce9bada0c --- /dev/null +++ b/2022/43xxx/CVE-2022-43136.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43136", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43137.json b/2022/43xxx/CVE-2022-43137.json new file mode 100644 index 00000000000..bf92fcc9778 --- /dev/null +++ b/2022/43xxx/CVE-2022-43137.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43137", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43138.json b/2022/43xxx/CVE-2022-43138.json new file mode 100644 index 00000000000..90294aadea8 --- /dev/null +++ b/2022/43xxx/CVE-2022-43138.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43138", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43139.json b/2022/43xxx/CVE-2022-43139.json new file mode 100644 index 00000000000..19a1d3d4ecf --- /dev/null +++ b/2022/43xxx/CVE-2022-43139.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43139", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43140.json b/2022/43xxx/CVE-2022-43140.json new file mode 100644 index 00000000000..4c35d6e49c4 --- /dev/null +++ b/2022/43xxx/CVE-2022-43140.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43140", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43141.json b/2022/43xxx/CVE-2022-43141.json new file mode 100644 index 00000000000..c9ec6447dd5 --- /dev/null +++ b/2022/43xxx/CVE-2022-43141.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43141", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43142.json b/2022/43xxx/CVE-2022-43142.json new file mode 100644 index 00000000000..1dfca9cae68 --- /dev/null +++ b/2022/43xxx/CVE-2022-43142.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43142", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43143.json b/2022/43xxx/CVE-2022-43143.json new file mode 100644 index 00000000000..f9471ee1124 --- /dev/null +++ b/2022/43xxx/CVE-2022-43143.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43143", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43144.json b/2022/43xxx/CVE-2022-43144.json new file mode 100644 index 00000000000..7f9eca39734 --- /dev/null +++ b/2022/43xxx/CVE-2022-43144.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43144", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43145.json b/2022/43xxx/CVE-2022-43145.json new file mode 100644 index 00000000000..d905abdfa58 --- /dev/null +++ b/2022/43xxx/CVE-2022-43145.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43145", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43146.json b/2022/43xxx/CVE-2022-43146.json new file mode 100644 index 00000000000..1aa978a05ea --- /dev/null +++ b/2022/43xxx/CVE-2022-43146.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43146", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43147.json b/2022/43xxx/CVE-2022-43147.json new file mode 100644 index 00000000000..4768bda6225 --- /dev/null +++ b/2022/43xxx/CVE-2022-43147.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43147", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43148.json b/2022/43xxx/CVE-2022-43148.json new file mode 100644 index 00000000000..60dba9c6af2 --- /dev/null +++ b/2022/43xxx/CVE-2022-43148.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43148", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43149.json b/2022/43xxx/CVE-2022-43149.json new file mode 100644 index 00000000000..f0665f5c4f9 --- /dev/null +++ b/2022/43xxx/CVE-2022-43149.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43149", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43150.json b/2022/43xxx/CVE-2022-43150.json new file mode 100644 index 00000000000..b3c5bf12d58 --- /dev/null +++ b/2022/43xxx/CVE-2022-43150.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43150", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43151.json b/2022/43xxx/CVE-2022-43151.json new file mode 100644 index 00000000000..fc3a22e0028 --- /dev/null +++ b/2022/43xxx/CVE-2022-43151.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43151", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43152.json b/2022/43xxx/CVE-2022-43152.json new file mode 100644 index 00000000000..d781feb6af0 --- /dev/null +++ b/2022/43xxx/CVE-2022-43152.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43152", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43153.json b/2022/43xxx/CVE-2022-43153.json new file mode 100644 index 00000000000..331522cfa4a --- /dev/null +++ b/2022/43xxx/CVE-2022-43153.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43153", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43154.json b/2022/43xxx/CVE-2022-43154.json new file mode 100644 index 00000000000..f5a53e8bbcb --- /dev/null +++ b/2022/43xxx/CVE-2022-43154.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43154", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43155.json b/2022/43xxx/CVE-2022-43155.json new file mode 100644 index 00000000000..562e71d1cee --- /dev/null +++ b/2022/43xxx/CVE-2022-43155.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43155", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43156.json b/2022/43xxx/CVE-2022-43156.json new file mode 100644 index 00000000000..3fc1cc3cdce --- /dev/null +++ b/2022/43xxx/CVE-2022-43156.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43156", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43157.json b/2022/43xxx/CVE-2022-43157.json new file mode 100644 index 00000000000..69a454775cb --- /dev/null +++ b/2022/43xxx/CVE-2022-43157.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43157", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43158.json b/2022/43xxx/CVE-2022-43158.json new file mode 100644 index 00000000000..d863d79d45d --- /dev/null +++ b/2022/43xxx/CVE-2022-43158.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43158", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43159.json b/2022/43xxx/CVE-2022-43159.json new file mode 100644 index 00000000000..b5ffaf174cc --- /dev/null +++ b/2022/43xxx/CVE-2022-43159.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43159", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43160.json b/2022/43xxx/CVE-2022-43160.json new file mode 100644 index 00000000000..d13283a6a83 --- /dev/null +++ b/2022/43xxx/CVE-2022-43160.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43160", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43161.json b/2022/43xxx/CVE-2022-43161.json new file mode 100644 index 00000000000..a51cf0f428c --- /dev/null +++ b/2022/43xxx/CVE-2022-43161.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43161", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43162.json b/2022/43xxx/CVE-2022-43162.json new file mode 100644 index 00000000000..ae91fd2a875 --- /dev/null +++ b/2022/43xxx/CVE-2022-43162.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43162", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43163.json b/2022/43xxx/CVE-2022-43163.json new file mode 100644 index 00000000000..431cf33424e --- /dev/null +++ b/2022/43xxx/CVE-2022-43163.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43163", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43164.json b/2022/43xxx/CVE-2022-43164.json new file mode 100644 index 00000000000..0596560f213 --- /dev/null +++ b/2022/43xxx/CVE-2022-43164.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43164", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43165.json b/2022/43xxx/CVE-2022-43165.json new file mode 100644 index 00000000000..a31392cb22c --- /dev/null +++ b/2022/43xxx/CVE-2022-43165.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43165", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43166.json b/2022/43xxx/CVE-2022-43166.json new file mode 100644 index 00000000000..d4ea9085ea2 --- /dev/null +++ b/2022/43xxx/CVE-2022-43166.