admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-12-14 19:00:38 +00:00
parent 681c854c38
commit 55abef5a5f
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
12 changed files with 398 additions and 113 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
2022/23xxx/CVE-2022-23741.json
View File

@ -77,20 +77,24 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://docs.github.com/en/enterprise-server@3.3/admin/release-notes#3.3.17"
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@3.3/admin/release-notes#3.3.17",
"name": "https://docs.github.com/en/enterprise-server@3.3/admin/release-notes#3.3.17"
},
{
"refsource": "CONFIRM",
"url": "https://docs.github.com/en/enterprise-server@3.4/admin/release-notes#3.4.12"
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@3.4/admin/release-notes#3.4.12",
"name": "https://docs.github.com/en/enterprise-server@3.4/admin/release-notes#3.4.12"
},
{
"refsource": "CONFIRM",
"url": "https://docs.github.com/en/enterprise-server@3.5/admin/release-notes#3.5.9"
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@3.5/admin/release-notes#3.5.9",
"name": "https://docs.github.com/en/enterprise-server@3.5/admin/release-notes#3.5.9"
},
{
"refsource": "CONFIRM",
"url": "https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.5"
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.5",
"name": "https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.5"
}
]
},

13
2022/23xxx/CVE-2022-23748.json
View File

@ -15,11 +15,11 @@
"product": {
"product_data": [
{
"product_name": "Audinate Dante Discovery, Zoom Rooms",
"product_name": "Audinate Dante Application Library for Windows",
"version": {
"version_data": [
{
"version_value": "All versions prior to and including 1.3.0.0"
"version_value": "All versions prior to and including 1.2.0"
}
]
}
@ -46,8 +46,13 @@
"reference_data": [
{
"refsource": "MISC",
"name": "https://cpr-zero.checkpoint.com/vulns/cprid-2193/",
"url": "https://cpr-zero.checkpoint.com/vulns/cprid-2193/"
"name": "https://cpr-zero.checkpoint.com/vulns/cprid-2193/,",
"url": "https://cpr-zero.checkpoint.com/vulns/cprid-2193/,"
},
{
"refsource": "MISC",
"name": "https://www.audinate.com/learning/faqs/audinate-response-to-dante-discovery-mdnsresponder-exe-security-issue-cve-2022-23748",
"url": "https://www.audinate.com/learning/faqs/audinate-response-to-dante-discovery-mdnsresponder-exe-security-issue-cve-2022-23748"
}
]
},

50
2022/31xxx/CVE-2022-31700.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-31700",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@vmware.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM)",
"version": {
"version_data": [
{
"version_value": "VMware Workspace ONE Access (Multiple Versions)"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authenticated Remote Code Execution Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0032.html",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0032.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2."
}
]
}

50
2022/31xxx/CVE-2022-31701.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-31701",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@vmware.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM)",
"version": {
"version_data": [
{
"version_value": "VMware Workspace ONE Access (Multiple Versions)"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Broken Authentication Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0032.html",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0032.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3."
}
]
}

50
2022/31xxx/CVE-2022-31702.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-31702",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@vmware.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "VMware vRealize Network Insight (vRNI)",
"version": {
"version_data": [
{
"version_value": "6.x"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "VMware vRealize Network Insight (vRNI) contains command injection vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0031.html",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0031.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network access to the vRNI REST API can execute commands without authentication."
}
]
}

50
2022/31xxx/CVE-2022-31703.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-31703",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@vmware.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "VMware vRealize Network Insight (vRNI)",
"version": {
"version_data": [
{
"version_value": "6.x"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "VMware vRealize Network Insight (vRNI) contains a directory traversal vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0031.html",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0031.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "vRealize Network Insight (vRNI) directory traversal vulnerability in vRNI REST API. A malicious actor with network access to the vRNI REST API can read arbitrary files from the server."
}
]
}

50
2022/31xxx/CVE-2022-31705.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-31705",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@vmware.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "VMware ESXi, VMware Workstation Pro / Player, VMware Fusion Pro / Fusion (Fusion), VMware Cloud Foundation",
"version": {
"version_data": [
{
"version_value": "VMware ESXi (8.0 prior to ESXi80a-20842819, 7.0 prior to ESXi70U3si-20841705, VMware Workstation Pro / Player (16.x prior to 16.2.5), VMware Fusion Pro / Fusion (12.x prior to 12.2.5), VMware Cloud Foundation (4.x, 3.x)"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap out-of-bounds write vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0033.html",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0033.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed."
}
]
}

12
2022/36xxx/CVE-2022-36227.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "In libarchive 3.6.1, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: \"In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution.\""
"value": "In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: \"In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution.\""
}
]
},
@ -52,6 +52,11 @@
},
"references": {
"reference_data": [
{
"url": "https://github.com/libarchive/libarchive/issues/1754",
"refsource": "MISC",
"name": "https://github.com/libarchive/libarchive/issues/1754"
},
{
"url": "https://github.com/libarchive/libarchive/issues/1754",
"refsource": "MISC",
@ -61,6 +66,11 @@
"refsource": "MISC",
"name": "https://bugs.gentoo.org/882521",
"url": "https://bugs.gentoo.org/882521"
},
{
"refsource": "MISC",
"name": "https://github.com/libarchive/libarchive/blob/v3.0.0a/libarchive/archive_write.c#L215",
"url": "https://github.com/libarchive/libarchive/blob/v3.0.0a/libarchive/archive_write.c#L215"
}
]
}

7
2022/42xxx/CVE-2022-42919.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Python 3.9.x and 3.10.x through 3.10.8 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.4, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9."
"value": "Python 3.9.x and 3.10.x through 3.10.8 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.3, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9."
}
]
},
@ -91,6 +91,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20221209-0006/",
"url": "https://security.netapp.com/advisory/ntap-20221209-0006/"
},
{
"refsource": "MISC",
"name": "https://github.com/python/cpython/issues/97514#issuecomment-1310277840",
"url": "https://github.com/python/cpython/issues/97514#issuecomment-1310277840"
}
]
}

5
2022/44xxx/CVE-2022-44636.json
View File

@ -56,6 +56,11 @@
"url": "https://samsung.com",
"refsource": "MISC",
"name": "https://samsung.com"
},
{
"refsource": "MISC",
"name": "https://samsungtvbounty.com/securityUpdates",
"url": "https://samsungtvbounty.com/securityUpdates"
}
]
}

18
2022/4xxx/CVE-2022-4499.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4499",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/4xxx/CVE-2022-4500.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4500",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}