diff --git a/2020/21xxx/CVE-2020-21365.json b/2020/21xxx/CVE-2020-21365.json index 69b3f88fdaa..68fb58949a3 100644 --- a/2020/21xxx/CVE-2020-21365.json +++ b/2020/21xxx/CVE-2020-21365.json @@ -56,6 +56,11 @@ "url": "https://github.com/wkhtmltopdf/wkhtmltopdf/issues/4536", "refsource": "MISC", "name": "https://github.com/wkhtmltopdf/wkhtmltopdf/issues/4536" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221024 [SECURITY] [DLA 3158-1] wkhtmltopdf security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00027.html" } ] } diff --git a/2021/35xxx/CVE-2021-35368.json b/2021/35xxx/CVE-2021-35368.json index 922b3f491f1..6cc08e118cf 100644 --- a/2021/35xxx/CVE-2021-35368.json +++ b/2021/35xxx/CVE-2021-35368.json @@ -71,6 +71,11 @@ "refsource": "CONFIRM", "name": "https://coreruleset.org/20210630/cve-2021-35368-crs-request-body-bypass/", "url": "https://coreruleset.org/20210630/cve-2021-35368-crs-request-body-bypass/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-afa1e7b6c4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6MS5GMNYHFFIBWLJW7N3XAD24SLF3PFZ/" } ] } diff --git a/2021/36xxx/CVE-2021-36690.json b/2021/36xxx/CVE-2021-36690.json index c5db003c04e..d4e14aff05d 100644 --- a/2021/36xxx/CVE-2021-36690.json +++ b/2021/36xxx/CVE-2021-36690.json @@ -58,7 +58,9 @@ "url": "https://www.sqlite.org/forum/forumpost/718c0a8d17" }, { - "url": "https://www.oracle.com/security-alerts/cpujan2022.html" + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] } diff --git a/2021/39xxx/CVE-2021-39537.json b/2021/39xxx/CVE-2021-39537.json index bce1d7f76f0..7734e7bc27b 100644 --- a/2021/39xxx/CVE-2021-39537.json +++ b/2021/39xxx/CVE-2021-39537.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup", "url": "http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] } diff --git a/2021/40xxx/CVE-2021-40776.json b/2021/40xxx/CVE-2021-40776.json index 8f4a838e991..2177098a82d 100644 --- a/2021/40xxx/CVE-2021-40776.json +++ b/2021/40xxx/CVE-2021-40776.json @@ -58,14 +58,14 @@ "attackComplexity": "Low", "attackVector": "Physical", "availabilityImpact": "High", - "baseScore": 7.0, + "baseScore": 6.1, "baseSeverity": "High", "confidentialityImpact": "High", "integrityImpact": "High", "privilegesRequired": "High", - "scope": "Changed", + "scope": "Unchanged", "userInteraction": "Required", - "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, @@ -75,7 +75,7 @@ "description": [ { "lang": "eng", - "value": "Improper Privilege Management (CWE-269)" + "value": "Creation of Temporary File in Directory with Incorrect Permissions (CWE-379)" } ] } diff --git a/2022/0xxx/CVE-2022-0261.json b/2022/0xxx/CVE-2022-0261.json index 887bcab10e6..e6b51c026e8 100644 --- a/2022/0xxx/CVE-2022-0261.json +++ b/2022/0xxx/CVE-2022-0261.json @@ -89,6 +89,11 @@ "refsource": "GENTOO", "name": "GLSA-202208-32", "url": "https://security.gentoo.org/glsa/202208-32" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/0xxx/CVE-2022-0318.json b/2022/0xxx/CVE-2022-0318.json index ee0994a24bd..bc57831bc8e 100644 --- a/2022/0xxx/CVE-2022-0318.json +++ b/2022/0xxx/CVE-2022-0318.json @@ -84,6 +84,11 @@ "refsource": "GENTOO", "name": "GLSA-202208-32", "url": "https://security.gentoo.org/glsa/202208-32" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/0xxx/CVE-2022-0319.json b/2022/0xxx/CVE-2022-0319.json index e34566527d8..30ae7c6b4be 100644 --- a/2022/0xxx/CVE-2022-0319.json +++ b/2022/0xxx/CVE-2022-0319.json @@ -89,6 +89,11 @@ "refsource": "GENTOO", "name": "GLSA-202208-32", "url": "https://security.gentoo.org/glsa/202208-32" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/0xxx/CVE-2022-0351.json b/2022/0xxx/CVE-2022-0351.json index 040bdba32d7..1ed0165ecf9 100644 --- a/2022/0xxx/CVE-2022-0351.json +++ b/2022/0xxx/CVE-2022-0351.json @@ -89,6 +89,11 @@ "refsource": "GENTOO", "name": "GLSA-202208-32", "url": "https://security.gentoo.org/glsa/202208-32" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/0xxx/CVE-2022-0359.json b/2022/0xxx/CVE-2022-0359.json index 0998b678c7d..8ea71ef9dee 100644 --- a/2022/0xxx/CVE-2022-0359.json +++ b/2022/0xxx/CVE-2022-0359.json @@ -89,6 +89,11 @@ "refsource": "GENTOO", "name": "GLSA-202208-32", "url": "https://security.gentoo.org/glsa/202208-32" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/0xxx/CVE-2022-0361.json b/2022/0xxx/CVE-2022-0361.json index f3eb657b779..8dbf8bc889b 100644 --- a/2022/0xxx/CVE-2022-0361.json +++ b/2022/0xxx/CVE-2022-0361.json @@ -89,6 +89,11 @@ "refsource": "GENTOO", "name": "GLSA-202208-32", "url": "https://security.gentoo.org/glsa/202208-32" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/0xxx/CVE-2022-0368.json