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43166", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43167.json b/2022/43xxx/CVE-2022-43167.json new file mode 100644 index 00000000000..05fd17ba9b7 --- /dev/null +++ b/2022/43xxx/CVE-2022-43167.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43167", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43168.json b/2022/43xxx/CVE-2022-43168.json new file mode 100644 index 00000000000..e777e3bd6bb --- /dev/null +++ b/2022/43xxx/CVE-2022-43168.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43168", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43169.json b/2022/43xxx/CVE-2022-43169.json new file mode 100644 index 00000000000..5856cf611c4 --- /dev/null +++ b/2022/43xxx/CVE-2022-43169.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43169", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43170.json b/2022/43xxx/CVE-2022-43170.json new file mode 100644 index 00000000000..7fd2f08e9b6 --- /dev/null +++ b/2022/43xxx/CVE-2022-43170.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43170", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43171.json b/2022/43xxx/CVE-2022-43171.json new file mode 100644 index 00000000000..3c1285b91d2 --- /dev/null +++ b/2022/43xxx/CVE-2022-43171.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43171", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43172.json b/2022/43xxx/CVE-2022-43172.json new file mode 100644 index 00000000000..7d1702a1b2b --- /dev/null +++ b/2022/43xxx/CVE-2022-43172.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43172", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43173.json b/2022/43xxx/CVE-2022-43173.json new file mode 100644 index 00000000000..56d2d4295e6 --- /dev/null +++ b/2022/43xxx/CVE-2022-43173.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43173", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43174.json b/2022/43xxx/CVE-2022-43174.json new file mode 100644 index 00000000000..1bd28426021 --- /dev/null +++ b/2022/43xxx/CVE-2022-43174.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43174", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43175.json b/2022/43xxx/CVE-2022-43175.json new file mode 100644 index 00000000000..44e83564e13 --- /dev/null +++ b/2022/43xxx/CVE-2022-43175.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43175", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43176.json b/2022/43xxx/CVE-2022-43176.json new file mode 100644 index 00000000000..b9b2a074128 --- /dev/null +++ b/2022/43xxx/CVE-2022-43176.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43176", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43177.json b/2022/43xxx/CVE-2022-43177.json new file mode 100644 index 00000000000..a39e2607f6e --- /dev/null +++ b/2022/43xxx/CVE-2022-43177.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43177", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43178.json b/2022/43xxx/CVE-2022-43178.json new file mode 100644 index 00000000000..0aca5760c90 --- /dev/null +++ b/2022/43xxx/CVE-2022-43178.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43178", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43179.json b/2022/43xxx/CVE-2022-43179.json new file mode 100644 index 00000000000..b8a2ecff3a7 --- /dev/null +++ b/2022/43xxx/CVE-2022-43179.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43179", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43180.json b/2022/43xxx/CVE-2022-43180.json new file mode 100644 index 00000000000..49685cf4d58 --- /dev/null +++ b/2022/43xxx/CVE-2022-43180.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43180", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43181.json b/2022/43xxx/CVE-2022-43181.json new file mode 100644 index 00000000000..fe55e1b77bf --- /dev/null +++ b/2022/43xxx/CVE-2022-43181.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43181", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43182.json b/2022/43xxx/CVE-2022-43182.json new file mode 100644 index 00000000000..e98e61256e4 --- /dev/null +++ b/2022/43xxx/CVE-2022-43182.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43182", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43183.json b/2022/43xxx/CVE-2022-43183.json new file mode 100644 index 00000000000..c6f6288128b --- /dev/null +++ b/2022/43xxx/CVE-2022-43183.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43183", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43184.json b/2022/43xxx/CVE-2022-43184.json new file mode 100644 index 00000000000..27b1eb03186 --- /dev/null +++ b/2022/43xxx/CVE-2022-43184.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43184", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43185.json b/2022/43xxx/CVE-2022-43185.json new file mode 100644 index 00000000000..b2b7eda775c --- /dev/null +++ b/2022/43xxx/CVE-2022-43185.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43185", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43186.json b/2022/43xxx/CVE-2022-43186.json new file mode 100644 index 00000000000..22f61d04fee --- /dev/null +++ b/2022/43xxx/CVE-2022-43186.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43186", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43187.json b/2022/43xxx/CVE-2022-43187.json new file mode 100644 index 00000000000..310a23944a0 --- /dev/null +++ b/2022/43xxx/CVE-2022-43187.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43187", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43188.json b/2022/43xxx/CVE-2022-43188.json new file mode 100644 index 00000000000..60f236a3fc1 --- /dev/null +++ b/2022/43xxx/CVE-2022-43188.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43188", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43189.json b/2022/43xxx/CVE-2022-43189.json new file mode 100644 index 00000000000..7dd06736dbf --- /dev/null +++ b/2022/43xxx/CVE-2022-43189.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43189", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43190.json b/2022/43xxx/CVE-2022-43190.json new file mode 100644 index 00000000000..19247e44f79 --- /dev/null +++ b/2022/43xxx/CVE-2022-43190.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43190", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43191.json b/2022/43xxx/CVE-2022-43191.json new file mode 100644 index 00000000000..2ca9f798c9d --- /dev/null +++ b/2022/43xxx/CVE-2022-43191.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43191", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43192.json b/2022/43xxx/CVE-2022-43192.json new file mode 100644 index 00000000000..8795f3c5ee0 --- /dev/null +++ b/2022/43xxx/CVE-2022-43192.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43192", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43193.json b/2022/43xxx/CVE-2022-43193.json new file mode 100644 index 00000000000..3da8fd86210 --- /dev/null +++ b/2022/43xxx/CVE-2022-43193.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43193", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43194.json b/2022/43xxx/CVE-2022-43194.json new file mode 100644 index 00000000000..9c230fe3c11 --- /dev/null +++ b/2022/43xxx/CVE-2022-43194.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43194", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43195.json b/2022/43xxx/CVE-2022-43195.json new file mode 100644 index 00000000000..7c6e4fb6cb7 --- /dev/null +++ b/2022/43xxx/CVE-2022-43195.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43195", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43196.json b/2022/43xxx/CVE-2022-43196.json new file mode 100644 index 00000000000..9d1267104a9 --- /dev/null +++ b/2022/43xxx/CVE-2022-43196.