admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-02-12 22:01:26 +00:00
parent 58bfc3edc4
commit 3c3f47dfcf
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
8 changed files with 201 additions and 251 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
2022/1xxx/CVE-2022-1319.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1319",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-252 - Unchecked Return Value.",
"cweId": "CWE-252"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Fixed in 2.3.0.Final, 2.2.18.Final, 2.2.17.SP3, 2.2.17.SP4, 2.3.0.Alpha2"
}
]
@ -30,57 +52,37 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-252 - Unchecked Return Value."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890"
},
{
"url": "https://issues.redhat.com/browse/UNDERTOW-2060",
"refsource": "MISC",
"name": "https://issues.redhat.com/browse/UNDERTOW-2060",
"url": "https://issues.redhat.com/browse/UNDERTOW-2060"
"name": "https://issues.redhat.com/browse/UNDERTOW-2060"
},
{
"url": "https://github.com/undertow-io/undertow/commit/1443a1a2bbb8e32e56788109d8285db250d55c8b",
"refsource": "MISC",
"name": "https://github.com/undertow-io/undertow/commit/1443a1a2bbb8e32e56788109d8285db250d55c8b",
"url": "https://github.com/undertow-io/undertow/commit/1443a1a2bbb8e32e56788109d8285db250d55c8b"
"name": "https://github.com/undertow-io/undertow/commit/1443a1a2bbb8e32e56788109d8285db250d55c8b"
},
{
"url": "https://github.com/undertow-io/undertow/commit/7c5b3ab885b5638fd3f1e8a935d5063d68aa2df3",
"refsource": "MISC",
"name": "https://github.com/undertow-io/undertow/commit/7c5b3ab885b5638fd3f1e8a935d5063d68aa2df3",
"url": "https://github.com/undertow-io/undertow/commit/7c5b3ab885b5638fd3f1e8a935d5063d68aa2df3"
"name": "https://github.com/undertow-io/undertow/commit/7c5b3ab885b5638fd3f1e8a935d5063d68aa2df3"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-1319",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-1319",
"url": "https://access.redhat.com/security/cve/CVE-2022-1319"
"name": "https://access.redhat.com/security/cve/CVE-2022-1319"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20221014-0006/",
"url": "https://security.netapp.com/advisory/ntap-20221014-0006/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG."
"url": "https://security.netapp.com/advisory/ntap-20221014-0006/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20221014-0006/"
}
]
}

68
2022/1xxx/CVE-2022-1325.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1325",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Clmg, where with the help of a maliciously crafted pandore or bmp file with modified dx and dy header field values it is possible to trick the application into allocating huge buffer sizes like 64 Gigabyte upon reading the file from disk or from a virtual buffer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 - Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Fixed in v3.1.0"
}
]
@ -30,57 +52,37 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 - Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074549",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2074549",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074549"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2074549"
},
{
"url": "https://huntr.dev/bounties/a5e4fc45-8f14-4dd1-811b-740fc50c95d2/",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/a5e4fc45-8f14-4dd1-811b-740fc50c95d2/",
"url": "https://huntr.dev/bounties/a5e4fc45-8f14-4dd1-811b-740fc50c95d2/"
"name": "https://huntr.dev/bounties/a5e4fc45-8f14-4dd1-811b-740fc50c95d2/"
},
{
"url": "https://github.com/GreycLab/CImg/issues/343",
"refsource": "MISC",
"name": "https://github.com/GreycLab/CImg/issues/343",
"url": "https://github.com/GreycLab/CImg/issues/343"
"name": "https://github.com/GreycLab/CImg/issues/343"
},
{
"url": "https://github.com/GreycLab/CImg/pull/348",
"refsource": "MISC",
"name": "https://github.com/GreycLab/CImg/pull/348",
"url": "https://github.com/GreycLab/CImg/pull/348"
"name": "https://github.com/GreycLab/CImg/pull/348"
},
{
"url": "https://github.com/GreycLab/CImg/commit/619cb58dd90b4e03ac68286c70ed98acbefd1c90",
"refsource": "MISC",
"name": "https://github.com/GreycLab/CImg/commit/619cb58dd90b4e03ac68286c70ed98acbefd1c90",
"url": "https://github.com/GreycLab/CImg/commit/619cb58dd90b4e03ac68286c70ed98acbefd1c90"
"name": "https://github.com/GreycLab/CImg/commit/619cb58dd90b4e03ac68286c70ed98acbefd1c90"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-1325",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-1325",
"url": "https://access.redhat.com/security/cve/CVE-2022-1325"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Clmg, where with the help of a maliciously crafted pandore or bmp file with modified dx and dy header field values it is possible to trick the application into allocating huge buffer sizes like 64 Gigabyte upon reading the file from disk or from a virtual buffer."
"name": "https://access.redhat.com/security/cve/CVE-2022-1325"
}
]
}

