admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-01-11 15:00:39 +00:00
parent 54c711e2ab
commit 5fc829ef5c
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
12 changed files with 849 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
2013/10xxx/CVE-2013-10010.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-10010",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

106
2014/125xxx/CVE-2014-125074.json Normal file
View File

@ -0,0 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2014-125074",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Nayshlok Voyager. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file Voyager/src/models/DatabaseAccess.java. The manipulation leads to sql injection. The name of the patch is f1249f438cd8c39e7ef2f6c8f2ab76b239a02fae. It is recommended to apply a patch to fix this issue. The identifier VDB-218005 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "In Nayshlok Voyager wurde eine kritische Schwachstelle ausgemacht. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei Voyager/src/models/DatabaseAccess.java. Durch das Manipulieren mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als f1249f438cd8c39e7ef2f6c8f2ab76b239a02fae bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Nayshlok",
"product": {
"product_data": [
{
"product_name": "Voyager",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.218005",
"refsource": "MISC",
"name": "https://vuldb.com/?id.218005"
},
{
"url": "https://vuldb.com/?ctiid.218005",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.218005"
},
{
"url": "https://github.com/Nayshlok/Voyager/commit/f1249f438cd8c39e7ef2f6c8f2ab76b239a02fae",
"refsource": "MISC",
"name": "https://github.com/Nayshlok/Voyager/commit/f1249f438cd8c39e7ef2f6c8f2ab76b239a02fae"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.5,
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.5,
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
}
]
}
}

111
2017/20xxx/CVE-2017-20168.json Normal file
View File

@ -0,0 +1,111 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2017-20168",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in jfm-so piWallet. It has been rated as critical. Affected by this issue is some unknown functionality of the file api.php. The manipulation of the argument key leads to sql injection. The name of the patch is b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb. It is recommended to apply a patch to fix this issue. VDB-218006 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Eine kritische Schwachstelle wurde in jfm-so piWallet ausgemacht. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei api.php. Durch Manipulieren des Arguments key mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "jfm-so",
"product": {
"product_data": [
{
"product_name": "piWallet",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.218006",
"refsource": "MISC",
"name": "https://vuldb.com/?id.218006"
},
{
"url": "https://vuldb.com/?ctiid.218006",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.218006"
},
{
"url": "https://github.com/jfm-so/piWallet/pull/23",
"refsource": "MISC",
"name": "https://github.com/jfm-so/piWallet/pull/23"
},
{
"url": "https://github.com/jfm-so/piWallet/commit/b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb",
"refsource": "MISC",
"name": "https://github.com/jfm-so/piWallet/commit/b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.5,
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.5,
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
}
]
}
}

110
2018/25xxx/CVE-2018-25074.json Normal file
View File

@ -0,0 +1,110 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2018-25074",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Prestaul skeemas and classified as problematic. This issue affects some unknown processing of the file validators/base.js. The manipulation of the argument uri leads to inefficient regular expression complexity. The name of the patch is 65e94eda62dc8dc148ab3e59aa2ccc086ac448fd. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218003."
},
{
"lang": "deu",
"value": "Eine problematische Schwachstelle wurde in Prestaul skeemas gefunden. Betroffen davon ist ein unbekannter Prozess der Datei validators/base.js. Mittels dem Manipulieren des Arguments uri mit unbekannten Daten kann eine inefficient regular expression complexity-Schwachstelle ausgenutzt werden. Der Patch wird als 65e94eda62dc8dc148ab3e59aa2ccc086ac448fd bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1333 Inefficient Regular Expression Complexity",
"cweId": "CWE-1333"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Prestaul",
"product": {
"product_data": [
{
"product_name": "skeemas",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.218003",
"refsource": "MISC",
"name": "https://vuldb.com/?id.218003"
},
{
"url": "https://vuldb.com/?ctiid.218003",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.218003"
},
{
"url": "https://github.com/Prestaul/skeemas/commit/65e94eda62dc8dc148ab3e59aa2ccc086ac448fd",
"refsource": "MISC",
"name": "https://github.com/Prestaul/skeemas/commit/65e94eda62dc8dc148ab3e59aa2ccc086ac448fd"
}
]
},
"credits": [
{
"lang": "en",
"value": "James Davis"
},
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 2.3,
"vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P",
"baseSeverity": "LOW"
}
]
}
}