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43196", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43197.json b/2022/43xxx/CVE-2022-43197.json new file mode 100644 index 00000000000..fe7b6fd1133 --- /dev/null +++ b/2022/43xxx/CVE-2022-43197.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43197", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43198.json b/2022/43xxx/CVE-2022-43198.json new file mode 100644 index 00000000000..a01730f2df8 --- /dev/null +++ b/2022/43xxx/CVE-2022-43198.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43198", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43199.json b/2022/43xxx/CVE-2022-43199.json new file mode 100644 index 00000000000..15bdcc90b40 --- /dev/null +++ b/2022/43xxx/CVE-2022-43199.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43199", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43200.json b/2022/43xxx/CVE-2022-43200.json new file mode 100644 index 00000000000..e4c1432614e --- /dev/null +++ b/2022/43xxx/CVE-2022-43200.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43200", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43201.json b/2022/43xxx/CVE-2022-43201.json new file mode 100644 index 00000000000..cebe4fa52d7 --- /dev/null +++ b/2022/43xxx/CVE-2022-43201.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43201", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43202.json b/2022/43xxx/CVE-2022-43202.json new file mode 100644 index 00000000000..a10344f67b5 --- /dev/null +++ b/2022/43xxx/CVE-2022-43202.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43202", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43203.json b/2022/43xxx/CVE-2022-43203.json new file mode 100644 index 00000000000..d311c83a5c9 --- /dev/null +++ b/2022/43xxx/CVE-2022-43203.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43203", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43204.json b/2022/43xxx/CVE-2022-43204.json new file mode 100644 index 00000000000..3ccfdc49c05 --- /dev/null +++ b/2022/43xxx/CVE-2022-43204.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43204", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43205.json b/2022/43xxx/CVE-2022-43205.json new file mode 100644 index 00000000000..5f3b4bba399 --- /dev/null +++ b/2022/43xxx/CVE-2022-43205.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43205", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43206.json b/2022/43xxx/CVE-2022-43206.json new file mode 100644 index 00000000000..f14d875e668 --- /dev/null +++ b/2022/43xxx/CVE-2022-43206.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43206", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43207.json b/2022/43xxx/CVE-2022-43207.json new file mode 100644 index 00000000000..0d12d246614 --- /dev/null +++ b/2022/43xxx/CVE-2022-43207.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43207", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43208.json b/2022/43xxx/CVE-2022-43208.json new file mode 100644 index 00000000000..98f4899bffe --- /dev/null +++ b/2022/43xxx/CVE-2022-43208.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43208", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43209.json b/2022/43xxx/CVE-2022-43209.json new file mode 100644 index 00000000000..179eb54532f --- /dev/null +++ b/2022/43xxx/CVE-2022-43209.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43209", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43210.json b/2022/43xxx/CVE-2022-43210.json new file mode 100644 index 00000000000..86a91ef13dc --- /dev/null +++ b/2022/43xxx/CVE-2022-43210.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43210", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43211.json b/2022/43xxx/CVE-2022-43211.json new file mode 100644 index 00000000000..d75bcbaf455 --- /dev/null +++ b/2022/43xxx/CVE-2022-43211.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43211", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43212.json b/2022/43xxx/CVE-2022-43212.json new file mode 100644 index 00000000000..288d9b951df --- /dev/null +++ b/2022/43xxx/CVE-2022-43212.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43212", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43213.json b/2022/43xxx/CVE-2022-43213.json new file mode 100644 index 00000000000..cd149103ddd --- /dev/null +++ b/2022/43xxx/CVE-2022-43213.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43213", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43214.json b/2022/43xxx/CVE-2022-43214.json new file mode 100644 index 00000000000..f3a249a82e6 --- /dev/null +++ b/2022/43xxx/CVE-2022-43214.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43214", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43215.json b/2022/43xxx/CVE-2022-43215.json new file mode 100644 index 00000000000..aba64c5cc42 --- /dev/null +++ b/2022/43xxx/CVE-2022-43215.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43215", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43216.json b/2022/43xxx/CVE-2022-43216.json new file mode 100644 index 00000000000..dff4136ee48 --- /dev/null +++ b/2022/43xxx/CVE-2022-43216.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43216", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43217.json b/2022/43xxx/CVE-2022-43217.json new file mode 100644 index 00000000000..fb997b88940 --- /dev/null +++ b/2022/43xxx/CVE-2022-43217.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43217", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43218.json b/2022/43xxx/CVE-2022-43218.json new file mode 100644 index 00000000000..21391e10c09 --- /dev/null +++ b/2022/43xxx/CVE-2022-43218.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43218", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43219.json b/2022/43xxx/CVE-2022-43219.json new file mode 100644 index 00000000000..2be680b8988 --- /dev/null +++ b/2022/43xxx/CVE-2022-43219.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43219", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43220.json b/2022/43xxx/CVE-2022-43220.json new file mode 100644 index 00000000000..2b0cb06f361 --- /dev/null +++ b/2022/43xxx/CVE-2022-43220.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43220", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43221.json b/2022/43xxx/CVE-2022-43221.json new file mode 100644 index 00000000000..bdd2008ccd1 --- /dev/null +++ b/2022/43xxx/CVE-2022-43221.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43221", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43222.json b/2022/43xxx/CVE-2022-43222.json new file mode 100644 index 00000000000..cffeeedaa1a --- /dev/null +++ b/2022/43xxx/CVE-2022-43222.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43222", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43223.json b/2022/43xxx/CVE-2022-43223.json new file mode 100644 index 00000000000..104dd8f94c4 --- /dev/null +++ b/2022/43xxx/CVE-2022-43223.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43223", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43224.json b/2022/43xxx/CVE-2022-43224.json new file mode 100644 index 00000000000..b5997054c3b --- /dev/null +++ b/2022/43xxx/CVE-2022-43224.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43224", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43225.json b/2022/43xxx/CVE-2022-43225.json new file mode 100644 index 00000000000..ee20e117135 --- /dev/null +++ b/2022/43xxx/CVE-2022-43225.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43225", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43226.json b/2022/43xxx/CVE-2022-43226.json new file mode 100644 index 00000000000..61ed19fae69 --- /dev/null +++ b/2022/43xxx/CVE-2022-43226.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43226", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43227.json b/2022/43xxx/CVE-2022-43227.json new file mode 100644 index 00000000000..e985acba855 --- /dev/null +++ b/2022/43xxx/CVE-2022-43227.