b/2022/0xxx/CVE-2022-0368.json index b4331767873..4f9ae61d8e6 100644 --- a/2022/0xxx/CVE-2022-0368.json +++ b/2022/0xxx/CVE-2022-0368.json @@ -89,6 +89,11 @@ "refsource": "GENTOO", "name": "GLSA-202208-32", "url": "https://security.gentoo.org/glsa/202208-32" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/0xxx/CVE-2022-0392.json b/2022/0xxx/CVE-2022-0392.json index 6038fc115d6..97ee873fe6c 100644 --- a/2022/0xxx/CVE-2022-0392.json +++ b/2022/0xxx/CVE-2022-0392.json @@ -84,6 +84,11 @@ "refsource": "GENTOO", "name": "GLSA-202208-32", "url": "https://security.gentoo.org/glsa/202208-32" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/0xxx/CVE-2022-0554.json b/2022/0xxx/CVE-2022-0554.json index ffd75497d6a..3486849f6d8 100644 --- a/2022/0xxx/CVE-2022-0554.json +++ b/2022/0xxx/CVE-2022-0554.json @@ -94,6 +94,11 @@ "refsource": "GENTOO", "name": "GLSA-202208-32", "url": "https://security.gentoo.org/glsa/202208-32" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/0xxx/CVE-2022-0572.json b/2022/0xxx/CVE-2022-0572.json index b45c2d65c70..dfae58917d1 100644 --- a/2022/0xxx/CVE-2022-0572.json +++ b/2022/0xxx/CVE-2022-0572.json @@ -94,6 +94,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20220516 [SECURITY] [DLA 3011-1] vim security update", "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/0xxx/CVE-2022-0629.json b/2022/0xxx/CVE-2022-0629.json index 70a03a34db7..f8b6ef59207 100644 --- a/2022/0xxx/CVE-2022-0629.json +++ b/2022/0xxx/CVE-2022-0629.json @@ -94,6 +94,11 @@ "refsource": "GENTOO", "name": "GLSA-202208-32", "url": "https://security.gentoo.org/glsa/202208-32" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/0xxx/CVE-2022-0685.json b/2022/0xxx/CVE-2022-0685.json index be63212e7b0..7793f20b738 100644 --- a/2022/0xxx/CVE-2022-0685.json +++ b/2022/0xxx/CVE-2022-0685.json @@ -94,6 +94,11 @@ "refsource": "GENTOO", "name": "GLSA-202208-32", "url": "https://security.gentoo.org/glsa/202208-32" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/0xxx/CVE-2022-0696.json b/2022/0xxx/CVE-2022-0696.json index 991c40c8ffb..17c34377392 100644 --- a/2022/0xxx/CVE-2022-0696.json +++ b/2022/0xxx/CVE-2022-0696.json @@ -84,6 +84,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-48bf3cb1c4", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/0xxx/CVE-2022-0714.json b/2022/0xxx/CVE-2022-0714.json index 47e040ce98b..34315b457f6 100644 --- a/2022/0xxx/CVE-2022-0714.json +++ b/2022/0xxx/CVE-2022-0714.json @@ -99,6 +99,11 @@ "refsource": "GENTOO", "name": "GLSA-202208-32", "url": "https://security.gentoo.org/glsa/202208-32" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/0xxx/CVE-2022-0729.json b/2022/0xxx/CVE-2022-0729.json index d3ccaa85223..8b889739d99 100644 --- a/2022/0xxx/CVE-2022-0729.json +++ b/2022/0xxx/CVE-2022-0729.json @@ -99,6 +99,11 @@ "refsource": "GENTOO", "name": "GLSA-202208-32", "url": "https://security.gentoo.org/glsa/202208-32" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/0xxx/CVE-2022-0943.json b/2022/0xxx/CVE-2022-0943.json index a189d5d0997..a25583c0584 100644 --- a/2022/0xxx/CVE-2022-0943.json +++ b/2022/0xxx/CVE-2022-0943.json @@ -99,6 +99,11 @@ "refsource": "GENTOO", "name": "GLSA-202208-32", "url": "https://security.gentoo.org/glsa/202208-32" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/1xxx/CVE-2022-1381.json b/2022/1xxx/CVE-2022-1381.json index 72e7aa6b240..cc9b5acdbda 100644 --- a/2022/1xxx/CVE-2022-1381.json +++ b/2022/1xxx/CVE-2022-1381.json @@ -94,6 +94,11 @@ "refsource": "GENTOO", "name": "GLSA-202208-32", "url": "https://security.gentoo.org/glsa/202208-32" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/1xxx/CVE-2022-1420.json b/2022/1xxx/CVE-2022-1420.json index 08d0d00a03e..8621a1a715d 100644 --- a/2022/1xxx/CVE-2022-1420.json +++ b/2022/1xxx/CVE-2022-1420.json @@ -94,6 +94,11 @@ "refsource": "GENTOO", "name": "GLSA-202208-32", "url": "https://security.gentoo.org/glsa/202208-32" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/1xxx/CVE-2022-1616.json b/2022/1xxx/CVE-2022-1616.json index 9b54c272d1e..47c51430cb1 100644 --- a/2022/1xxx/CVE-2022-1616.json +++ b/2022/1xxx/CVE-2022-1616.json @@ -104,6 +104,11 @@ "refsource": "GENTOO", "name": "GLSA-202208-32", "url": "https://security.gentoo.org/glsa/202208-32" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/1xxx/CVE-2022-1619.json b/2022/1xxx/CVE-2022-1619.json index d25425f9b07..4d464d56475 100644 --- a/2022/1xxx/CVE-2022-1619.json +++ b/2022/1xxx/CVE-2022-1619.json @@ -109,6 +109,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20220930-0007/", "url": "https://security.netapp.com/advisory/ntap-20220930-0007/" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/1xxx/CVE-2022-1620.json b/2022/1xxx/CVE-2022-1620.json index 7981804f6af..6a0eaa8707c 100644 --- a/2022/1xxx/CVE-2022-1620.json +++ b/2022/1xxx/CVE-2022-1620.json @@ -99,6 +99,11 @@ "refsource": "GENTOO", "name": "GLSA-202208-32", "url": "https://security.gentoo.org/glsa/202208-32" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/1xxx/CVE-2022-1621.json b/2022/1xxx/CVE-2022-1621.json index f45b0007be2..c1cc737ca56 100644 --- a/2022/1xxx/CVE-2022-1621.json +++ b/2022/1xxx/CVE-2022-1621.json @@ -94,6 +94,11 @@ "refsource": "GENTOO", "name": "GLSA-202208-32", "url": "https://security.gentoo.org/glsa/202208-32" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/1xxx/CVE-2022-1622.json b/2022/1xxx/CVE-2022-1622.json index ba145523903..bed46b24357 100644 --- a/2022/1xxx/CVE-2022-1622.json +++ b/2022/1xxx/CVE-2022-1622.json @@ -73,6 +73,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-e9fe21d102", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C7IWZTB4J2N4F5OR5QY4VHDSKWKZSWN3/" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/1xxx/CVE-2022-1629.json b/2022/1xxx/CVE-2022-1629.json index 5b0b8c310a0..fb61c3ead13 100644 --- a/2022/1xxx/CVE-2022-1629.json +++ b/2022/1xxx/CVE-2022-1629.json @@ -89,6 +89,11 @@ "refsource": "GENTOO", "name": "GLSA-202208-32", "url": "https://security.gentoo.org/glsa/202208-32" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/1xxx/CVE-2022-1674.json b/2022/1xxx/CVE-2022-1674.json index c6039d701a2..23064692aff 100644 --- a/2022/1xxx/CVE-2022-1674.json +++ b/2022/1xxx/CVE-2022-1674.json @@ -99,6 +99,11 @@ "refsource": "GENTOO", "name": "GLSA-202208-32", "url": "https://security.gentoo.org/glsa/202208-32" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/1xxx/CVE-2022-1720.json b/2022/1xxx/CVE-2022-1720.json index 9937ccc099a..5b32c9cb6f3 100644 --- a/2022/1xxx/CVE-2022-1720.json +++ b/2022/1xxx/CVE-2022-1720.json @@ -99,6 +99,11 @@ "refsource": "GENTOO", "name": "GLSA-202208-32", "url": "https://security.gentoo.org/glsa/202208-32" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/1xxx/CVE-2022-1725.json b/2022/1xxx/CVE-2022-1725.json index 5b37e668738..6d1c22b1f8f 100644 --- a/2022/1xxx/CVE-2022-1725.json +++ b/2022/1xxx/CVE-2022-1725.json @@ -79,6 +79,11 @@ "name": "https://github.com/vim/vim/commit/b62dc5e7825bc195efe3041d5b3a9f1528359e1c", "refsource": "MISC", "url": "https://github.com/vim/vim/commit/b62dc5e7825bc195efe3041d5b3a9f1528359e1c" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/1xxx/CVE-2022-1733.json b/2022/1xxx/CVE-2022-1733.json index 6308ee60edc..1f5d2b9b68b 100644 --- a/2022/1xxx/CVE-2022-1733.json +++ b/2022/1xxx/CVE-2022-1733.json @@ -99,6 +99,11 @@ "refsource": "GENTOO", "name": "GLSA-202208-32", "url": "https://security.gentoo.org/glsa/202208-32" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/1xxx/CVE-2022-1735.json b/2022/1xxx/CVE-2022-1735.json index 754d4054be6..dbae8d0e956 100644 --- a/2022/1xxx/CVE-2022-1735.json +++ b/2022/1xxx/CVE-2022-1735.json @@ -84,6 +84,11 @@ "refsource": "GENTOO", "name": "GLSA-202208-32", "url": "https://security.gentoo.org/glsa/202208-32" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/1xxx/CVE-2022-1769.json b/2022/1xxx/CVE-2022-1769.json index a55db499270..41c875314a0 100644 --- a/2022/1xxx/CVE-2022-1769.json +++ b/2022/1xxx/CVE-2022-1769.json @@ -99,6 +99,11 @@ "refsource": "GENTOO", "name": "GLSA-202208-32", "url": "https://security.gentoo.org/glsa/202208-32" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/1xxx/CVE-2022-1851.json b/2022/1xxx/CVE-2022-1851.json index 92fd3d77aca..ceab95c5327 100644 --- a/2022/1xxx/CVE-2022-1851.json +++ b/2022/1xxx/CVE-2022-1851.json @@ -104,6 +104,11 @@ "refsource": "GENTOO", "name": "GLSA-202208-32", "url": "https://security.gentoo.org/glsa/202208-32" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/1xxx/CVE-2022-1897.json b/2022/1xxx/CVE-2022-1897.json index 1ab0f31c587..c546867faec 100644 --- a/2022/1xxx/CVE-2022-1897.json +++ b/2022/1xxx/CVE-2022-1897.json @@ -99,6 +99,11 @@ "refsource": "GENTOO", "name": "GLSA-202208-32", "url": "https://security.gentoo.org/glsa/202208-32" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/1xxx/CVE-2022-1898.json b/2022/1xxx/CVE-2022-1898.json index 9ce94106259..a198f720d76 100644 --- a/2022/1xxx/CVE-2022-1898.json +++ b/2022/1xxx/CVE-2022-1898.json @@ -104,6 +104,11 @@ "refsource": "GENTOO", "name": "GLSA-202208-32", "url": "https://security.gentoo.org/glsa/202208-32" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/1xxx/CVE-2022-1927.json