diff --git a/2021/43xxx/CVE-2021-43937.json b/2021/43xxx/CVE-2021-43937.json index 2f604ba748c..98a5d080a14 100644 --- a/2021/43xxx/CVE-2021-43937.json +++ b/2021/43xxx/CVE-2021-43937.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2021-43937", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Elcomplus SmartPTT SCADA Server Cross-site Request Forgery" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SmartPTT SCADA Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.4" + } + ] + } + } + ] + }, + "vendor_name": "Elcomplus" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Michael Heinzl reported these vulnerabilities to CISA." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Elcomplus SmartPTT SCADA Server web application does not, or cannot, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Information Exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-05", + "refsource": "CONFIRM", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-05" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Elcomplus has released an update to fix these vulnerabilities and recommends users upgrade to Version 2.3.4 or later.\n\nFor more information, please contact Elcomplus support." + } + ], + "source": { + "advisory": "ICSA-22-109-05", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43938.json b/2021/43xxx/CVE-2021-43938.json index dea416ffbd8..b8698f4ee82 100644 --- a/2021/43xxx/CVE-2021-43938.json +++ b/2021/43xxx/CVE-2021-43938.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2021-43938", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Elcomplus SmartPTT SCADA Server Information Exposure" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SmartPTT SCADA Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.4" + } + ] + } + } + ] + }, + "vendor_name": "Elcomplus" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Michael Heinzl reported these vulnerabilities to CISA." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated user can request various files from the server without any authentication or authorization." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Information Exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-05", + "refsource": "CONFIRM", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-05" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Elcomplus has released an update to fix these vulnerabilities and recommends users upgrade to Version 2.3.4 or later.\n\nFor more information, please contact Elcomplus support." + } + ], + "source": { + "advisory": "ICSA-22-109-05", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0985.json b/2022/0xxx/CVE-2022-0985.json index 6cce49276da..9684be1bcc4 100644 --- a/2022/0xxx/CVE-2022-0985.json +++ b/2022/0xxx/CVE-2022-0985.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-0985", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "moodle", + "version": { + "version_data": [ + { + "version_value": "moodle 3.11.6, moodle 3.10.10, moodle 3.9.13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2064117", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064117" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary moodle/user:delete capability." } ] } diff --git a/2022/1xxx/CVE-2022-1011.json b/2022/1xxx/CVE-2022-1011.json index f2a9af5dcf0..4dbeccf0375 100644 --- a/2022/1xxx/CVE-2022-1011.json +++ b/2022/1xxx/CVE-2022-1011.json @@ -15,7 +15,7 @@ "product": { "product_data": [ { - "product_name": "Kernel", + "product_name": "kernel", "version": { "version_data": [ { @@ -49,25 +49,10 @@ "name": "https://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse.git/commit/?h=for-next", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse.git/commit/?h=for-next" }, - { - "refsource": "FEDORA", - "name": "FEDORA-2022-9342e59a98", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BG4J46EMFPDD5QHYXDUI3PJCZQ7HQAZR/" - }, - { - "refsource": "FEDORA", - "name": "FEDORA-2022-de4474b89d", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C5AUUDGSDLGYU7SZSK4PFAN22NISQZBT/" - }, { "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/166772/Linux-FUSE-Use-After-Free.html", - "url": "http://packetstormsecurity.com/files/166772/Linux-FUSE-Use-After-Free.html" - }, - { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20220425-0002/", - "url": "https://security.netapp.com/advisory/ntap-20220425-0002/" + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2064855", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064855" } ] }, @@ -75,7 +60,7 @@ "description_data": [ { "lang": "eng", - "value": "A flaw use after free in the Linux kernel FUSE filesystem was found in the way user triggers write(). A local user could use this flaw to get some unauthorized access to some data from the FUSE filesystem and as result potentially privilege escalation too." + "value": "A use-after-free flaw was found in the Linux kernel\u2019s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation." } ] } diff --git a/2022/1xxx/CVE-2022-1015.json b/2022/1xxx/CVE-2022-1015.json index 3495edef516..71c6c8d0c83 100644 --- a/2022/1xxx/CVE-2022-1015.json +++ b/2022/1xxx/CVE-2022-1015.