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43227", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43228.json b/2022/43xxx/CVE-2022-43228.json new file mode 100644 index 00000000000..73e6b9bf24d --- /dev/null +++ b/2022/43xxx/CVE-2022-43228.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43228", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43229.json b/2022/43xxx/CVE-2022-43229.json new file mode 100644 index 00000000000..365d4aa34ac --- /dev/null +++ b/2022/43xxx/CVE-2022-43229.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43229", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43230.json b/2022/43xxx/CVE-2022-43230.json new file mode 100644 index 00000000000..821f3968f48 --- /dev/null +++ b/2022/43xxx/CVE-2022-43230.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43230", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43231.json b/2022/43xxx/CVE-2022-43231.json new file mode 100644 index 00000000000..563e4426c06 --- /dev/null +++ b/2022/43xxx/CVE-2022-43231.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43231", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43232.json b/2022/43xxx/CVE-2022-43232.json new file mode 100644 index 00000000000..e791870305e --- /dev/null +++ b/2022/43xxx/CVE-2022-43232.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43232", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43233.json b/2022/43xxx/CVE-2022-43233.json new file mode 100644 index 00000000000..4a440c0c83b --- /dev/null +++ b/2022/43xxx/CVE-2022-43233.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43233", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43234.json b/2022/43xxx/CVE-2022-43234.json new file mode 100644 index 00000000000..dea662e6b73 --- /dev/null +++ b/2022/43xxx/CVE-2022-43234.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43234", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43235.json b/2022/43xxx/CVE-2022-43235.json new file mode 100644 index 00000000000..541c2a81a86 --- /dev/null +++ b/2022/43xxx/CVE-2022-43235.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43235", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43236.json b/2022/43xxx/CVE-2022-43236.json new file mode 100644 index 00000000000..d559c55353c --- /dev/null +++ b/2022/43xxx/CVE-2022-43236.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43236", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43237.json b/2022/43xxx/CVE-2022-43237.json new file mode 100644 index 00000000000..e079b4e683e --- /dev/null +++ b/2022/43xxx/CVE-2022-43237.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43237", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43238.json b/2022/43xxx/CVE-2022-43238.json new file mode 100644 index 00000000000..0ed6cc16107 --- /dev/null +++ b/2022/43xxx/CVE-2022-43238.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43238", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43239.json b/2022/43xxx/CVE-2022-43239.json new file mode 100644 index 00000000000..874125a9ea0 --- /dev/null +++ b/2022/43xxx/CVE-2022-43239.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43239", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43240.json b/2022/43xxx/CVE-2022-43240.json new file mode 100644 index 00000000000..2d5e08b31cd --- /dev/null +++ b/2022/43xxx/CVE-2022-43240.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43240", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43241.json b/2022/43xxx/CVE-2022-43241.json new file mode 100644 index 00000000000..c1459767667 --- /dev/null +++ b/2022/43xxx/CVE-2022-43241.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43241", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43242.json b/2022/43xxx/CVE-2022-43242.json new file mode 100644 index 00000000000..1988c57668d --- /dev/null +++ b/2022/43xxx/CVE-2022-43242.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43242", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43243.json b/2022/43xxx/CVE-2022-43243.json new file mode 100644 index 00000000000..ba864290352 --- /dev/null +++ b/2022/43xxx/CVE-2022-43243.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43243", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43244.json b/2022/43xxx/CVE-2022-43244.json new file mode 100644 index 00000000000..6e16d0b5896 --- /dev/null +++ b/2022/43xxx/CVE-2022-43244.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43244", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43245.json b/2022/43xxx/CVE-2022-43245.json new file mode 100644 index 00000000000..a5399146343 --- /dev/null +++ b/2022/43xxx/CVE-2022-43245.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43245", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43246.json b/2022/43xxx/CVE-2022-43246.json new file mode 100644 index 00000000000..3e633ffbfad --- /dev/null +++ b/2022/43xxx/CVE-2022-43246.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43246", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43247.json b/2022/43xxx/CVE-2022-43247.json new file mode 100644 index 00000000000..49a487912ae --- /dev/null +++ b/2022/43xxx/CVE-2022-43247.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43247", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43248.json b/2022/43xxx/CVE-2022-43248.json new file mode 100644 index 00000000000..f748fc6f3eb --- /dev/null +++ b/2022/43xxx/CVE-2022-43248.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43248", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43249.json b/2022/43xxx/CVE-2022-43249.json new file mode 100644 index 00000000000..8f9005ab0bd --- /dev/null +++ b/2022/43xxx/CVE-2022-43249.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43249", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43250.json b/2022/43xxx/CVE-2022-43250.json new file mode 100644 index 00000000000..92e2a3dec2b --- /dev/null +++ b/2022/43xxx/CVE-2022-43250.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43250", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43251.json b/2022/43xxx/CVE-2022-43251.json new file mode 100644 index 00000000000..50fdff99549 --- /dev/null +++ b/2022/43xxx/CVE-2022-43251.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43251", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43252.json b/2022/43xxx/CVE-2022-43252.json new file mode 100644 index 00000000000..ed00aff3d49 --- /dev/null +++ b/2022/43xxx/CVE-2022-43252.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43252", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43253.json b/2022/43xxx/CVE-2022-43253.json new file mode 100644 index 00000000000..4ba0adaab43 --- /dev/null +++ b/2022/43xxx/CVE-2022-43253.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43253", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43254.json b/2022/43xxx/CVE-2022-43254.json new file mode 100644 index 00000000000..37f3458ce2c --- /dev/null +++ b/2022/43xxx/CVE-2022-43254.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43254", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43255.json b/2022/43xxx/CVE-2022-43255.json new file mode 100644 index 00000000000..b1bd35a49ff --- /dev/null +++ b/2022/43xxx/CVE-2022-43255.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43255", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43256.json b/2022/43xxx/CVE-2022-43256.json new file mode 100644 index 00000000000..e3a260daeda --- /dev/null +++ b/2022/43xxx/CVE-2022-43256.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43256", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43257.json b/2022/43xxx/CVE-2022-43257.json new file mode 100644 index 00000000000..f6ba04dcd97 --- /dev/null +++ b/2022/43xxx/CVE-2022-43257.