125
2020/36xxx/CVE-2020-36649.json Normal file
View File

@ -0,0 +1,125 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2020-36649",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in mholt PapaParse up to 5.1.x. It has been classified as problematic. Affected is an unknown function of the file papaparse.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 5.2.0 is able to address this issue. The name of the patch is 235a12758cd77266d2e98fd715f53536b34ad621. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218004."
},
{
"lang": "deu",
"value": "Es wurde eine problematische Schwachstelle in mholt PapaParse bis 5.1.x ausgemacht. Betroffen hiervon ist ein unbekannter Ablauf der Datei papaparse.js. Mittels Manipulieren mit unbekannten Daten kann eine inefficient regular expression complexity-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 5.2.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 235a12758cd77266d2e98fd715f53536b34ad621 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1333 Inefficient Regular Expression Complexity",
"cweId": "CWE-1333"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "mholt",
"product": {
"product_data": [
{
"product_name": "PapaParse",
"version": {
"version_data": [
{
"version_value": "5.0",
"version_affected": "="
},
{
"version_value": "5.1",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.218004",
"refsource": "MISC",
"name": "https://vuldb.com/?id.218004"
},
{
"url": "https://vuldb.com/?ctiid.218004",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.218004"
},
{
"url": "https://github.com/mholt/PapaParse/issues/777",
"refsource": "MISC",
"name": "https://github.com/mholt/PapaParse/issues/777"
},
{
"url": "https://github.com/mholt/PapaParse/pull/779",
"refsource": "MISC",
"name": "https://github.com/mholt/PapaParse/pull/779"
},
{
"url": "https://github.com/mholt/PapaParse/commit/235a12758cd77266d2e98fd715f53536b34ad621",
"refsource": "MISC",
"name": "https://github.com/mholt/PapaParse/commit/235a12758cd77266d2e98fd715f53536b34ad621"
},
{
"url": "https://github.com/mholt/PapaParse/releases/tag/5.2.0",
"refsource": "MISC",
"name": "https://github.com/mholt/PapaParse/releases/tag/5.2.0"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 2.3,
"vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P",
"baseSeverity": "LOW"
}
]
}
}

67
2022/47xxx/CVE-2022-47859.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-47859",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-47859",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lead Management System v1.0 is vulnerable to SQL Injection via the user_id parameter in changePassword.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.sourcecodester.com/php/15933/lead-management-system-php-open-source-free-download.html",
"refsource": "MISC",
"name": "https://www.sourcecodester.com/php/15933/lead-management-system-php-open-source-free-download.html"
},
{
"url": "https://github.com/xiumulty/CVE/blob/main/Lead%20management%20system%20v1.0/sql%20in%20changePassword.php.md",
"refsource": "MISC",
"name": "https://github.com/xiumulty/CVE/blob/main/Lead%20management%20system%20v1.0/sql%20in%20changePassword.php.md"
}
]
}

67
2022/47xxx/CVE-2022-47860.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-47860",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-47860",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeProduct.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.sourcecodester.com/php/15933/lead-management-system-php-open-source-free-download.html",
"refsource": "MISC",
"name": "https://www.sourcecodester.com/php/15933/lead-management-system-php-open-source-free-download.html"
},
{
"url": "https://github.com/xiumulty/CVE/blob/main/Lead%20management%20system%20v1.0/sql%20in%20removeProduct.php.md",
"refsource": "MISC",
"name": "https://github.com/xiumulty/CVE/blob/main/Lead%20management%20system%20v1.0/sql%20in%20removeProduct.php.md"
}
]
}

67
2022/47xxx/CVE-2022-47861.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-47861",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-47861",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeLead.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.sourcecodester.com/php/15933/lead-management-system-php-open-source-free-download.html",
"refsource": "MISC",
"name": "https://www.sourcecodester.com/php/15933/lead-management-system-php-open-source-free-download.html"
},
{
"url": "https://github.com/xiumulty/CVE/blob/main/Lead%20management%20system%20v1.0/sql%20in%20removeLead.php.md",
"refsource": "MISC",
"name": "https://github.com/xiumulty/CVE/blob/main/Lead%20management%20system%20v1.0/sql%20in%20removeLead.php.md"
}
]
}

67
2022/47xxx/CVE-2022-47862.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-47862",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-47862",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lead Management System v1.0 is vulnerable to SQL Injection via the customer_id parameter in ajax_represent.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.sourcecodester.com/php/15933/lead-management-system-php-open-source-free-download.html",
"refsource": "MISC",
"name": "https://www.sourcecodester.com/php/15933/lead-management-system-php-open-source-free-download.html"
},
{
"url": "https://github.com/xiumulty/CVE/blob/main/Lead%20management%20system%20v1.0/sql%20in%20ajax_represent.php%20.md",
"refsource": "MISC",
"name": "https://github.com/xiumulty/CVE/blob/main/Lead%20management%20system%20v1.0/sql%20in%20ajax_represent.php%20.md"
}
]
}

67
2022/47xxx/CVE-2022-47864.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-47864",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-47864",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeCategories.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.sourcecodester.com/php/15933/lead-management-system-php-open-source-free-download.html",
"refsource": "MISC",
"name": "https://www.sourcecodester.com/php/15933/lead-management-system-php-open-source-free-download.html"
},
{
"url": "https://github.com/xiumulty/CVE/blob/main/Lead%20management%20system%20v1.0/sql%20in%20removeCategories.php.md",
"refsource": "MISC",
"name": "https://github.com/xiumulty/CVE/blob/main/Lead%20management%20system%20v1.0/sql%20in%20removeCategories.php.md"
}
]
}

55
2022/4xxx/CVE-2022-4415.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4415",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "systemd",
"version": {
"version_data": [
{
"version_value": "systemd >= 247"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2022/12/21/3",
"url": "https://www.openwall.com/lists/oss-security/2022/12/21/3"
},
{
"refsource": "MISC",
"name": "https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c",
"url": "https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting."
}
]
}

55
2022/4xxx/CVE-2022-4543.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4543",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Linux kernel",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2022/12/16/3",
"url": "https://www.openwall.com/lists/oss-security/2022/12/16/3"
},
{
"refsource": "MISC",
"name": "https://www.willsroot.io/2022/12/entrybleed.html",
"url": "https://www.willsroot.io/2022/12/entrybleed.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw named \"EntryBleed\" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems."
}
]
}