b/2022/1xxx/CVE-2022-1927.json index df31ffbc67b..b14bbbfaad4 100644 --- a/2022/1xxx/CVE-2022-1927.json +++ b/2022/1xxx/CVE-2022-1927.json @@ -99,6 +99,11 @@ "refsource": "GENTOO", "name": "GLSA-202208-32", "url": "https://security.gentoo.org/glsa/202208-32" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/1xxx/CVE-2022-1942.json b/2022/1xxx/CVE-2022-1942.json index f134029d60b..9529a746270 100644 --- a/2022/1xxx/CVE-2022-1942.json +++ b/2022/1xxx/CVE-2022-1942.json @@ -89,6 +89,11 @@ "refsource": "GENTOO", "name": "GLSA-202208-32", "url": "https://security.gentoo.org/glsa/202208-32" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/1xxx/CVE-2022-1968.json b/2022/1xxx/CVE-2022-1968.json index 6665cf2432b..19bd22f65d5 100644 --- a/2022/1xxx/CVE-2022-1968.json +++ b/2022/1xxx/CVE-2022-1968.json @@ -89,6 +89,11 @@ "refsource": "GENTOO", "name": "GLSA-202208-32", "url": "https://security.gentoo.org/glsa/202208-32" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/28xxx/CVE-2022-28169.json b/2022/28xxx/CVE-2022-28169.json index 537883f08af..6bb3c85205b 100644 --- a/2022/28xxx/CVE-2022-28169.json +++ b/2022/28xxx/CVE-2022-28169.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-28169", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "sirt@brocade.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Brocade Fabric OS", + "version": { + "version_data": [ + { + "version_value": "Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2075", + "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2075" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By exploiting this vulnerability, a user whose role is not an admin can create a new user with an admin role using the operator session id. The issue was replicated after intercepting the admin, and operator authorization headers sent unencrypted and editing a user addition request to use the operator's authorization header." } ] } diff --git a/2022/28xxx/CVE-2022-28170.json b/2022/28xxx/CVE-2022-28170.json index 4cb20855cc8..87edbb32b0e 100644 --- a/2022/28xxx/CVE-2022-28170.json +++ b/2022/28xxx/CVE-2022-28170.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-28170", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "sirt@brocade.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Brocade Fabric OS", + "version": { + "version_data": [ + { + "version_value": "Brocade Fabric OS versions before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insertion of Sensitive Information Into Debugging Code" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2076", + "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2076" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file." } ] } diff --git a/2022/28xxx/CVE-2022-28739.json b/2022/28xxx/CVE-2022-28739.json index c558e6f53f2..2ef5672064a 100644 --- a/2022/28xxx/CVE-2022-28739.json +++ b/2022/28xxx/CVE-2022-28739.json @@ -71,6 +71,21 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20220624-0002/", "url": "https://security.netapp.com/advisory/ntap-20220624-0002/" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213494", + "url": "https://support.apple.com/kb/HT213494" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213493", + "url": "https://support.apple.com/kb/HT213493" } ] } diff --git a/2022/29xxx/CVE-2022-29458.json b/2022/29xxx/CVE-2022-29458.json index 9331dca73b3..330063772d5 100644 --- a/2022/29xxx/CVE-2022-29458.json +++ b/2022/29xxx/CVE-2022-29458.json @@ -61,6 +61,11 @@ "url": "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html", "refsource": "MISC", "name": "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] } diff --git a/2022/2xxx/CVE-2022-2000.json b/2022/2xxx/CVE-2022-2000.json index 43a810af825..736eb356aa7 100644 --- a/2022/2xxx/CVE-2022-2000.json +++ b/2022/2xxx/CVE-2022-2000.json @@ -89,6 +89,11 @@ "refsource": "GENTOO", "name": "GLSA-202208-32", "url": "https://security.gentoo.org/glsa/202208-32" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/2xxx/CVE-2022-2042.json b/2022/2xxx/CVE-2022-2042.json index 7c18f18a7c6..3f258088081 100644 --- a/2022/2xxx/CVE-2022-2042.json +++ b/2022/2xxx/CVE-2022-2042.json @@ -84,6 +84,11 @@ "refsource": "GENTOO", "name": "GLSA-202208-32", "url": "https://security.gentoo.org/glsa/202208-32" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/2xxx/CVE-2022-2124.json b/2022/2xxx/CVE-2022-2124.json index baf242ac4c3..7003b497bfd 100644 --- a/2022/2xxx/CVE-2022-2124.json +++ b/2022/2xxx/CVE-2022-2124.json @@ -99,6 +99,11 @@ "refsource": "GENTOO", "name": "GLSA-202208-32", "url": "https://security.gentoo.org/glsa/202208-32" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/2xxx/CVE-2022-2125.json