diff --git a/2017/9xxx/CVE-2017-9833.json b/2017/9xxx/CVE-2017-9833.json index f42ae8395d9..6333deabb7d 100644 --- a/2017/9xxx/CVE-2017-9833.json +++ b/2017/9xxx/CVE-2017-9833.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "/cgi-bin/wapopen in BOA Webserver 0.94.14rc21 allows the injection of \"../..\" using the FILECAMERA variable (sent by GET) to read files with root privileges." + "value": "** DISPUTED ** /cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of \"../..\" using the FILECAMERA variable (sent by GET) to read files with root privileges. NOTE: multiple third parties report that this is a system-integrator issue (e.g., a vulnerability on one type of camera) because Boa does not include any wapopen program or any code to read a FILECAMERA variable." } ] }, diff --git a/2021/33xxx/CVE-2021-33558.json b/2021/33xxx/CVE-2021-33558.json index 6dbbff08b32..11dca4a90aa 100644 --- a/2021/33xxx/CVE-2021-33558.json +++ b/2021/33xxx/CVE-2021-33558.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, and config.js." + "value": "** DISPUTED ** Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, and config.js. NOTE: multiple third parties report that this is a site-specific issue because those files are not part of Boa." } ] }, @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://github.com/mdanzaruddin/CVE-2021-33558.", "url": "https://github.com/mdanzaruddin/CVE-2021-33558." + }, + { + "refsource": "MISC", + "name": "https://github.com/mdanzaruddin/CVE-2021-33558./issues/1", + "url": "https://github.com/mdanzaruddin/CVE-2021-33558./issues/1" } ] } diff --git a/2022/23xxx/CVE-2022-23486.json b/2022/23xxx/CVE-2022-23486.json index 723fb2e92c1..24071b0fd28 100644 --- a/2022/23xxx/CVE-2022-23486.json +++ b/2022/23xxx/CVE-2022-23486.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23486", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.45.1 an attacker node can cause a victim node to allocate a large number of small memory chunks, which can ultimately lead to the victim\u2019s process running out of memory and thus getting killed by its operating system. When executed continuously, this can lead to a denial of service attack, especially relevant on a larger scale when run against more than one node of a libp2p based network. Users are advised to upgrade to `libp2p` `v0.45.1` or above. Users unable to upgrade should reference the DoS Mitigation page for more information on how to incorporate mitigation strategies, monitor their application, and respond to attacks: https://docs.libp2p.io/reference/dos-mitigation/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "libp2p", + "product": { + "product_data": [ + { + "product_name": "rust-libp2p", + "version": { + "version_data": [ + { + "version_value": "< 0.45.1", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/libp2p/rust-libp2p/security/advisories/GHSA-jvgw-gccv-q5p8", + "refsource": "MISC", + "name": "https://github.com/libp2p/rust-libp2p/security/advisories/GHSA-jvgw-gccv-q5p8" + } + ] + }, + "source": { + "advisory": "GHSA-jvgw-gccv-q5p8", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2022/23xxx/CVE-2022-23487.json b/2022/23xxx/CVE-2022-23487.json index 1d18caa0310..49a26885e14 100644 --- a/2022/23xxx/CVE-2022-23487.json +++ b/2022/23xxx/CVE-2022-23487.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23487", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "js-libp2p is the official javascript Implementation of libp2p networking stack. Versions older than `v0.38.0` of js-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p\u2019s connection, stream, peer, and memory management. An attacker can cause the allocation of large amounts of memory, ultimately leading to the process getting killed by the host\u2019s operating system. While a connection manager tasked with keeping the number of connections within manageable limits has been part of js-libp2p, this component was designed to handle the regular churn of peers, not a targeted resource exhaustion attack. Users are advised to update their js-libp2p dependency to `v0.38.0` or greater. There are no known workarounds for this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "libp2p", + "product": { + "product_data": [ + { + "product_name": "js-libp2p", + "version": { + "version_data": [ + { + "version_value": "< 0.38.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/libp2p/js-libp2p/security/advisories/GHSA-f44q-634c-jvwv", + "refsource": "MISC", + "name": "https://github.com/libp2p/js-libp2p/security/advisories/GHSA-f44q-634c-jvwv" + } + ] + }, + "source": { + "advisory": "GHSA-f44q-634c-jvwv", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2022/46xxx/CVE-2022-46332.json b/2022/46xxx/CVE-2022-46332.json index 3631f31a21d..8c01076fb6e 100644 --- a/2022/46xxx/CVE-2022-46332.json +++ b/2022/46xxx/CVE-2022-46332.json @@ -39,14 +39,6 @@ "product_name": "enterprise_protection", "version": { "version_data": [ - { - "version_value": "8.18.*", - "version_affected": "=" - }, - { - "version_value": "8.13.*", - "version_affected": "=" - }, { "version_value": "8.