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43257", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43258.json b/2022/43xxx/CVE-2022-43258.json new file mode 100644 index 00000000000..10aa040112a --- /dev/null +++ b/2022/43xxx/CVE-2022-43258.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43258", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43259.json b/2022/43xxx/CVE-2022-43259.json new file mode 100644 index 00000000000..728075a5781 --- /dev/null +++ b/2022/43xxx/CVE-2022-43259.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43259", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43260.json b/2022/43xxx/CVE-2022-43260.json new file mode 100644 index 00000000000..c5f7b93773e --- /dev/null +++ b/2022/43xxx/CVE-2022-43260.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43260", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43261.json b/2022/43xxx/CVE-2022-43261.json new file mode 100644 index 00000000000..c353e33b706 --- /dev/null +++ b/2022/43xxx/CVE-2022-43261.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43261", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43262.json b/2022/43xxx/CVE-2022-43262.json new file mode 100644 index 00000000000..e7d8680aa09 --- /dev/null +++ b/2022/43xxx/CVE-2022-43262.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43262", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43263.json b/2022/43xxx/CVE-2022-43263.json new file mode 100644 index 00000000000..7576d833d62 --- /dev/null +++ b/2022/43xxx/CVE-2022-43263.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43263", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43264.json b/2022/43xxx/CVE-2022-43264.json new file mode 100644 index 00000000000..761afbfe3bd --- /dev/null +++ b/2022/43xxx/CVE-2022-43264.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43264", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43265.json b/2022/43xxx/CVE-2022-43265.json new file mode 100644 index 00000000000..3017de55bab --- /dev/null +++ b/2022/43xxx/CVE-2022-43265.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43265", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43266.json b/2022/43xxx/CVE-2022-43266.json new file mode 100644 index 00000000000..459a36149f9 --- /dev/null +++ b/2022/43xxx/CVE-2022-43266.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43266", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43267.json b/2022/43xxx/CVE-2022-43267.json new file mode 100644 index 00000000000..32f967d172f --- /dev/null +++ b/2022/43xxx/CVE-2022-43267.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43267", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43268.json b/2022/43xxx/CVE-2022-43268.json new file mode 100644 index 00000000000..65948ede608 --- /dev/null +++ b/2022/43xxx/CVE-2022-43268.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43268", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43269.json b/2022/43xxx/CVE-2022-43269.json new file mode 100644 index 00000000000..833d594091a --- /dev/null +++ b/2022/43xxx/CVE-2022-43269.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43269", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43270.json b/2022/43xxx/CVE-2022-43270.json new file mode 100644 index 00000000000..80a8ad38449 --- /dev/null +++ b/2022/43xxx/CVE-2022-43270.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43270", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43271.json b/2022/43xxx/CVE-2022-43271.json new file mode 100644 index 00000000000..e120bd8f90d --- /dev/null +++ b/2022/43xxx/CVE-2022-43271.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43271", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43272.json b/2022/43xxx/CVE-2022-43272.json new file mode 100644 index 00000000000..8a91e8d38c6 --- /dev/null +++ b/2022/43xxx/CVE-2022-43272.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43272", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43273.json b/2022/43xxx/CVE-2022-43273.json new file mode 100644 index 00000000000..24ef9141faa --- /dev/null +++ b/2022/43xxx/CVE-2022-43273.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43273", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43274.json b/2022/43xxx/CVE-2022-43274.json new file mode 100644 index 00000000000..796f8261583 --- /dev/null +++ b/2022/43xxx/CVE-2022-43274.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43274", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43275.json b/2022/43xxx/CVE-2022-43275.json new file mode 100644 index 00000000000..69dccde196c --- /dev/null +++ b/2022/43xxx/CVE-2022-43275.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43275", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43276.json b/2022/43xxx/CVE-2022-43276.json new file mode 100644 index 00000000000..ee5dfbcb747 --- /dev/null +++ b/2022/43xxx/CVE-2022-43276.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43276", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43277.json b/2022/43xxx/CVE-2022-43277.json new file mode 100644 index 00000000000..b38b39bf773 --- /dev/null +++ b/2022/43xxx/CVE-2022-43277.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43277", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43278.json b/2022/43xxx/CVE-2022-43278.json new file mode 100644 index 00000000000..3276094017a --- /dev/null +++ b/2022/43xxx/CVE-2022-43278.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43278", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43279.json b/2022/43xxx/CVE-2022-43279.json new file mode 100644 index 00000000000..e0d53a2c070 --- /dev/null +++ b/2022/43xxx/CVE-2022-43279.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43279", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43280.json b/2022/43xxx/CVE-2022-43280.json new file mode 100644 index 00000000000..02509895c85 --- /dev/null +++ b/2022/43xxx/CVE-2022-43280.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43280", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43281.json b/2022/43xxx/CVE-2022-43281.json new file mode 100644 index 00000000000..0fd00b982ae --- /dev/null +++ b/2022/43xxx/CVE-2022-43281.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43281", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43282.json b/2022/43xxx/CVE-2022-43282.json new file mode 100644 index 00000000000..1deb3dd5bb7 --- /dev/null +++ b/2022/43xxx/CVE-2022-43282.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43282", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43283.json b/2022/43xxx/CVE-2022-43283.json new file mode 100644 index 00000000000..666266c9dd3 --- /dev/null +++ b/2022/43xxx/CVE-2022-43283.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43283", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43284.json b/2022/43xxx/CVE-2022-43284.json new file mode 100644 index 00000000000..3eddd37c829 --- /dev/null +++ b/2022/43xxx/CVE-2022-43284.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43284", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43285.json b/2022/43xxx/CVE-2022-43285.json new file mode 100644 index 00000000000..16160dc4d19 --- /dev/null +++ b/2022/43xxx/CVE-2022-43285.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43285", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43286.json b/2022/43xxx/CVE-2022-43286.json new file mode 100644 index 00000000000..a8f2eac1be4 --- /dev/null +++ b/2022/43xxx/CVE-2022-43286.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43286", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43287.json b/2022/43xxx/CVE-2022-43287.json new file mode 100644 index 00000000000..eba6888cd87 --- /dev/null +++ b/2022/43xxx/CVE-2022-43287.