admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-10-19 22:00:33 +00:00
parent f5eb5d52ee
commit 47262bbe57
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
21 changed files with 2051 additions and 117 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
2021/46xxx/CVE-2021-46846.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46846",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

50
2022/31xxx/CVE-2022-31684.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-31684",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@vmware.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Reactor Netty",
"version": {
"version_data": [
{
"version_value": "Reactor Netty 1.0.11 to 1.0.23"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HTTP Server may log request headers"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://tanzu.vmware.com/security/cve-2022-31684",
"url": "https://tanzu.vmware.com/security/cve-2022-31684"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled."
}
]
}

108
2022/36xxx/CVE-2022-36795.json
View File

@ -1,18 +1,114 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2022-10-19T14:00:00.000Z",
"ID": "CVE-2022-36795",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "BIG-IP software SYN cookies vulnerability CVE-2022-36795"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "17.0.x",
"version_value": "17.0.0.1"
},
{
"version_affected": "<",
"version_name": "16.1.x",
"version_value": "16.1.3.1"
},
{
"version_affected": "<",
"version_name": "15.1.x",
"version_value": "15.1.7"
},
{
"version_affected": "<",
"version_name": "14.1.x",
"version_value": "14.1.5.1"
},
{
"version_affected": "!>=",
"version_name": "13.1.x",
"version_value": "13.1.0"
}
]
}
}
]
},
"vendor_name": "F5"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered internally by F5."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, and 14.1.x before 14.1.5.1, when an LTM TCP profile with Auto Receive Window Enabled is configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing new client connections."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-682 Incorrect Calculation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K52494562",
"name": "https://support.f5.com/csp/article/K52494562"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

92
2022/38xxx/CVE-2022-38107.json
View File

@ -1,18 +1,98 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@solarwinds.com",
"DATE_PUBLIC": "2022-10-18T09:41:00.000Z",
"ID": "CVE-2022-38107",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Sensitive Data Disclosure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SQL Sentry",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "2021.18.10 and previous versions"
}
]
}
}
]
},
"vendor_name": "SolarWinds"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-209 Information Exposure Through an Error Message"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38107",
"name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38107"
},
{
"refsource": "MISC",
"url": "https://docs.sentryone.com/help/sentryone-platform-release-notes",
"name": "https://docs.sentryone.com/help/sentryone-platform-release-notes"
}
]
},
"solution": [
{
"lang": "eng",
"value": "SolarWinds recommends customers upgrade to SQL Sentry version 2022.4 as soon as possible."
}
],
"source": {
"discovery": "UNKNOWN"
}
}

108
2022/41xxx/CVE-2022-41617.json
View File

@ -1,18 +1,114 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2022-10-19T14:00:00.000Z",
"ID": "CVE-2022-41617",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "BIG-IP Advanced WAF and ASM iControl REST vulnerability CVE-2022-41617"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP Advanced WAF & ASM",
"version": {
"version_data": [
{
"version_affected": "!>=",
"version_name": "17.0.x",
"version_value": "17.0.0"
},
{
"version_affected": "<",
"version_name": "16.1.x",
"version_value": "16.1.3.1"
},
{
"version_affected": "<",
"version_name": "15.1.x",
"version_value": "15.1.6.1"
},
{
"version_affected": "<",
"version_name": "14.1.x",
"version_value": "14.1.5.1"
},
{
"version_affected": "<",
"version_name": "13.1.x",
"version_value": "13.1.5.1"
}
]
}
}
]
},
"vendor_name": "F5"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered internally by F5."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, When the Advanced WAF / ASM module is provisioned, an authenticated remote code execution vulnerability exists in the BIG-IP iControl REST interface."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K11830089",
"name": "https://support.f5.com/csp/article/K11830089"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