b/2022/2xxx/CVE-2022-2125.json index 0fc110116f1..4d6bf6dc9c4 100644 --- a/2022/2xxx/CVE-2022-2125.json +++ b/2022/2xxx/CVE-2022-2125.json @@ -94,6 +94,11 @@ "refsource": "GENTOO", "name": "GLSA-202208-32", "url": "https://security.gentoo.org/glsa/202208-32" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/2xxx/CVE-2022-2126.json b/2022/2xxx/CVE-2022-2126.json index 1b149df113f..5ceb603360f 100644 --- a/2022/2xxx/CVE-2022-2126.json +++ b/2022/2xxx/CVE-2022-2126.json @@ -99,6 +99,11 @@ "refsource": "GENTOO", "name": "GLSA-202208-32", "url": "https://security.gentoo.org/glsa/202208-32" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/32xxx/CVE-2022-32205.json b/2022/32xxx/CVE-2022-32205.json index e5694c56b06..ca10ce617ed 100644 --- a/2022/32xxx/CVE-2022-32205.json +++ b/2022/32xxx/CVE-2022-32205.json @@ -63,6 +63,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20220915-0003/", "url": "https://security.netapp.com/advisory/ntap-20220915-0003/" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/32xxx/CVE-2022-32206.json b/2022/32xxx/CVE-2022-32206.json index 33f0e0a334c..20ee053312e 100644 --- a/2022/32xxx/CVE-2022-32206.json +++ b/2022/32xxx/CVE-2022-32206.json @@ -68,6 +68,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20220915-0003/", "url": "https://security.netapp.com/advisory/ntap-20220915-0003/" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/32xxx/CVE-2022-32207.json b/2022/32xxx/CVE-2022-32207.json index f41bcd06a8e..29b732ea4c6 100644 --- a/2022/32xxx/CVE-2022-32207.json +++ b/2022/32xxx/CVE-2022-32207.json @@ -63,6 +63,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20220915-0003/", "url": "https://security.netapp.com/advisory/ntap-20220915-0003/" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/32xxx/CVE-2022-32208.json b/2022/32xxx/CVE-2022-32208.json index 00421ddf4b7..35420861d4b 100644 --- a/2022/32xxx/CVE-2022-32208.json +++ b/2022/32xxx/CVE-2022-32208.json @@ -68,6 +68,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20220915-0003/", "url": "https://security.netapp.com/advisory/ntap-20220915-0003/" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/32xxx/CVE-2022-32864.json b/2022/32xxx/CVE-2022-32864.json index a2c28335e78..2a7b2216c6b 100644 --- a/2022/32xxx/CVE-2022-32864.json +++ b/2022/32xxx/CVE-2022-32864.json @@ -97,6 +97,11 @@ "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213444", "name": "https://support.apple.com/en-us/HT213444" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/32xxx/CVE-2022-32883.json b/2022/32xxx/CVE-2022-32883.json index ad5f1434d87..0f0f7d7586a 100644 --- a/2022/32xxx/CVE-2022-32883.json +++ b/2022/32xxx/CVE-2022-32883.json @@ -97,6 +97,11 @@ "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213444", "name": "https://support.apple.com/en-us/HT213444" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/32xxx/CVE-2022-32908.json b/2022/32xxx/CVE-2022-32908.json index bedbc4027fb..fda5f7a5cfb 100644 --- a/2022/32xxx/CVE-2022-32908.json +++ b/2022/32xxx/CVE-2022-32908.json @@ -97,6 +97,11 @@ "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213444", "name": "https://support.apple.com/en-us/HT213444" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/32xxx/CVE-2022-32911.json b/2022/32xxx/CVE-2022-32911.json index bd9006a7f7b..1b0a8719dd9 100644 --- a/2022/32xxx/CVE-2022-32911.json +++ b/2022/32xxx/CVE-2022-32911.json @@ -97,6 +97,11 @@ "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213444", "name": "https://support.apple.com/en-us/HT213444" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213488", + "url": "https://support.apple.com/kb/HT213488" } ] }, diff --git a/2022/33xxx/CVE-2022-33178.json b/2022/33xxx/CVE-2022-33178.json index 7119f15f249..95cd866898b 100644 --- a/2022/33xxx/CVE-2022-33178.json +++ b/2022/33xxx/CVE-2022-33178.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-33178", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "sirt@brocade.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Brocade Fabric OS", + "version": { + "version_data": [ + { + "version_value": "Brocade Fabric OS versions before Brocade Fabric OS 9.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper input validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2077", + "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2077" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch." } ] } diff --git a/2022/33xxx/CVE-2022-33179.json b/2022/33xxx/CVE-2022-33179.json index 0300417ffb5..e243a5013ff 100644 --- a/2022/33xxx/CVE-2022-33179.json +++ b/2022/33xxx/CVE-2022-33179.