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43287", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43288.json b/2022/43xxx/CVE-2022-43288.json new file mode 100644 index 00000000000..b7e5f941840 --- /dev/null +++ b/2022/43xxx/CVE-2022-43288.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43288", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43289.json b/2022/43xxx/CVE-2022-43289.json new file mode 100644 index 00000000000..561d0ec8373 --- /dev/null +++ b/2022/43xxx/CVE-2022-43289.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43289", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43290.json b/2022/43xxx/CVE-2022-43290.json new file mode 100644 index 00000000000..da92a1780b9 --- /dev/null +++ b/2022/43xxx/CVE-2022-43290.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43290", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43291.json b/2022/43xxx/CVE-2022-43291.json new file mode 100644 index 00000000000..9bb431029ba --- /dev/null +++ b/2022/43xxx/CVE-2022-43291.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43291", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43292.json b/2022/43xxx/CVE-2022-43292.json new file mode 100644 index 00000000000..b506b0abe77 --- /dev/null +++ b/2022/43xxx/CVE-2022-43292.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43292", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43293.json b/2022/43xxx/CVE-2022-43293.json new file mode 100644 index 00000000000..c398550c8df --- /dev/null +++ b/2022/43xxx/CVE-2022-43293.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43293", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43294.json b/2022/43xxx/CVE-2022-43294.json new file mode 100644 index 00000000000..7f8a4c3de3a --- /dev/null +++ b/2022/43xxx/CVE-2022-43294.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43294", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43295.json b/2022/43xxx/CVE-2022-43295.json new file mode 100644 index 00000000000..3ca54e5a5ba --- /dev/null +++ b/2022/43xxx/CVE-2022-43295.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43295", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43296.json b/2022/43xxx/CVE-2022-43296.json new file mode 100644 index 00000000000..c90ec7cfe16 --- /dev/null +++ b/2022/43xxx/CVE-2022-43296.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43296", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43297.json b/2022/43xxx/CVE-2022-43297.json new file mode 100644 index 00000000000..e24097c42c2 --- /dev/null +++ b/2022/43xxx/CVE-2022-43297.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43297", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43298.json b/2022/43xxx/CVE-2022-43298.json new file mode 100644 index 00000000000..aeae0dc5a84 --- /dev/null +++ b/2022/43xxx/CVE-2022-43298.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43298", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43299.json b/2022/43xxx/CVE-2022-43299.json new file mode 100644 index 00000000000..e72c088de37 --- /dev/null +++ b/2022/43xxx/CVE-2022-43299.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43299", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43300.json b/2022/43xxx/CVE-2022-43300.json new file mode 100644 index 00000000000..bc8a76ee493 --- /dev/null +++ b/2022/43xxx/CVE-2022-43300.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43300", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43301.json b/2022/43xxx/CVE-2022-43301.json new file mode 100644 index 00000000000..86700bfa0a3 --- /dev/null +++ b/2022/43xxx/CVE-2022-43301.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43301", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43302.json b/2022/43xxx/CVE-2022-43302.json new file mode 100644 index 00000000000..0d5a9760e61 --- /dev/null +++ b/2022/43xxx/CVE-2022-43302.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43302", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43303.json b/2022/43xxx/CVE-2022-43303.json new file mode 100644 index 00000000000..f14c9192224 --- /dev/null +++ b/2022/43xxx/CVE-2022-43303.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43303", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43304.json b/2022/43xxx/CVE-2022-43304.json new file mode 100644 index 00000000000..d84faa0742f --- /dev/null +++ b/2022/43xxx/CVE-2022-43304.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43304", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43305.json b/2022/43xxx/CVE-2022-43305.json new file mode 100644 index 00000000000..5962b532e32 --- /dev/null +++ b/2022/43xxx/CVE-2022-43305.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43305", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43306.json b/2022/43xxx/CVE-2022-43306.json new file mode 100644 index 00000000000..2db885e304b --- /dev/null +++ b/2022/43xxx/CVE-2022-43306.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43306", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43307.json b/2022/43xxx/CVE-2022-43307.json new file mode 100644 index 00000000000..0e3fe384dfd --- /dev/null +++ b/2022/43xxx/CVE-2022-43307.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43307", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43308.json b/2022/43xxx/CVE-2022-43308.json new file mode 100644 index 00000000000..16406e98c3e --- /dev/null +++ b/2022/43xxx/CVE-2022-43308.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43308", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43309.json b/2022/43xxx/CVE-2022-43309.json new file mode 100644 index 00000000000..c7e1485949a --- /dev/null +++ b/2022/43xxx/CVE-2022-43309.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43309", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43310.json b/2022/43xxx/CVE-2022-43310.json new file mode 100644 index 00000000000..f05661fab32 --- /dev/null +++ b/2022/43xxx/CVE-2022-43310.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43310", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43311.json b/2022/43xxx/CVE-2022-43311.json new file mode 100644 index 00000000000..a8bfedea7e9 --- /dev/null +++ b/2022/43xxx/CVE-2022-43311.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43311", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43312.json b/2022/43xxx/CVE-2022-43312.json new file mode 100644 index 00000000000..1377d17a68c --- /dev/null +++ b/2022/43xxx/CVE-2022-43312.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43312", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43313.json b/2022/43xxx/CVE-2022-43313.json new file mode 100644 index 00000000000..a3d576d4663 --- /dev/null +++ b/2022/43xxx/CVE-2022-43313.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43313", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43314.json b/2022/43xxx/CVE-2022-43314.json new file mode 100644 index 00000000000..520ac3ddf77 --- /dev/null +++ b/2022/43xxx/CVE-2022-43314.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43314", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43315.json b/2022/43xxx/CVE-2022-43315.json new file mode 100644 index 00000000000..f105a600b88 --- /dev/null +++ b/2022/43xxx/CVE-2022-43315.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43315", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43316.json b/2022/43xxx/CVE-2022-43316.json new file mode 100644 index 00000000000..da008cd63fb --- /dev/null +++ b/2022/43xxx/CVE-2022-43316.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43316", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43317.json b/2022/43xxx/CVE-2022-43317.json new file mode 100644 index 00000000000..47c845fd28b --- /dev/null +++ b/2022/43xxx/CVE-2022-43317.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43317", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43318.json b/2022/43xxx/CVE-2022-43318.json new file mode 100644 index 00000000000..aefaf1cfeb5 --- /dev/null +++ b/2022/43xxx/CVE-2022-43318.