admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-12-13 08:00:37 +00:00
parent 3befab9e38
commit 5bb8ee2e28
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
6 changed files with 461 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
2022/23xxx/CVE-2022-23505.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-23505",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Passport-wsfed-saml2 is a ws-federation protocol and SAML2 tokens authentication provider for Passport. In versions prior to 4.6.3, a remote attacker may be able to bypass WSFed authentication on a website using passport-wsfed-saml2. A successful attack requires that the attacker is in possession of an arbitrary IDP signed assertion. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered. This issue is patched in version 4.6.3. Use of SAML2 authentication instead of WSFed is a workaround."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication",
"cweId": "CWE-287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "auth0",
"product": {
"product_data": [
{
"product_name": "passport-wsfed-saml2",
"version": {
"version_data": [
{
"version_value": "< 4.6.3",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/auth0/passport-wsfed-saml2/security/advisories/GHSA-ppjq-qxhx-m25f",
"refsource": "MISC",
"name": "https://github.com/auth0/passport-wsfed-saml2/security/advisories/GHSA-ppjq-qxhx-m25f"
}
]
},
"source": {
"advisory": "GHSA-ppjq-qxhx-m25f",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

90
2022/23xxx/CVE-2022-23523.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-23523",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In versions prior to 0.8.1, the linux-loader crate uses the offsets and sizes provided in the ELF headers to determine the offsets to read from. If those offsets point beyond the end of the file this could lead to Virtual Machine Monitors using the `linux-loader` crate entering an infinite loop if the ELF header of the kernel they are loading was modified in a malicious manner. This issue has been addressed in 0.8.1. The issue can be mitigated by ensuring that only trusted kernel images are loaded or by verifying that the headers do not point beyond the end of the file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read",
"cweId": "CWE-125"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "rust-vmm",
"product": {
"product_data": [
{
"product_name": "linux-loader",
"version": {
"version_data": [
{
"version_value": "< 0.8.1",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/rust-vmm/linux-loader/security/advisories/GHSA-52h2-m2cf-9jh6",
"refsource": "MISC",
"name": "https://github.com/rust-vmm/linux-loader/security/advisories/GHSA-52h2-m2cf-9jh6"
},
{
"url": "https://github.com/rust-vmm/linux-loader/pull/125",
"refsource": "MISC",
"name": "https://github.com/rust-vmm/linux-loader/pull/125"
}
]
},
"source": {
"advisory": "GHSA-52h2-m2cf-9jh6",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
]
}

253
2022/4xxx/CVE-2022-4098.json
View File

@ -1,17 +1,262 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4098",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "info@cert.vde.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. During an authenticated session to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and through IP spoofing change arbitrary settings by crafting modified HTTP Get requests. This may result in a complete takeover of the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-290 Authentication Bypass by Spoofing",
"cweId": "CWE-290"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Wiesemann & Theis",
"product": {
"product_data": [
{
"product_name": "Com-Server ++",
"version": {
"version_data": [
{
"version_value": "0",
"version_affected": "="
}
]
}
},
{
"product_name": "Com-Server 20mA",
"version": {
"version_data": [
{
"version_value": "0",
"version_affected": "="
}
]
}
},
{
"product_name": "Com-Server Highspeed 100BaseFX",
"version": {
"version_data": [
{
"version_value": "0",
"version_affected": "="
}
]
}
},
{
"product_name": "Com-Server Highspeed 100BaseLX",
"version": {
"version_data": [
{
"version_value": "0",
"version_affected": "="
}
]
}
},
{
"product_name": "Com-Server Highspeed 19\" 1Port",
"version": {
"version_data": [
{
"version_value": "0",
"version_affected": "="
}
]
}
},
{
"product_name": "Com-Server Highspeed 19\" 4Port",
"version": {
"version_data": [
{
"version_value": "0",
"version_affected": "="
}
]
}
},
{
"product_name": "Com-Server Highspeed Compact",
"version": {
"version_data": [
{
"version_value": "0",
"version_affected": "="
}
]
}
},
{
"product_name": "Com-Server Highspeed Industry",
"version": {
"version_data": [
{
"version_value": "0",
"version_affected": "="
}
]
}
},
{
"product_name": "Com-Server Highspeed Isolated",
"version": {
"version_data": [
{
"version_value": "0",
"version_affected": "="
}
]
}
},
{
"product_name": "Com-Server Highspeed OEM",
"version": {
"version_data": [
{
"version_value": "0",
"version_affected": "="
}
]
}
},
{
"product_name": "Com-Server Highspeed Office 1 Port",
"version": {
"version_data": [
{
"version_value": "0",
"version_affected": "="
}
]
}
},
{
"product_name": "Com-Server Highspeed Office 4 Port",
"version": {
"version_data": [
{
"version_value": "0",
"version_affected": "="
}
]
}
},
{
"product_name": "Com-Server Highspeed PoE",
"version": {
"version_data": [
{
"version_value": "0",
"version_affected": "="
}
]
}
},
{
"product_name": "Com-Server LC",
"version": {
"version_data": [
{
"version_value": "0",
"version_affected": "="
}
]
}
},
{
"product_name": "Com-Server PoE 3 x Isolated",
"version": {
"version_data": [
{
"version_value": "0",
"version_affected": "="
}
]
}
},
{
"product_name": "Com-Server UL",
"version": {
"version_data": [
{
"version_value": "0",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2022-057/",
"refsource": "MISC",
"name": "https://cert.vde.com/en/advisories/VDE-2022-057/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "VDE-2022-057",
"defect": [
"CERT@VDE#64297"
],
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Wiesemann & Theis would like to thank Martin Wei\u00df for responsibly disclosing this vulnerability."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

18
2022/4xxx/CVE-2022-4442.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4442",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/4xxx/CVE-2022-4443.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4443",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/4xxx/CVE-2022-4444.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4444",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}