52
2022/1xxx/CVE-2022-1341.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1341",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in in bwm-ng v0.6.2. An arbitrary null write exists in get_cmdln_options() function in src/options.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "bwm-ng v0.6.2"
}
]
@ -30,37 +52,17 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/vgropp/bwm-ng/issues/26",
"refsource": "MISC",
"name": "https://github.com/vgropp/bwm-ng/issues/26",
"url": "https://github.com/vgropp/bwm-ng/issues/26"
"name": "https://github.com/vgropp/bwm-ng/issues/26"
},
{
"url": "https://github.com/vgropp/bwm-ng/commit/9774f23bf78a6e6d3ae4cfe3d73bad34f2fdcd17",
"refsource": "MISC",
"name": "https://github.com/vgropp/bwm-ng/commit/9774f23bf78a6e6d3ae4cfe3d73bad34f2fdcd17",
"url": "https://github.com/vgropp/bwm-ng/commit/9774f23bf78a6e6d3ae4cfe3d73bad34f2fdcd17"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in in bwm-ng v0.6.2. An arbitrary null write exists in get_cmdln_options() function in src/options.c."
"name": "https://github.com/vgropp/bwm-ng/commit/9774f23bf78a6e6d3ae4cfe3d73bad34f2fdcd17"
}
]
}

43
2022/1xxx/CVE-2022-1354.json
View File

@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read",
"value": "CWE-125 - Out-of-bounds Read.",
"cweId": "CWE-125"
}
]
@ -32,16 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 9",
"product_name": "libtiff",
"version": {
"version_data": [
{
"version_value": "0:4.4.0-2.el9",
"version_affected": "!"
"version_affected": "=",
"version_value": "Not-Known"
}
]
}
@ -54,6 +54,11 @@
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074404",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2074404"
},
{
"url": "https://gitlab.com/libtiff/libtiff/-/issues/319",
"refsource": "MISC",
@ -69,16 +74,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-1354"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:8194",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:8194"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074404",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2074404"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html",
"refsource": "MISC",
@ -100,23 +95,5 @@
"name": "https://www.debian.org/security/2023/dsa-5333"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}
}

59
2022/1xxx/CVE-2022-1355.json
View File

@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow",
"value": "CWE-121 - Stack-based Buffer Overflow.",
"cweId": "CWE-121"
}
]
@ -32,27 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 8",
"product_name": "libtiff",
"version": {
"version_data": [
{
"version_value": "0:4.0.9-23.el8",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "0:4.4.0-2.el9",
"version_affected": "!"
"version_affected": "=",
"version_value": "Not-Known"
}
]
}
@ -65,6 +54,11 @@
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074415",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2074415"
},
{
"url": "https://gitlab.com/libtiff/libtiff/-/issues/400",
"refsource": "MISC",
@ -80,11 +74,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-1355"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:8194",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:8194"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html",
"refsource": "MISC",
@ -104,34 +93,6 @@
"url": "https://www.debian.org/security/2023/dsa-5333",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5333"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:7585",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:7585"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074415",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2074415"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
}
]
}

52
2022/1xxx/CVE-2022-1414.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1414",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1173",
"cweId": "CWE-1173"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3scale-amp-system as shipped in 3scale-AMP 2"
}
]
@ -30,37 +52,17 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1173"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076794",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2076794",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076794"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2076794"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-1414",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-1414",
"url": "https://access.redhat.com/security/cve/CVE-2022-1414"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks."
"name": "https://access.redhat.com/security/cve/CVE-2022-1414"
}
]
}

60
2022/1xxx/CVE-2022-1508.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1508",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds read flaw was found in the Linux kernel\u2019s io_uring module in the way a user triggers the io_read() function with some special parameters. This flaw allows a local user to read some memory out of bounds."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 - Out-of-bounds Read.",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Not-Known."
}
]
@ -30,47 +52,27 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 - Out-of-bounds Read."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2075533",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2075533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2075533"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2075533"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=89c2b3b74918200e46699338d7bcc19b1ea12110",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=89c2b3b74918200e46699338d7bcc19b1ea12110",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=89c2b3b74918200e46699338d7bcc19b1ea12110"
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=89c2b3b74918200e46699338d7bcc19b1ea12110"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-1508",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-1508",
"url": "https://access.redhat.com/security/cve/CVE-2022-1508"
"name": "https://access.redhat.com/security/cve/CVE-2022-1508"
},
{
"url": "https://ubuntu.com/security/CVE-2022-1508",
"refsource": "MISC",
"name": "https://ubuntu.com/security/CVE-2022-1508",
"url": "https://ubuntu.com/security/CVE-2022-1508"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds read flaw was found in the Linux kernel\u2019s io_uring module in the way a user triggers the io_read() function with some special parameters. This flaw allows a local user to read some memory out of bounds."
"name": "https://ubuntu.com/security/CVE-2022-1508"
}
]
}

48
2022/1xxx/CVE-2022-1632.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1632",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA skips internal Service TLS certificate validation. This flaw allows an attacker to exploit an invalid certificate, resulting in a loss of confidentiality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295",
"cweId": "CWE-295"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.8.17"
}
]
@ -30,32 +52,12 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081181",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2081181",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081181"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA skips internal Service TLS certificate validation. This flaw allows an attacker to exploit an invalid certificate, resulting in a loss of confidentiality."
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2081181"
}
]
}