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-33179", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "sirt@brocade.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Brocade Fabric OS", + "version": { + "version_data": [ + { + "version_value": "Brocade Fabric OS versions before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Exposure of Sensitive Information to an Unauthorized Actor" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2079", + "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2079" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with \u201cset context\u201d and escalate privileges." } ] } diff --git a/2022/33xxx/CVE-2022-33180.json b/2022/33xxx/CVE-2022-33180.json index 5402726740d..b20359121d4 100644 --- a/2022/33xxx/CVE-2022-33180.json +++ b/2022/33xxx/CVE-2022-33180.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-33180", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "sirt@brocade.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Brocade Fabric OS", + "version": { + "version_data": [ + { + "version_value": "Brocade Fabric OS versions before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2079", + "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2079" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with \u201cseccryptocfg\u201d, \u201cconfigupload\u201d." } ] } diff --git a/2022/33xxx/CVE-2022-33181.json b/2022/33xxx/CVE-2022-33181.json index f892c85d61c..c3ba11aa9cc 100644 --- a/2022/33xxx/CVE-2022-33181.json +++ b/2022/33xxx/CVE-2022-33181.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-33181", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "sirt@brocade.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Brocade Fabric OS", + "version": { + "version_data": [ + { + "version_value": "Brocade Fabric OS versions before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2083", + "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2083" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files using switch commands \u201cconfigshow\u201d and \u201csupportlink\u201d." } ] } diff --git a/2022/33xxx/CVE-2022-33182.json b/2022/33xxx/CVE-2022-33182.json index 73fa2ccd7f6..270c079c03f 100644 --- a/2022/33xxx/CVE-2022-33182.json +++ b/2022/33xxx/CVE-2022-33182.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-33182", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "sirt@brocade.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Brocade Fabric OS", + "version": { + "version_data": [ + { + "version_value": "Brocade Fabric OS versions before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2084", + "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2084" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands \u201csupportlink\u201d, \u201cfirmwaredownload\u201d, \u201cportcfgupload, license, and \u201cfosexec\u201d." } ] } diff --git a/2022/33xxx/CVE-2022-33183.json b/2022/33xxx/CVE-2022-33183.json index b68cd9a1d92..05c6adee774 100644 --- a/2022/33xxx/CVE-2022-33183.json +++ b/2022/33xxx/CVE-2022-33183.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-33183", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "sirt@brocade.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Brocade Fabric OS", + "version": { + "version_data": [ + { + "version_value": "Brocade Fabric OS versions before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stack Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2085", + "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2085" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in \u201cfirmwaredownload\u201d and \u201cdiagshow\u201d commands." } ] } diff --git a/2022/33xxx/CVE-2022-33184.json b/2022/33xxx/CVE-2022-33184.json index 2fec610ae4b..2f65bf954ba 100644 --- a/2022/33xxx/CVE-2022-33184.json +++ b/2022/33xxx/CVE-2022-33184.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-33184", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "sirt@brocade.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Brocade Fabric OS", + "version": { + "version_data": [ + { + "version_value": "Brocade Fabric OS versions before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stack Buffer Overflow and Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2080", + "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2080" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and execute arbitrary code as the root user account." } ] } diff --git a/2022/33xxx/CVE-2022-33185.json b/2022/33xxx/CVE-2022-33185.json index bc98d650fc9..656810e4ceb 100644 --- a/2022/33xxx/CVE-2022-33185.json +++ b/2022/33xxx/CVE-2022-33185.