108
2022/41xxx/CVE-2022-41624.json
View File

@ -1,18 +1,114 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2022-10-19T14:00:00.000Z",
"ID": "CVE-2022-41624",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "BIG-IP iRules vulnerability CVE-2022-41624"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "17.0.x",
"version_value": "17.0.0.1"
},
{
"version_affected": "<",
"version_name": "16.1.x",
"version_value": "16.1.3.2"
},
{
"version_affected": "<",
"version_name": "15.1.x",
"version_value": "15.1.7"
},
{
"version_affected": "<",
"version_name": "14.1.x",
"version_value": "14.1.5.2"
},
{
"version_affected": "<",
"version_name": "13.1.x",
"version_value": "13.1.5.1"
}
]
}
}
]
},
"vendor_name": "F5"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered internally by F5."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.2, 15.1.x before 15.1.7, 14.1.x before 14.1.5.2, and 13.1.x before 13.1.5.1, when a sideband iRule is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401 Missing Release of Memory after Effective Lifetime"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K43024307",
"name": "https://support.f5.com/csp/article/K43024307"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

108
2022/41xxx/CVE-2022-41691.json
View File

@ -1,18 +1,114 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2022-10-19T14:00:00.000Z",
"ID": "CVE-2022-41691",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "BIG-IP Advanced WAF/ASM bd vulnerability CVE-2022-41691"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP Advanced WAF & ASM",
"version": {
"version_data": [
{
"version_affected": "!>=",
"version_name": "17.0.x",
"version_value": "17.0.0"
},
{
"version_affected": "!<=",
"version_name": "16.1.x",
"version_value": "16.1.0"
},
{
"version_affected": "!>=",
"version_name": "15.1.x",
"version_value": "15.1.0"
},
{
"version_affected": "<",
"version_name": "14.1.x",
"version_value": "14.1.5.2"
},
{
"version_affected": "!>=",
"version_name": "13.1.x",
"version_value": "13.1.0"
}
]
}
}
]
},
"vendor_name": "F5"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered internally by F5."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-763 Release of Invalid Pointer or Reference"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K02694732",
"name": "https://support.f5.com/csp/article/K02694732"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

125
2022/41xxx/CVE-2022-41694.json
View File

@ -1,18 +1,131 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2022-10-19T14:00:00.000Z",
"ID": "CVE-2022-41694",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "BIG-IP and BIG-IQ mcpd vulnerability CVE-2022-41694"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_affected": "!>=",
"version_name": "17.0.x",
"version_value": "17.0.0"
},
{
"version_affected": "<",
"version_name": "16.1.x",
"version_value": "16.1.3"
},
{
"version_affected": "<",
"version_name": "15.1.x",
"version_value": "15.1.6.1"
},
{
"version_affected": "<",
"version_name": "14.1.x",
"version_value": "14.1.5"
},
{
"version_affected": ">=",
"version_name": "13.1.x",
"version_value": "13.1.0"
}
]
}
},
{
"product_name": "BIG-IQ",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8.x",
"version_value": "8.2.0.1"
},
{
"version_affected": ">=",
"version_name": "7.1.x",
"version_value": "7.1.0"
}
]
}
}
]
},
"vendor_name": "F5"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered internally by F5."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In BIG-IP versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, and BIG-IQ versions 8.x before 8.2.0.1 and all versions of 7.x, when an SSL key is imported on a BIG-IP or BIG-IQ system, undisclosed input can cause MCPD to terminate."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K64829234",
"name": "https://support.f5.com/csp/article/K64829234"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

124
2022/41xxx/CVE-2022-41741.json
View File

@ -1,18 +1,130 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2022-10-19T14:00:00.000Z",
"ID": "CVE-2022-41741",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "NGINX ngx_http_mp4_module vulnerability CVE-2022-41741"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NGINX",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "Mainline",
"version_value": "1.23.2"
},
{
"version_affected": "<",
"version_name": "Stable",
"version_value": "1.22.1"
}
]
}
},
{
"product_name": "NGINX Plus",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R27",
"version_value": "R27-p1"
},
{
"version_affected": "<",
"version_name": "R1",
"version_value": "R26-p1"
}
]
}
},
{
"product_name": "NGINX Open Source Subscription",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R2",
"version_value": "R2 P1"
},
{
"version_affected": "<",
"version_name": "R1",
"version_value": "R1 P1"
}
]
}
}
]
},
"vendor_name": "F5"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its termination or potential other impact using a specially crafted audio or video file. The issue affects only NGINX products that are built with the ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K81926432",
"name": "https://support.f5.com/csp/article/K81926432"
}
]
},
"source": {
"defect": [
"NWA-1396"
],
"discovery": "EXTERNAL"
}
}