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43318", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43319.json b/2022/43xxx/CVE-2022-43319.json new file mode 100644 index 00000000000..40e03e65166 --- /dev/null +++ b/2022/43xxx/CVE-2022-43319.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43319", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43320.json b/2022/43xxx/CVE-2022-43320.json new file mode 100644 index 00000000000..24c45a05fd5 --- /dev/null +++ b/2022/43xxx/CVE-2022-43320.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43320", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43321.json b/2022/43xxx/CVE-2022-43321.json new file mode 100644 index 00000000000..0443cb12540 --- /dev/null +++ b/2022/43xxx/CVE-2022-43321.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43321", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43322.json b/2022/43xxx/CVE-2022-43322.json new file mode 100644 index 00000000000..5947cdb6762 --- /dev/null +++ b/2022/43xxx/CVE-2022-43322.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43322", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43323.json b/2022/43xxx/CVE-2022-43323.json new file mode 100644 index 00000000000..1bf10c8ab7f --- /dev/null +++ b/2022/43xxx/CVE-2022-43323.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43323", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43324.json b/2022/43xxx/CVE-2022-43324.json new file mode 100644 index 00000000000..5a494a8436a --- /dev/null +++ b/2022/43xxx/CVE-2022-43324.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43324", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43325.json b/2022/43xxx/CVE-2022-43325.json new file mode 100644 index 00000000000..41bae9f3d8f --- /dev/null +++ b/2022/43xxx/CVE-2022-43325.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43325", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43326.json b/2022/43xxx/CVE-2022-43326.json new file mode 100644 index 00000000000..970daf02ef7 --- /dev/null +++ b/2022/43xxx/CVE-2022-43326.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43326", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43327.json b/2022/43xxx/CVE-2022-43327.json new file mode 100644 index 00000000000..1e7cbbb0c1c --- /dev/null +++ b/2022/43xxx/CVE-2022-43327.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43327", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43328.json b/2022/43xxx/CVE-2022-43328.json new file mode 100644 index 00000000000..d316ec5fd0f --- /dev/null +++ b/2022/43xxx/CVE-2022-43328.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43328", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43329.json b/2022/43xxx/CVE-2022-43329.json new file mode 100644 index 00000000000..213bdd1ed6c --- /dev/null +++ b/2022/43xxx/CVE-2022-43329.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43329", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43330.json b/2022/43xxx/CVE-2022-43330.json new file mode 100644 index 00000000000..1536b5153ca --- /dev/null +++ b/2022/43xxx/CVE-2022-43330.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43330", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43331.json b/2022/43xxx/CVE-2022-43331.json new file mode 100644 index 00000000000..1e8b15101f4 --- /dev/null +++ b/2022/43xxx/CVE-2022-43331.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43331", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43332.json b/2022/43xxx/CVE-2022-43332.json new file mode 100644 index 00000000000..2d7cf8cb90e --- /dev/null +++ b/2022/43xxx/CVE-2022-43332.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43332", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43333.json b/2022/43xxx/CVE-2022-43333.json new file mode 100644 index 00000000000..f9f002fb452 --- /dev/null +++ b/2022/43xxx/CVE-2022-43333.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43333", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43334.json b/2022/43xxx/CVE-2022-43334.json new file mode 100644 index 00000000000..46f74b33bd9 --- /dev/null +++ b/2022/43xxx/CVE-2022-43334.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43334", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43335.json b/2022/43xxx/CVE-2022-43335.json new file mode 100644 index 00000000000..9768d5973e3 --- /dev/null +++ b/2022/43xxx/CVE-2022-43335.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43335", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43336.json b/2022/43xxx/CVE-2022-43336.json new file mode 100644 index 00000000000..7ca73c3f3f9 --- /dev/null +++ b/2022/43xxx/CVE-2022-43336.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43336", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43337.json b/2022/43xxx/CVE-2022-43337.json new file mode 100644 index 00000000000..0902b861ace --- /dev/null +++ b/2022/43xxx/CVE-2022-43337.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43337", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43338.json b/2022/43xxx/CVE-2022-43338.json new file mode 100644 index 00000000000..9b848901419 --- /dev/null +++ b/2022/43xxx/CVE-2022-43338.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43338", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43339.json b/2022/43xxx/CVE-2022-43339.json new file mode 100644 index 00000000000..059c976a5ac --- /dev/null +++ b/2022/43xxx/CVE-2022-43339.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43339", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43340.json b/2022/43xxx/CVE-2022-43340.json new file mode 100644 index 00000000000..b0d26f811a7 --- /dev/null +++ b/2022/43xxx/CVE-2022-43340.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43340", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43341.json b/2022/43xxx/CVE-2022-43341.json new file mode 100644 index 00000000000..5b3e1a9e31c --- /dev/null +++ b/2022/43xxx/CVE-2022-43341.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43341", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43342.json b/2022/43xxx/CVE-2022-43342.json new file mode 100644 index 00000000000..46cd6e03e39 --- /dev/null +++ b/2022/43xxx/CVE-2022-43342.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43342", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43343.json b/2022/43xxx/CVE-2022-43343.json new file mode 100644 index 00000000000..329d58ece0a --- /dev/null +++ b/2022/43xxx/CVE-2022-43343.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43343", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43344.json b/2022/43xxx/CVE-2022-43344.json new file mode 100644 index 00000000000..a83473418fc --- /dev/null +++ b/2022/43xxx/CVE-2022-43344.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43344", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43345.json b/2022/43xxx/CVE-2022-43345.json new file mode 100644 index 00000000000..982ca0b6613 --- /dev/null +++ b/2022/43xxx/CVE-2022-43345.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43345", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43346.json b/2022/43xxx/CVE-2022-43346.json new file mode 100644 index 00000000000..729f94b5517 --- /dev/null +++ b/2022/43xxx/CVE-2022-43346.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43346", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43347.json b/2022/43xxx/CVE-2022-43347.json new file mode 100644 index 00000000000..03842262c7d --- /dev/null +++ b/2022/43xxx/CVE-2022-43347.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43347", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43348.json b/2022/43xxx/CVE-2022-43348.json new file mode 100644 index 00000000000..73dc2aa33fc --- /dev/null +++ b/2022/43xxx/CVE-2022-43348.