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-1015", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "kernel", + "version": { + "version_data": [ + { + "version_value": "Kernel 5.16.18" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2065323", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2065323" + }, + { + "refsource": "MISC", + "name": "http://blog.dbouman.nl/2022/04/02/How-The-Tables-Have-Turned-CVE-2022-1015-1016/", + "url": "http://blog.dbouman.nl/2022/04/02/How-The-Tables-Have-Turned-CVE-2022-1015-1016/" + }, + { + "refsource": "MISC", + "name": "https://seclists.org/oss-sec/2022/q1/205", + "url": "https://seclists.org/oss-sec/2022/q1/205" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue." } ] } diff --git a/2022/1xxx/CVE-2022-1048.json b/2022/1xxx/CVE-2022-1048.json index c2a0363770f..d2d403ea539 100644 --- a/2022/1xxx/CVE-2022-1048.json +++ b/2022/1xxx/CVE-2022-1048.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-1048", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "kernel", + "version": { + "version_data": [ + { + "version_value": "Linux kernel 5.17-rc9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2066706", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066706" + }, + { + "refsource": "MISC", + "name": "https://lore.kernel.org/lkml/20220322170720.3529-5-tiwai@suse.de/T/#m1d3b791b815556012c6be92f1c4a7086b854f7f3", + "url": "https://lore.kernel.org/lkml/20220322170720.3529-5-tiwai@suse.de/T/#m1d3b791b815556012c6be92f1c4a7086b854f7f3" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use-after-free flaw was found in the Linux kernel\u2019s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system." } ] } diff --git a/2022/1xxx/CVE-2022-1050.json b/2022/1xxx/CVE-2022-1050.json index 0b076bd17d9..15b70bc59de 100644 --- a/2022/1xxx/CVE-2022-1050.json +++ b/2022/1xxx/CVE-2022-1050.json @@ -15,11 +15,11 @@ "product": { "product_data": [ { - "product_name": "qemu-kvm", + "product_name": "QEMU", "version": { "version_data": [ { - "version_value": "QEMU <= 6.2.0" + "version_value": "qemu 2.20.1" } ] } @@ -46,8 +46,8 @@ "reference_data": [ { "refsource": "MISC", - "name": "https://lists.nongnu.org/archive/html/qemu-devel/2022-03/msg05197.html", - "url": "https://lists.nongnu.org/archive/html/qemu-devel/2022-03/msg05197.html" + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2069625", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069625" } ] }, @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "Guest driver might execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition." + "value": "A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition." } ] } diff --git a/2022/1xxx/CVE-2022-1114.json b/2022/1xxx/CVE-2022-1114.json index 82bd74dcaf5..bf12a8b80df 100644 --- a/2022/1xxx/CVE-2022-1114.json +++ b/2022/1xxx/CVE-2022-1114.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-1114", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ImageMagick", + "version": { + "version_data": [ + { + "version_value": "ImageMagick6 v6.9.12-43, ImageMagick7 v7.1.0-28" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2064538", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064538" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service." } ] } diff --git a/2022/1xxx/CVE-2022-1195.json b/2022/1xxx/CVE-2022-1195.json index 9a7c617ae33..7b65d04a82c 100644 --- a/2022/1xxx/CVE-2022-1195.json +++ b/2022/1xxx/CVE-2022-1195.json @@ -4,14 +4,78 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-1195", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "kernel", + "version": { + "version_data": [ + { + "version_value": "kernel 5.16 rc1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-362->CWE-416" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2056381", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056381" + }, + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0b9111922b1f399aba6ed1e1b8f2079c3da1aed8", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0b9111922b1f399aba6ed1e1b8f2079c3da1aed8" + }, + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e0588c291d6ce225f2b891753ca41d45ba42469", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e0588c291d6ce225f2b891753ca41d45ba42469" + }, + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=81b1d548d00bcd028303c4f3150fa753b9b8aa71", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=81b1d548d00bcd028303c4f3150fa753b9b8aa71" + }, + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b2f37aead1b82a770c48b5d583f35ec22aabb61e", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b2f37aead1b82a770c48b5d583f35ec22aabb61e" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early." } ] } diff --git a/2022/1xxx/CVE-2022-1227.json b/2022/1xxx/CVE-2022-1227.json index 3ff3868a390..690f4f22063 100644 --- a/2022/1xxx/CVE-2022-1227.json +++ b/2022/1xxx/CVE-2022-1227.