124
2022/41xxx/CVE-2022-41742.json
View File

@ -1,18 +1,130 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2022-10-19T14:00:00.000Z",
"ID": "CVE-2022-41742",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "NGINX ngx_http_mp4_module vulnerability CVE-2022-41742"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NGINX",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "Mainline",
"version_value": "1.23.2"
},
{
"version_affected": "<",
"version_name": "Stable",
"version_value": "1.22.1"
}
]
}
},
{
"product_name": "NGINX Plus",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R27",
"version_value": "R27-p1"
},
{
"version_affected": "<",
"version_name": "R1",
"version_value": "R26-p1 "
}
]
}
},
{
"product_name": "NGINX Open Source Subscription",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R2",
"version_value": "R2 P1"
},
{
"version_affected": "<",
"version_name": "R1",
"version_value": "R1 P1"
}
]
}
}
]
},
"vendor_name": "F5"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products that are built with the module ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K28112382",
"name": "https://support.f5.com/csp/article/K28112382"
}
]
},
"source": {
"defect": [
"NWA-1396"
],
"discovery": "EXTERNAL"
}
}

90
2022/41xxx/CVE-2022-41743.json
View File

@ -1,18 +1,96 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2022-10-19T14:00:00.000Z",
"ID": "CVE-2022-41743",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "NGINX ngx_http_hls_module vulnerability CVE-2022-41743"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NGINX Plus",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R27",
"version_value": "R27-p1"
},
{
"version_affected": "<",
"version_name": "R1",
"version_value": "R26-p1 "
}
]
}
}
]
},
"vendor_name": "F5"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_hls_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its crash or potential other impact using a specially crafted audio or video file. The issue affects only NGINX Plus when the hls directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_hls_module."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K01112063",
"name": "https://support.f5.com/csp/article/K01112063"
}
]
},
"source": {
"defect": [
"NWA-1396"
],
"discovery": "EXTERNAL"
}
}

125
2022/41xxx/CVE-2022-41770.json
View File

@ -1,18 +1,131 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2022-10-19T14:00:00.000Z",
"ID": "CVE-2022-41770",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "BIG-IP and BIG-IQ iControl REST vulnerability CVE-2022-41770"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "17.0.x",
"version_value": "17.0.0.1"
},
{
"version_affected": "<",
"version_name": "16.1.x",
"version_value": "16.1.3.1"
},
{
"version_affected": "<",
"version_name": "15.1.x",
"version_value": "15.1.7"
},
{
"version_affected": "<",
"version_name": "14.1.x",
"version_value": "14.1.5.1"
},
{
"version_affected": ">=",
"version_name": "13.1.x",
"version_value": "13.1.0"
}
]
}
},
{
"product_name": "BIG-IQ",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "8.x",
"version_value": "8.0.0"
},
{
"version_affected": ">=",
"version_name": "7.1.x",
"version_value": "7.1.0"
}
]
}
}
]
},
"vendor_name": "F5"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered internally by F5."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ all versions of 8.x and 7.x, an authenticated iControl REST user can cause an increase in memory resource utilization, via undisclosed requests."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K22505850",
"name": "https://support.f5.com/csp/article/K22505850"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

100
2022/41xxx/CVE-2022-41780.json
View File

@ -1,18 +1,106 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2022-10-19T14:00:00.000Z",
"ID": "CVE-2022-41780",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "F5OS CLI vulnerability CVE-2022-41780"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "F5OS-A",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.x",
"version_value": "1.1.0"
}
]
}
},
{
"product_name": "F5OS-C",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.x",
"version_value": "1.4.0"
}
]
}
}
]
},
"vendor_name": "F5"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered internally by F5."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.4.0, a directory traversal vulnerability exists in an undisclosed location of the F5OS CLI that allows an attacker to read arbitrary files."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K81701735",
"name": "https://support.f5.com/csp/article/K81701735"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