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43348", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43349.json b/2022/43xxx/CVE-2022-43349.json new file mode 100644 index 00000000000..2b0e7bb483b --- /dev/null +++ b/2022/43xxx/CVE-2022-43349.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43349", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43350.json b/2022/43xxx/CVE-2022-43350.json new file mode 100644 index 00000000000..f4c985fb632 --- /dev/null +++ b/2022/43xxx/CVE-2022-43350.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43350", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43351.json b/2022/43xxx/CVE-2022-43351.json new file mode 100644 index 00000000000..85dc25c10c6 --- /dev/null +++ b/2022/43xxx/CVE-2022-43351.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43351", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43352.json b/2022/43xxx/CVE-2022-43352.json new file mode 100644 index 00000000000..e177652e0e5 --- /dev/null +++ b/2022/43xxx/CVE-2022-43352.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43352", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43353.json b/2022/43xxx/CVE-2022-43353.json new file mode 100644 index 00000000000..39e4c398870 --- /dev/null +++ b/2022/43xxx/CVE-2022-43353.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43353", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43354.json b/2022/43xxx/CVE-2022-43354.json new file mode 100644 index 00000000000..9fd19d6e38e --- /dev/null +++ b/2022/43xxx/CVE-2022-43354.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43354", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43355.json b/2022/43xxx/CVE-2022-43355.json new file mode 100644 index 00000000000..599b664b728 --- /dev/null +++ b/2022/43xxx/CVE-2022-43355.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43355", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43356.json b/2022/43xxx/CVE-2022-43356.json new file mode 100644 index 00000000000..2f926300016 --- /dev/null +++ b/2022/43xxx/CVE-2022-43356.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43356", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43357.json b/2022/43xxx/CVE-2022-43357.json new file mode 100644 index 00000000000..ea2aeacd1e5 --- /dev/null +++ b/2022/43xxx/CVE-2022-43357.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43357", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43358.json b/2022/43xxx/CVE-2022-43358.json new file mode 100644 index 00000000000..49757fbb499 --- /dev/null +++ b/2022/43xxx/CVE-2022-43358.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43358", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43359.json b/2022/43xxx/CVE-2022-43359.json new file mode 100644 index 00000000000..9b260c24b23 --- /dev/null +++ b/2022/43xxx/CVE-2022-43359.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43359", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43360.json b/2022/43xxx/CVE-2022-43360.json new file mode 100644 index 00000000000..82b5e5c9086 --- /dev/null +++ b/2022/43xxx/CVE-2022-43360.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43360", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43361.json b/2022/43xxx/CVE-2022-43361.json new file mode 100644 index 00000000000..411b4e193f2 --- /dev/null +++ b/2022/43xxx/CVE-2022-43361.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43361", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43362.json b/2022/43xxx/CVE-2022-43362.json new file mode 100644 index 00000000000..ce247b564cd --- /dev/null +++ b/2022/43xxx/CVE-2022-43362.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43362", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43363.json b/2022/43xxx/CVE-2022-43363.json new file mode 100644 index 00000000000..e76e2854bf7 --- /dev/null +++ b/2022/43xxx/CVE-2022-43363.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43363", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43364.json b/2022/43xxx/CVE-2022-43364.json new file mode 100644 index 00000000000..653648983bf --- /dev/null +++ b/2022/43xxx/CVE-2022-43364.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43364", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43365.json b/2022/43xxx/CVE-2022-43365.json new file mode 100644 index 00000000000..9c40bc54be1 --- /dev/null +++ b/2022/43xxx/CVE-2022-43365.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43365", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43366.json b/2022/43xxx/CVE-2022-43366.json new file mode 100644 index 00000000000..2ff8748230a --- /dev/null +++ b/2022/43xxx/CVE-2022-43366.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43366", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43367.json b/2022/43xxx/CVE-2022-43367.json new file mode 100644 index 00000000000..d6cf5d4a943 --- /dev/null +++ b/2022/43xxx/CVE-2022-43367.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43367", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43368.json b/2022/43xxx/CVE-2022-43368.json new file mode 100644 index 00000000000..99f565b6600 --- /dev/null +++ b/2022/43xxx/CVE-2022-43368.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43368", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43369.json b/2022/43xxx/CVE-2022-43369.json new file mode 100644 index 00000000000..9e9da2aca86 --- /dev/null +++ b/2022/43xxx/CVE-2022-43369.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43369", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43370.json b/2022/43xxx/CVE-2022-43370.json new file mode 100644 index 00000000000..fb7b34e07a9 --- /dev/null +++ b/2022/43xxx/CVE-2022-43370.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43370", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43371.json b/2022/43xxx/CVE-2022-43371.json new file mode 100644 index 00000000000..bd79d6edbf4 --- /dev/null +++ b/2022/43xxx/CVE-2022-43371.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43371", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43372.json b/2022/43xxx/CVE-2022-43372.json new file mode 100644 index 00000000000..c98520cd6f8 --- /dev/null +++ b/2022/43xxx/CVE-2022-43372.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43372", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43373.json b/2022/43xxx/CVE-2022-43373.json new file mode 100644 index 00000000000..00a430c6c19 --- /dev/null +++ b/2022/43xxx/CVE-2022-43373.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43373", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43374.json b/2022/43xxx/CVE-2022-43374.json new file mode 100644 index 00000000000..0383b42ffd9 --- /dev/null +++ b/2022/43xxx/CVE-2022-43374.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43374", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43375.json b/2022/43xxx/CVE-2022-43375.json new file mode 100644 index 00000000000..a7c8a89bf42 --- /dev/null +++ b/2022/43xxx/CVE-2022-43375.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43375", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43376.json b/2022/43xxx/CVE-2022-43376.json new file mode 100644 index 00000000000..1aa98a74d12 --- /dev/null +++ b/2022/43xxx/CVE-2022-43376.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43376", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43377.json b/2022/43xxx/CVE-2022-43377.json new file mode 100644 index 00000000000..3bebc0cbe21 --- /dev/null +++ b/2022/43xxx/CVE-2022-43377.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43377", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43378.json b/2022/43xxx/CVE-2022-43378.json new file mode 100644 index 00000000000..243a322ea4c --- /dev/null +++ b/2022/43xxx/CVE-2022-43378.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43378", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file