admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-02-12 22:02:50 +00:00
parent d08b2bf254
commit 49773969f7
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
8 changed files with 229 additions and 212 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
2022/3xxx/CVE-2022-3697.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3697",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-233",
"cweId": "CWE-233"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,12 +40,15 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "ansible from 2.5.0 before 2.10"
},
{
"version_affected": "=",
"version_value": "ansible community.aws before 2.0.0"
},
{
"version_affected": "=",
"version_value": "ansible amazon.aws from 2.1.0 before 5.1.0"
}
]
@ -36,32 +60,12 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-233"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/ansible-collections/amazon.aws/pull/1199",
"refsource": "MISC",
"name": "https://github.com/ansible-collections/amazon.aws/pull/1199",
"url": "https://github.com/ansible-collections/amazon.aws/pull/1199"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs."
"name": "https://github.com/ansible-collections/amazon.aws/pull/1199"
}
]
}

54
2022/3xxx/CVE-2022-3872.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3872",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport, respectively, if data_count == block_size. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-193",
"cweId": "CWE-193"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Affected: up to latest v7.1.0-rc4"
}
]
@ -30,37 +52,17 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-193"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01068.html",
"refsource": "MISC",
"name": "https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01068.html",
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01068.html"
"name": "https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01068.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20221215-0005/",
"url": "https://security.netapp.com/advisory/ntap-20221215-0005/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport, respectively, if data_count == block_size. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition."
"url": "https://security.netapp.com/advisory/ntap-20221215-0005/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20221215-0005/"
}
]
}

52
2022/40xxx/CVE-2022-40704.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-40704",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A XSS vulnerability was found in phoromatic_r_add_test_details.php in phoronix-test-suite."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "unknown"
}
]
@ -30,37 +52,17 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/phoronix-test-suite/phoronix-test-suite/issues/650",
"refsource": "MISC",
"name": "https://github.com/phoronix-test-suite/phoronix-test-suite/issues/650",
"url": "https://github.com/phoronix-test-suite/phoronix-test-suite/issues/650"
"name": "https://github.com/phoronix-test-suite/phoronix-test-suite/issues/650"
},
{
"url": "https://github.com/phoronix-test-suite/phoronix-test-suite/commit/d3880d9d3ba795138444da83f1153c3c3ac27640",
"refsource": "MISC",
"name": "https://github.com/phoronix-test-suite/phoronix-test-suite/commit/d3880d9d3ba795138444da83f1153c3c3ac27640",
"url": "https://github.com/phoronix-test-suite/phoronix-test-suite/commit/d3880d9d3ba795138444da83f1153c3c3ac27640"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A XSS vulnerability was found in phoromatic_r_add_test_details.php in phoronix-test-suite."
"name": "https://github.com/phoronix-test-suite/phoronix-test-suite/commit/d3880d9d3ba795138444da83f1153c3c3ac27640"
}
]
}

48
2022/4xxx/CVE-2022-4055.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4055",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach files when clicked."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-146",
"cweId": "CWE-146"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "xdg-utils 1.1.0 to and including 1.1.3"
}
]
@ -30,32 +52,12 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-146"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/205#note_1494267",
"refsource": "MISC",
"name": "https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/205#note_1494267",
"url": "https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/205#note_1494267"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach files when clicked."
"name": "https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/205#note_1494267"
}
]
}

67
2022/4xxx/CVE-2022-4116.json
View File

@ -1,34 +1,19 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4116",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "quarkus",
"version": {
"version_data": [
{
"version_value": "quarkus-2"
}
]
}
}
]
}
}
]
}
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
@ -42,20 +27,36 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "quarkus",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "quarkus-2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/cve/CVE-2022-4116",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-4116",
"url": "https://access.redhat.com/security/cve/CVE-2022-4116"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution."
"name": "https://access.redhat.com/security/cve/CVE-2022-4116"
}
]
}

52
2022/4xxx/CVE-2022-4122.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4122",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-59",
"cweId": "CWE-59"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Podman 4.3.0"
}
]
@ -30,37 +52,17 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-59"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2144983",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2144983",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2144983"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2144983"
},
{
"url": "https://github.com/containers/podman/pull/16315",
"refsource": "MISC",
"name": "https://github.com/containers/podman/pull/16315",
"url": "https://github.com/containers/podman/pull/16315"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure."
"name": "https://github.com/containers/podman/pull/16315"
}
]
}

48
2022/4xxx/CVE-2022-4123.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4123",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23",
"cweId": "CWE-23"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Podman 4.3.0"
}
]
@ -30,32 +52,12 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2144989",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2144989",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2144989"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality."
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2144989"
}
]
}

70
2022/4xxx/CVE-2022-4129.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4129",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-667->CWE-362->CWE-476",
"cweId": "CWE-667"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "up to v6.0"
}
]
@ -30,52 +52,32 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-667->CWE-362->CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5SPXMXXFANDASPCKER2JIQO2F3UHCP/",
"refsource": "MISC",
"name": "https://lore.kernel.org/all/20221114191619.124659-1-jakub@cloudflare.com/t",
"url": "https://lore.kernel.org/all/20221114191619.124659-1-jakub@cloudflare.com/t"
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5SPXMXXFANDASPCKER2JIQO2F3UHCP/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AM5KFIE6JNZXHBA5A2KYDZAT3MEX2B67/",
"refsource": "MISC",
"name": "https://lore.kernel.org/netdev/20221121085426.21315-1-jakub@cloudflare.com/t",
"url": "https://lore.kernel.org/netdev/20221121085426.21315-1-jakub@cloudflare.com/t"
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AM5KFIE6JNZXHBA5A2KYDZAT3MEX2B67/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-e4460c41bc",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AM5KFIE6JNZXHBA5A2KYDZAT3MEX2B67/"
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JOKXNIM2R4FQCDRQV67UMAY6EBC72QFG/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JOKXNIM2R4FQCDRQV67UMAY6EBC72QFG/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-b36cd53dca",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7X5SPXMXXFANDASPCKER2JIQO2F3UHCP/"
"url": "https://lore.kernel.org/all/20221114191619.124659-1-jakub%40cloudflare.com/t",
"refsource": "MISC",
"name": "https://lore.kernel.org/all/20221114191619.124659-1-jakub%40cloudflare.com/t"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-24041b1667",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JOKXNIM2R4FQCDRQV67UMAY6EBC72QFG/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service."
"url": "https://lore.kernel.org/netdev/20221121085426.21315-1-jakub%40cloudflare.com/t",
"refsource": "MISC",
"name": "https://lore.kernel.org/netdev/20221121085426.21315-1-jakub%40cloudflare.com/t"
}
]
}