140
2022/41xxx/CVE-2022-41787.json
View File

@ -1,18 +1,146 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2022-10-19T14:00:00.000Z",
"ID": "CVE-2022-41787",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "BIG-IP DNS Express vulnerability CVE-2022-41787"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP DNS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "17.0.x",
"version_value": "17.0.0.1"
},
{
"version_affected": "<",
"version_name": "16.1.x",
"version_value": "16.1.3.1"
},
{
"version_affected": "<",
"version_name": "15.1.x",
"version_value": "15.1.6.1"
},
{
"version_affected": "<",
"version_name": "14.1.x",
"version_value": "14.1.5.1"
},
{
"version_affected": "<",
"version_name": "13.1.x",
"version_value": "13.1.5.1"
}
]
}
},
{
"product_name": "BIG-IP LTM",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "17.0.x",
"version_value": "17.0.0.1"
},
{
"version_affected": "<",
"version_name": "16.1.x",
"version_value": "16.1.3.1"
},
{
"version_affected": "<",
"version_name": "15.1.x",
"version_value": "15.1.6.1"
},
{
"version_affected": "<",
"version_name": "14.1.x",
"version_value": "14.1.5.1"
},
{
"version_affected": "<",
"version_name": "13.1.x",
"version_value": "13.1.5.1"
}
]
}
}
]
},
"vendor_name": "F5"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered internally by F5."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, when DNS profile is configured on a virtual server with DNS Express enabled, undisclosed DNS queries with DNSSEC can cause TMM to terminate."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K70569537",
"name": "https://support.f5.com/csp/article/K70569537"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

108
2022/41xxx/CVE-2022-41806.json
View File

@ -1,18 +1,114 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2022-10-19T14:00:00.000Z",
"ID": "CVE-2022-41806",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "BIG-IP AFM NAT64 Policy Vulnerability CVE-2022-41806"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP AFM",
"version": {
"version_data": [
{
"version_affected": "!>=",
"version_name": "17.0.x",
"version_value": "17.0.0"
},
{
"version_affected": "<",
"version_name": "16.1.x",
"version_value": "16.1.3.2"
},
{
"version_affected": "<",
"version_name": "15.1.x",
"version_value": "15.1.5.1"
},
{
"version_affected": "!>=",
"version_name": "14.1.x",
"version_value": "14.1.0"
},
{
"version_affected": "!>=",
"version_name": "13.1.x",
"version_value": "13.1.0"
}
]
}
}
]
},
"vendor_name": "F5"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered internally by F5."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In versions 16.1.x before 16.1.3.2 and 15.1.x before 15.1.5.1, when BIG-IP AFM Network Address Translation policy with IPv6/IPv4 translation rules is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K00721320",
"name": "https://support.f5.com/csp/article/K00721320"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

108
2022/41xxx/CVE-2022-41813.json
View File

@ -1,18 +1,114 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2022-10-19T14:00:00.000Z",
"ID": "CVE-2022-41813",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "BIG-IP PEM and AFM TMUI, TMSH and iControl vulnerability CVE-2022-41813"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP AFM & PEM",
"version": {
"version_data": [
{
"version_affected": "!>=",
"version_name": "17.0.x",
"version_value": "17.0.0"
},
{
"version_affected": "<",
"version_name": "16.1.x",
"version_value": "16.1.3.1"
},
{
"version_affected": "<",
"version_name": "15.1.x",
"version_value": "15.1.6.1"
},
{
"version_affected": "<",
"version_name": "14.1.x",
"version_value": "14.1.5"
},
{
"version_affected": ">=",
"version_name": "13.1.x",
"version_value": "13.1.0"
}
]
}
}
]
},
"vendor_name": "F5"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered internally by F5."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when BIG-IP is provisioned with PEM or AFM module, an undisclosed input can cause Traffic Management Microkernel (TMM) to terminate."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K93723284",
"name": "https://support.f5.com/csp/article/K93723284"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

108
2022/41xxx/CVE-2022-41832.json
View File

@ -1,18 +1,114 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2022-10-19T14:00:00.000Z",
"ID": "CVE-2022-41832",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "BIG-IP SIP vulnerability CVE-2022-41832"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "17.0.x",
"version_value": "17.0.0.1"
},
{
"version_affected": "<",
"version_name": "16.1.x",
"version_value": "16.1.3.1"
},
{
"version_affected": "<",
"version_name": "15.1.x",
"version_value": "15.1.6.1"
},
{
"version_affected": "<",
"version_name": "14.1.x",
"version_value": "14.1.5.1"
},
{
"version_affected": "<",
"version_name": "13.1.x",
"version_value": "13.1.5.1"
}
]
}
}
]
},
"vendor_name": "F5"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered internally by F5."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, when a SIP profile is configured on a virtual server, undisclosed messages can cause an increase in memory resource utilization."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401 Missing Release of Memory after Effective Lifetime"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K10347453",
"name": "https://support.f5.com/csp/article/K10347453"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