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-33185", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "sirt@brocade.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Brocade Fabric OS", + "version": { + "version_data": [ + { + "version_value": "Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stack Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2078", + "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2078" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user account." } ] } diff --git a/2022/34xxx/CVE-2022-34255.json b/2022/34xxx/CVE-2022-34255.json index d926e75ef96..60a1359d52d 100644 --- a/2022/34xxx/CVE-2022-34255.json +++ b/2022/34xxx/CVE-2022-34255.json @@ -57,15 +57,15 @@ "cvss": { "attackComplexity": "Low", "attackVector": "Network", - "availabilityImpact": "Low", - "baseScore": 8.3, + "availabilityImpact": "High", + "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "userInteraction": "None", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, @@ -75,7 +75,7 @@ "description": [ { "lang": "eng", - "value": "Incorrect Authorization (CWE-863)" + "value": "Improper Access Control (CWE-284)" } ] } diff --git a/2022/34xxx/CVE-2022-34257.json b/2022/34xxx/CVE-2022-34257.json index 2a342d454e2..49c6c9c73bf 100644 --- a/2022/34xxx/CVE-2022-34257.json +++ b/2022/34xxx/CVE-2022-34257.json @@ -58,14 +58,14 @@ "attackComplexity": "Low", "attackVector": "Network", "availabilityImpact": "None", - "baseScore": 7.2, + "baseScore": 6.1, "baseSeverity": "High", "confidentialityImpact": "Low", "integrityImpact": "Low", "privilegesRequired": "None", "scope": "Changed", - "userInteraction": "None", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" } }, diff --git a/2022/34xxx/CVE-2022-34258.json b/2022/34xxx/CVE-2022-34258.json index f9d89dcb062..32a27dcdeab 100644 --- a/2022/34xxx/CVE-2022-34258.json +++ b/2022/34xxx/CVE-2022-34258.json @@ -58,14 +58,14 @@ "attackComplexity": "Low", "attackVector": "Network", "availabilityImpact": "None", - "baseScore": 5.5, + "baseScore": 4.8, "baseSeverity": "Medium", "confidentialityImpact": "Low", "integrityImpact": "Low", "privilegesRequired": "High", "scope": "Changed", - "userInteraction": "None", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" } }, diff --git a/2022/34xxx/CVE-2022-34870.json b/2022/34xxx/CVE-2022-34870.json index 2e19f460b3e..8f8eb07642f 100644 --- a/2022/34xxx/CVE-2022-34870.json +++ b/2022/34xxx/CVE-2022-34870.json @@ -67,6 +67,11 @@ "refsource": "MISC", "url": "https://lists.apache.org/thread/zltlr7f2ymr2m6jj54k4z0c4foos5fwx", "name": "https://lists.apache.org/thread/zltlr7f2ymr2m6jj54k4z0c4foos5fwx" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221024 CVE-2022-34870: Apache Geode stored Cross-Site Scripting (XSS) via data injection vulnerability in Pulse web application", + "url": "http://www.openwall.com/lists/oss-security/2022/10/24/3" } ] }, diff --git a/2022/35xxx/CVE-2022-35914.json b/2022/35xxx/CVE-2022-35914.json index b9649af11f1..77beceac81b 100644 --- a/2022/35xxx/CVE-2022-35914.json +++ b/2022/35xxx/CVE-2022-35914.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://glpi-project.org/fr/glpi-10-0-3-disponible/", "url": "https://glpi-project.org/fr/glpi-10-0-3-disponible/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/169501/GLPI-10.0.2-Command-Injection.html", + "url": "http://packetstormsecurity.com/files/169501/GLPI-10.0.2-Command-Injection.html" } ] } diff --git a/2022/38xxx/CVE-2022-38419.json b/2022/38xxx/CVE-2022-38419.json index 496c628d70a..afebdb6308e 100644 --- a/2022/38xxx/CVE-2022-38419.json +++ b/2022/38xxx/CVE-2022-38419.json @@ -55,7 +55,7 @@ }, "impact": { "cvss": { - "attackComplexity": "High", + "attackComplexity": "Low", "attackVector": "Network", "availabilityImpact": "None", "baseScore": 7.5, @@ -65,7 +65,7 @@ "privilegesRequired": "None", "scope": "Unchanged", "userInteraction": "None", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } }, diff --git a/2022/38xxx/CVE-2022-38434.json b/2022/38xxx/CVE-2022-38434.json index eea03fd79b4..5a49ec8108b 100644 --- a/2022/38xxx/CVE-2022-38434.json +++ b/2022/38xxx/CVE-2022-38434.json @@ -55,8 +55,8 @@ }, "impact": { "cvss": { - "attackComplexity": "High", - "attackVector": "Network", + "attackComplexity": "Low", + "attackVector": "Local", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", @@ -64,8 +64,8 @@ "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", - "userInteraction": "None", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, diff --git a/2022/3xxx/CVE-2022-3165.json b/2022/3xxx/CVE-2022-3165.json index d9aec9bcad2..5b08c963359 100644 --- a/2022/3xxx/CVE-2022-3165.json +++ b/2022/3xxx/CVE-2022-3165.