*", "version_affected": "=" diff --git a/2022/46xxx/CVE-2022-46333.json b/2022/46xxx/CVE-2022-46333.json index 2a2644b702f..50ef15cc1c9 100644 --- a/2022/46xxx/CVE-2022-46333.json +++ b/2022/46xxx/CVE-2022-46333.json @@ -39,14 +39,6 @@ "product_name": "enterprise_protection", "version": { "version_data": [ - { - "version_value": "8.18.*", - "version_affected": "=" - }, - { - "version_value": "8.13.*", - "version_affected": "=" - }, { "version_value": "8.*", "version_affected": "=" diff --git a/2022/46xxx/CVE-2022-46771.json b/2022/46xxx/CVE-2022-46771.json new file mode 100644 index 00000000000..371f419d079 --- /dev/null +++ b/2022/46xxx/CVE-2022-46771.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-46771", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/46xxx/CVE-2022-46772.json b/2022/46xxx/CVE-2022-46772.json new file mode 100644 index 00000000000..f188d0a74ef --- /dev/null +++ b/2022/46xxx/CVE-2022-46772.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-46772", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/46xxx/CVE-2022-46773.json b/2022/46xxx/CVE-2022-46773.json new file mode 100644 index 00000000000..31a3ed035ca --- /dev/null +++ b/2022/46xxx/CVE-2022-46773.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-46773", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/46xxx/CVE-2022-46774.json b/2022/46xxx/CVE-2022-46774.json new file mode 100644 index 00000000000..1a62cd6d3ce --- /dev/null +++ b/2022/46xxx/CVE-2022-46774.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-46774", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/46xxx/CVE-2022-46775.json b/2022/46xxx/CVE-2022-46775.json new file mode 100644 index 00000000000..0a39ca37744 --- /dev/null +++ b/2022/46xxx/CVE-2022-46775.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-46775", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/46xxx/CVE-2022-46776.json b/2022/46xxx/CVE-2022-46776.json new file mode 100644 index 00000000000..8e4a3f33ac3 --- /dev/null +++ b/2022/46xxx/CVE-2022-46776.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-46776", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/46xxx/CVE-2022-46777.json b/2022/46xxx/CVE-2022-46777.json new file mode 100644 index 00000000000..0828db503aa --- /dev/null +++ b/2022/46xxx/CVE-2022-46777.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-46777", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/46xxx/CVE-2022-46778.json b/2022/46xxx/CVE-2022-46778.json new file mode 100644 index 00000000000..c3f38cad2ae --- /dev/null +++ b/2022/46xxx/CVE-2022-46778.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-46778", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/46xxx/CVE-2022-46779.json b/2022/46xxx/CVE-2022-46779.json new file mode 100644 index 00000000000..15ddc936256 --- /dev/null +++ b/2022/46xxx/CVE-2022-46779.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-46779", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/46xxx/CVE-2022-46780.json b/2022/46xxx/CVE-2022-46780.json new file mode 100644 index 00000000000..06544b78312 --- /dev/null +++ b/2022/46xxx/CVE-2022-46780.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-46780", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/46xxx/CVE-2022-46781.json b/2022/46xxx/CVE-2022-46781.json new file mode 100644 index 00000000000..c481812b0fa --- /dev/null +++ b/2022/46xxx/CVE-2022-46781.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-46781", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/46xxx/CVE-2022-46782.json b/2022/46xxx/CVE-2022-46782.json new file mode 100644 index 00000000000..548bde4c7e4 --- /dev/null +++ b/2022/46xxx/CVE-2022-46782.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-46782", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/46xxx/CVE-2022-46783.json b/2022/46xxx/CVE-2022-46783.json new file mode 100644 index 00000000000..2e55bc24acc --- /dev/null +++ b/2022/46xxx/CVE-2022-46783.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-46783", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/46xxx/CVE-2022-46784.json b/2022/46xxx/CVE-2022-46784.json new file mode 100644 index 00000000000..73a7fcabc3b --- /dev/null +++ b/2022/46xxx/CVE-2022-46784.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-46784", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/46xxx/CVE-2022-46785.json b/2022/46xxx/CVE-2022-46785.json new file mode 100644 index 00000000000..8cf475e1971 --- /dev/null +++ b/2022/46xxx/CVE-2022-46785.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-46785", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/46xxx/CVE-2022-46786.json b/2022/46xxx/CVE-2022-46786.json new file mode 100644 index 00000000000..0dfe2b05c2b --- /dev/null +++ b/2022/46xxx/CVE-2022-46786.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-46786", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4341.json b/2022/4xxx/CVE-2022-4341.json new file mode 100644 index 00000000000..4dfbd1f317e --- /dev/null +++ b/2022/4xxx/CVE-2022-4341.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4341", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file