108
2022/41xxx/CVE-2022-41833.json
View File

@ -1,18 +1,114 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2022-10-19T14:00:00.000Z",
"ID": "CVE-2022-41833",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "BIG-IP iRule vulnerability CVE-2022-41833"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_affected": "!>=",
"version_name": "17.0.x",
"version_value": "17.0.0"
},
{
"version_affected": "!<=",
"version_name": "16.1.x",
"version_value": "16.1.0"
},
{
"version_affected": "!>=",
"version_name": "15.1.x",
"version_value": "15.1.0"
},
{
"version_affected": "!>=",
"version_name": "14.1.x",
"version_value": "14.1.0"
},
{
"version_affected": ">=",
"version_name": "13.1.x",
"version_value": "13.1.0"
}
]
}
}
]
},
"vendor_name": "F5"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered internally by F5."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In all BIG-IP 13.1.x versions, when an iRule containing the HTTP::collect command is configured on a virtual server, undisclosed requests can cause Traffic Management Microkernel (TMM) to terminate."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K69940053",
"name": "https://support.f5.com/csp/article/K69940053"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

100
2022/41xxx/CVE-2022-41835.json
View File

@ -1,18 +1,106 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2022-10-19T14:00:00.000Z",
"ID": "CVE-2022-41835",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "F5OS vulnerability CVE-2022-41835"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "F5OS-A",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.x",
"version_value": "1.1.0"
}
]
}
},
{
"product_name": "F5OS-C",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.x",
"version_value": "1.5.0"
}
]
}
}
]
},
"vendor_name": "F5"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered internally by F5."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.5.0, excessive file permissions in F5OS allows an authenticated local attacker to execute limited set of commands in a container and impact the F5OS controller."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K33484483",
"name": "https://support.f5.com/csp/article/K33484483"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

108
2022/41xxx/CVE-2022-41836.json
View File

@ -1,18 +1,114 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2022-10-19T14:00:00.000Z",
"ID": "CVE-2022-41836",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "BIG-IP Advanced WAF and ASM bd vulnerability CVE-2022-41836"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP Advanced WAF & ASM",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "17.0.x",
"version_value": "17.0.0.1"
},
{
"version_affected": "<",
"version_name": "16.1.x",
"version_value": "16.1.3.1"
},
{
"version_affected": "<",
"version_name": "15.1.x",
"version_value": "15.1.7"
},
{
"version_affected": "!>=",
"version_name": "14.1.x",
"version_value": "14.1.0"
},
{
"version_affected": "!>=",
"version_name": "13.1.x",
"version_value": "13.1.0"
}
]
}
}
]
},
"vendor_name": "F5"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered internally by F5."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "When an 'Attack Signature False Positive Mode' enabled security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K47204506",
"name": "https://support.f5.com/csp/article/K47204506"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

108
2022/41xxx/CVE-2022-41983.json
View File

@ -1,18 +1,114 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2022-10-19T14:00:00.000Z",
"ID": "CVE-2022-41983",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "BIG-IP TMM Vulnerability CVE-2022-41983"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_affected": "!>=",
"version_name": "17.0.x",
"version_value": "17.0.0"
},
{
"version_affected": "<",
"version_name": "16.1.x",
"version_value": "16.1.3.1"
},
{
"version_affected": "<",
"version_name": "15.1.x",
"version_value": "15.1.7"
},
{
"version_affected": "<",
"version_name": "14.1.x",
"version_value": "14.1.5.1"
},
{
"version_affected": ">=",
"version_name": "13.1.x",
"version_value": "13.1.0"
}
]
}
}
]
},
"vendor_name": "F5"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered internally by F5."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, while Intel QAT (QuickAssist Technology) and the AES-GCM/CCM cipher is in use, undisclosed conditions can cause BIG-IP to send data unencrypted even with an SSL Profile applied."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319 Cleartext Transmission of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K31523465",
"name": "https://support.f5.com/csp/article/K31523465"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}