diff --git a/2021/44xxx/CVE-2021-44718.json b/2021/44xxx/CVE-2021-44718.json index 26631a87abf..0e7d81e0bc3 100644 --- a/2021/44xxx/CVE-2021-44718.json +++ b/2021/44xxx/CVE-2021-44718.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-44718", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-44718", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "wolfSSL through 5.0.0 allows an attacker to cause a denial of service and infinite loop in the client component by sending crafted traffic from a Machine-in-the-Middle (MITM) position. The root cause is that the client module accepts TLS messages that normally are only sent to TLS servers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.wolfssl.com/docs/security-vulnerabilities/", + "url": "https://www.wolfssl.com/docs/security-vulnerabilities/" + }, + { + "url": "https://github.com/wolfSSL/wolfssl/releases", + "refsource": "MISC", + "name": "https://github.com/wolfSSL/wolfssl/releases" } ] } diff --git a/2022/25xxx/CVE-2022-25370.json b/2022/25xxx/CVE-2022-25370.json index 1c9856a0398..f00ca32dcdb 100644 --- a/2022/25xxx/CVE-2022-25370.json +++ b/2022/25xxx/CVE-2022-25370.json @@ -75,6 +75,11 @@ "refsource": "MISC", "url": "https://lists.apache.org/thread/vrvzokvxqtc4t6d7g8xgz89xpxcvjofh", "name": "https://lists.apache.org/thread/vrvzokvxqtc4t6d7g8xgz89xpxcvjofh" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20220902 Apache OFBiz - Unauth Stored XSS (CVE-2022-25370)", + "url": "http://www.openwall.com/lists/oss-security/2022/09/02/8" } ] }, diff --git a/2022/25xxx/CVE-2022-25371.json b/2022/25xxx/CVE-2022-25371.json index 3bbdb124236..f06e6ce6ce7 100644 --- a/2022/25xxx/CVE-2022-25371.json +++ b/2022/25xxx/CVE-2022-25371.json @@ -75,6 +75,11 @@ "refsource": "MISC", "url": "https://lists.apache.org/thread/bvp3sczqq863lxr1wh7wjvdtjbkcwspq", "name": "https://lists.apache.org/thread/bvp3sczqq863lxr1wh7wjvdtjbkcwspq" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20220902 Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", + "url": "http://www.openwall.com/lists/oss-security/2022/09/02/7" } ] }, diff --git a/2022/25xxx/CVE-2022-25813.json b/2022/25xxx/CVE-2022-25813.json index bb27936bef4..f8ef1575efe 100644 --- a/2022/25xxx/CVE-2022-25813.json +++ b/2022/25xxx/CVE-2022-25813.json @@ -73,6 +73,11 @@ "refsource": "MISC", "url": "https://lists.apache.org/thread/vmj5s0qb59t0lvzf3vol3z1sc3sgyb2b", "name": "https://lists.apache.org/thread/vmj5s0qb59t0lvzf3vol3z1sc3sgyb2b" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20220902 Apache OFBiz - Server-Side Template Injection (CVE-2022-25813)", + "url": "http://www.openwall.com/lists/oss-security/2022/09/02/4" } ] }, diff --git a/2022/27xxx/CVE-2022-27255.json b/2022/27xxx/CVE-2022-27255.json index c70818c1574..94197fcfb11 100644 --- a/2022/27xxx/CVE-2022-27255.json +++ b/2022/27xxx/CVE-2022-27255.json @@ -52,15 +52,15 @@ }, "references": { "reference_data": [ - { - "url": "https://source.android.com/security/bulletin/2022-06-01", - "refsource": "MISC", - "name": "https://source.android.com/security/bulletin/2022-06-01" - }, { "refsource": "MISC", "name": "https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2022-27255.pdf", "url": "https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2022-27255.pdf" + }, + { + "refsource": "MISC", + "name": "https://forum.defcon.org/node/241835", + "url": "https://forum.defcon.org/node/241835" } ] } diff --git a/2022/29xxx/CVE-2022-29063.json b/2022/29xxx/CVE-2022-29063.json index 822b5f4c376..98765cec063 100644 --- a/2022/29xxx/CVE-2022-29063.json +++ b/2022/29xxx/CVE-2022-29063.json @@ -71,6 +71,11 @@ "refsource": "MISC", "url": "https://lists.apache.org/thread/ytzrjc16pf357zntwk8tjby13kbx9105", "name": "https://lists.apache.org/thread/ytzrjc16pf357zntwk8tjby13kbx9105" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20220902 Apache OFBiz - Java Deserialization via RMI Connection (CVE-2022-29063)", + "url": "http://www.openwall.com/lists/oss-security/2022/09/02/6" } ] }, diff --git a/2022/29xxx/CVE-2022-29158.json b/2022/29xxx/CVE-2022-29158.json index 474c4d47d76..c5f191ecf3c 100644 --- a/2022/29xxx/CVE-2022-29158.json +++ b/2022/29xxx/CVE-2022-29158.json @@ -71,6 +71,11 @@ "refsource": "MISC", "url": "https://lists.apache.org/thread/7k92rg1o4ql2yw3o0vttkcl2jhq7j928", "name": "https://lists.apache.org/thread/7k92rg1o4ql2yw3o0vttkcl2jhq7j928" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20220902 Apache OFBiz - Regular Expression Denial of Service (ReDoS) (CVE-2022-29158)", + "url": "http://www.openwall.com/lists/oss-security/2022/09/02/5" } ] }, diff --git a/2022/32xxx/CVE-2022-32250.json b/2022/32xxx/CVE-2022-32250.json index 7f0cb889988..a9e460aab11 100644 --- a/2022/32xxx/CVE-2022-32250.json +++ b/2022/32xxx/CVE-2022-32250.json @@ -136,6 +136,11 @@ "refsource": "MISC", "name": "https://github.com/theori-io/CVE-2022-32250-exploit", "url": "https://github.com/theori-io/CVE-2022-32250-exploit" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20220902 Re: Linux Kernel use-after-free write in netfilter", + "url": "http://www.openwall.com/lists/oss-security/2022/09/02/9" } ] } diff --git a/2022/37xxx/CVE-2022-37434.json b/2022/37xxx/CVE-2022-37434.json index 1068bee631b..1cda2f33343 100644 --- a/2022/37xxx/CVE-2022-37434.json +++ b/2022/37xxx/CVE-2022-37434.json @@ -106,6 +106,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20220901-0005/", "url": "https://security.netapp.com/advisory/ntap-20220901-0005/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-b8232d1cca", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/" } ] } diff --git a/2022/37xxx/CVE-2022-37458.json b/2022/37xxx/CVE-2022-37458.json index eb4bd73681e..07dd7faa111 100644 --- a/2022/37xxx/CVE-2022-37458.json +++ b/2022/37xxx/CVE-2022-37458.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-37458", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-37458", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Discourse through 2.8.7 allows admins to send invitations to arbitrary email addresses at an unlimited rate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.enisa.europa.eu/topics/threat-risk-management/vulnerability-disclosure", + "url": "https://www.enisa.europa.eu/topics/threat-risk-management/vulnerability-disclosure" + }, + { + "url": "https://github.com/discourse/discourse/tags", + "refsource": "MISC", + "name": "https://github.com/discourse/discourse/tags" + }, + { + "refsource": "MISC", + "name": "https://github.com/discourse/discourse/security/advisories/GHSA-q2rg-m477-8wg7", + "url": "https://github.com/discourse/discourse/security/advisories/GHSA-q2rg-m477-8wg7" } ] } diff --git a/2022/38xxx/CVE-2022-38170.json b/2022/38xxx/CVE-2022-38170.json index 23eef0190c9..a0713fe319e 100644 --- a/2022/38xxx/CVE-2022-38170.json +++ b/2022/38xxx/CVE-2022-38170.json @@ -71,6 +71,11 @@ "refsource": "MISC", "url": "https://lists.apache.org/thread/zn8mbbb1j2od5nc9zhrvb7rpsrg1vvzv", "name": "https://lists.apache.org/thread/zn8mbbb1j2od5nc9zhrvb7rpsrg1vvzv" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20220902 CVE-2022-38170: Apache Airflow: Overly permissive umask for deamons", + "url": "http://www.openwall.com/lists/oss-security/2022/09/02/3" } ] }, diff --git a/2022/3xxx/CVE-2022-3028.json b/2022/3xxx/CVE-2022-3028.json index fccb53e877a..296202f152f 100644 --- a/2022/3xxx/CVE-2022-3028.json +++ b/2022/3xxx/CVE-2022-3028.json @@ -53,6 +53,16 @@ "refsource": "MISC", "name": "https://lore.kernel.org/all/YtoWqEkKzvimzWS5@gondor.apana.org.au/T/", "url": "https://lore.kernel.org/all/YtoWqEkKzvimzWS5@gondor.apana.org.au/T/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-6835ddb6d8", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F3MYP7WX4PNE6RCITVXA43CECBZT4CL6/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-35c14ba5bb", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JKVA75UHKVOHNOEPCLUHTFGWCOOUBDM3/" } ] },