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-1227", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "psgo", + "version": { + "version_data": [ + { + "version_value": "podman 4.0, psgo 1.7.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-281" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2070368", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070368" + }, + { + "refsource": "MISC", + "name": "https://github.com/containers/podman/issues/10941", + "url": "https://github.com/containers/podman/issues/10941" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service." } ] } diff --git a/2022/1xxx/CVE-2022-1249.json b/2022/1xxx/CVE-2022-1249.json index 5b802acbdd0..04b68fd1e0a 100644 --- a/2022/1xxx/CVE-2022-1249.json +++ b/2022/1xxx/CVE-2022-1249.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-1249", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "pesign", + "version": { + "version_data": [ + { + "version_value": "pesign 115" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2065771", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2065771" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A NULL pointer dereference flaw was found in pesign's cms_set_pw_data() function of the cms_common.c file. The function fails to handle the NULL pwdata invocation from daemon.c, which leads to an explicit NULL dereference and crash on all attempts to daemonize pesign." } ] } diff --git a/2022/1xxx/CVE-2022-1353.json b/2022/1xxx/CVE-2022-1353.json index 81adefa2ce5..c27d2304cb7 100644 --- a/2022/1xxx/CVE-2022-1353.json +++ b/2022/1xxx/CVE-2022-1353.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-1353", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "kernel 5.17 rc12" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2066819", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066819" + }, + { + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/9a564bccb78a76740ea9d75a259942df8143d02c", + "url": "https://github.com/torvalds/linux/commit/9a564bccb78a76740ea9d75a259942df8143d02c" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information." } ] } diff --git a/2022/25xxx/CVE-2022-25880.json b/2022/25xxx/CVE-2022-25880.json index 23af250df62..5bffb24106c 100644 --- a/2022/25xxx/CVE-2022-25880.json +++ b/2022/25xxx/CVE-2022-25880.json @@ -43,7 +43,7 @@ "description_data": [ { "lang": "eng", - "value": "Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_hierarchyHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands." + "value": "Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerCommon.ashx and DIAE_hierarchyHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands." } ] }, diff --git a/2022/29xxx/CVE-2022-29856.json b/2022/29xxx/CVE-2022-29856.json index 8d8ef326186..e8eb2a779ef 100644 --- a/2022/29xxx/CVE-2022-29856.json +++ b/2022/29xxx/CVE-2022-29856.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-29856", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-29856", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A hardcoded cryptographic key in Automation360 22 allows an attacker to decrypt exported RPA packages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.automationanywhere.com/products/automation-360", + "refsource": "MISC", + "name": "https://www.automationanywhere.com/products/automation-360" + }, + { + "refsource": "MISC", + "name": "https://dolosgroup.io/blog", + "url": "https://dolosgroup.io/blog" } ] } diff --git a/2022/29xxx/CVE-2022-29931.json b/2022/29xxx/CVE-2022-29931.json new file mode 100644 index 00000000000..db89abe6aad --- /dev/null +++ b/2022/29xxx/CVE-2022-29931.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-29931", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/29xxx/CVE-2022-29932.json b/2022/29xxx/CVE-2022-29932.json new file mode 100644 index 00000000000..63816a4c185 --- /dev/null +++ b/2022/29xxx/CVE-2022-29932.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-29932", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file