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://gitlab.com/qemu-project/qemu/-/commit/d307040b18", "url": "https://gitlab.com/qemu-project/qemu/-/commit/d307040b18" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-8dcdfe7297", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I36LKZA7Z65J3LJU2P37LVTWDFTXBMPU/" } ] }, diff --git a/2022/3xxx/CVE-2022-3527.json b/2022/3xxx/CVE-2022-3527.json index 2312d8702ab..4d7dc864523 100644 --- a/2022/3xxx/CVE-2022-3527.json +++ b/2022/3xxx/CVE-2022-3527.json @@ -1,12 +1,12 @@ { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "cna@vuldb.com", "ID": "CVE-2022-3527", + "ASSIGNER": "cve@mitre.org", "STATE": "REJECT" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -15,4 +15,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3528.json b/2022/3xxx/CVE-2022-3528.json index d20a5bd7d29..1f9e69b9673 100644 --- a/2022/3xxx/CVE-2022-3528.json +++ b/2022/3xxx/CVE-2022-3528.json @@ -1,12 +1,12 @@ { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "cna@vuldb.com", "ID": "CVE-2022-3528", + "ASSIGNER": "cve@mitre.org", "STATE": "REJECT" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -15,4 +15,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3529.json b/2022/3xxx/CVE-2022-3529.json index e2d059739ee..c63fecbcefc 100644 --- a/2022/3xxx/CVE-2022-3529.json +++ b/2022/3xxx/CVE-2022-3529.json @@ -1,12 +1,12 @@ { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "cna@vuldb.com", "ID": "CVE-2022-3529", + "ASSIGNER": "cve@mitre.org", "STATE": "REJECT" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -15,4 +15,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3530.json b/2022/3xxx/CVE-2022-3530.json index 4d72ed6d04d..d1f62fc16fd 100644 --- a/2022/3xxx/CVE-2022-3530.json +++ b/2022/3xxx/CVE-2022-3530.json @@ -1,12 +1,12 @@ { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "cna@vuldb.com", "ID": "CVE-2022-3530", + "ASSIGNER": "cve@mitre.org", "STATE": "REJECT" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -15,4 +15,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3593.json b/2022/3xxx/CVE-2022-3593.json index 7a29d023de8..f13c78b80b9 100644 --- a/2022/3xxx/CVE-2022-3593.json +++ b/2022/3xxx/CVE-2022-3593.json @@ -1,12 +1,12 @@ { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "cna@vuldb.com", "ID": "CVE-2022-3593", + "ASSIGNER": "cve@mitre.org", "STATE": "REJECT" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -15,4 +15,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41704.json b/2022/41xxx/CVE-2022-41704.json index ad5cb50b526..3520149cbb6 100644 --- a/2022/41xxx/CVE-2022-41704.json +++ b/2022/41xxx/CVE-2022-41704.json @@ -71,6 +71,11 @@ "refsource": "MISC", "url": "https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf", "name": "https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221025 [CVE-2022-41704] Apache Batik information disclosure vulnerability", + "url": "http://www.openwall.com/lists/oss-security/2022/10/25/2" } ] }, diff --git a/2022/41xxx/CVE-2022-41711.json b/2022/41xxx/CVE-2022-41711.json index a17aaef008c..f8be3bd3961 100644 --- a/2022/41xxx/CVE-2022-41711.json +++ b/2022/41xxx/CVE-2022-41711.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41711", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "help@fluidattacks.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Badaso", + "version": { + "version_data": [ + { + "version_value": "2.6.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote command execution (RCE)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://fluidattacks.com/advisories/harlow/", + "url": "https://fluidattacks.com/advisories/harlow/" + }, + { + "refsource": "MISC", + "name": "https://github.com/uasoft-indonesia/badaso/issues/802", + "url": "https://github.com/uasoft-indonesia/badaso/issues/802" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users." } ] } diff --git a/2022/42xxx/CVE-2022-42890.json b/2022/42xxx/CVE-2022-42890.json index d986bc4c700..e159f9bd7a2 100644 --- a/2022/42xxx/CVE-2022-42890.json +++ b/2022/42xxx/CVE-2022-42890.json @@ -71,6 +71,11 @@ "refsource": "MISC", "url": "https://lists.apache.org/thread/pkvhy0nsj1h1mlon008wtzhosbtxjwly", "name": "https://lists.apache.org/thread/pkvhy0nsj1h1mlon008wtzhosbtxjwly" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221025 [CVE-2022-42890] Apache Batik information disclosure vulnerability", + "url": "http://www.openwall.com/lists/oss-security/2022/10/25/3" } ] },