diff --git a/2022/31xxx/CVE-2022-31255.json b/2022/31xxx/CVE-2022-31255.json index 13623d7e43d..80b648d9e95 100644 --- a/2022/31xxx/CVE-2022-31255.json +++ b/2022/31xxx/CVE-2022-31255.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "security@suse.de", + "ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2022-11-04T00:00:00.000Z", "ID": "CVE-2022-31255", "STATE": "PUBLIC", @@ -68,7 +68,7 @@ "description_data": [ { "lang": "eng", - "value": "An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to read files available to the user running the process, typically tomcat.\nThis issue affects:\nSUSE Linux Enterprise Module for SUSE Manager Server 4.2\nhub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-150300.3.3.2, py27-compat-salt-3000.3-150300.7.7.26.2, python-urlgrabber-3.10.2.1py2_3-150300.3.3.2, spacecmd-4.2.20-150300.4.30.2, spacewalk-backend-4.2.25-150300.4.32.4, spacewalk-client-tools-4.2.21-150300.4.27.3, spacewalk-java-4.2.43-150300.3.48.2, spacewalk-utils-4.2.18-150300.3.21.2, spacewalk-web-4.2.30-150300.3.30.3, susemanager-4.2.38-150300.3.44.3, susemanager-doc-indexes-4.2-150300.12.36.3, susemanager-docs_en-4.2-150300.12.36.2, susemanager-schema-4.2.25-150300.3.30.3, susemanager-sls versions prior to 4.2.28.\nSUSE Linux Enterprise Module for SUSE Manager Server 4.3\nspacewalk-java versions prior to 4.3.39.\nSUSE Manager Server 4.2\nrelease-notes-susemanager versions prior to 4.2.10." + "value": "An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to read files available to the user running the process, typically tomcat. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-150300.3.3.2, py27-compat-salt-3000.3-150300.7.7.26.2, python-urlgrabber-3.10.2.1py2_3-150300.3.3.2, spacecmd-4.2.20-150300.4.30.2, spacewalk-backend-4.2.25-150300.4.32.4, spacewalk-client-tools-4.2.21-150300.4.27.3, spacewalk-java-4.2.43-150300.3.48.2, spacewalk-utils-4.2.18-150300.3.21.2, spacewalk-web-4.2.30-150300.3.30.3, susemanager-4.2.38-150300.3.44.3, susemanager-doc-indexes-4.2-150300.12.36.3, susemanager-docs_en-4.2-150300.12.36.2, susemanager-schema-4.2.25-150300.3.30.3, susemanager-sls versions prior to 4.2.28. SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39. SUSE Manager Server 4.2 release-notes-susemanager versions prior to 4.2.10." } ] }, @@ -119,4 +119,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38119.json b/2022/38xxx/CVE-2022-38119.json index d3538fc07dd..838b1243f31 100644 --- a/2022/38xxx/CVE-2022-38119.json +++ b/2022/38xxx/CVE-2022-38119.json @@ -76,8 +76,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.twcert.org.tw/tw/cp-132-6678-e9fbe-1.html" + "refsource": "MISC", + "url": "https://www.twcert.org.tw/tw/cp-132-6678-e9fbe-1.html", + "name": "https://www.twcert.org.tw/tw/cp-132-6678-e9fbe-1.html" } ] }, diff --git a/2022/38xxx/CVE-2022-38120.json b/2022/38xxx/CVE-2022-38120.json index 78e4548d87e..f80d04cb515 100644 --- a/2022/38xxx/CVE-2022-38120.json +++ b/2022/38xxx/CVE-2022-38120.json @@ -38,7 +38,7 @@ "description_data": [ { "lang": "eng", - "value": "UPSMON PRO’s has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication and access arbitrary system files." + "value": "UPSMON PRO\u2019s has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication and access arbitrary system files." } ] }, @@ -76,8 +76,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.twcert.org.tw/tw/cp-132-6679-a0695-1.html" + "refsource": "MISC", + "url": "https://www.twcert.org.tw/tw/cp-132-6679-a0695-1.html", + "name": "https://www.twcert.org.tw/tw/cp-132-6679-a0695-1.html" } ] }, diff --git a/2022/38xxx/CVE-2022-38121.json b/2022/38xxx/CVE-2022-38121.json index 968fd38badb..d0b2f01ced6 100644 --- a/2022/38xxx/CVE-2022-38121.json +++ b/2022/38xxx/CVE-2022-38121.json @@ -38,7 +38,7 @@ "description_data": [ { "lang": "eng", - "value": "UPSMON PRO configuration file stores user password in plaintext under public user directory. A remote attacker with general user privilege can access all users‘ and administrators' account names and passwords via this unprotected configuration file." + "value": "UPSMON PRO configuration file stores user password in plaintext under public user directory. A remote attacker with general user privilege can access all users\u2018 and administrators' account names and passwords via this unprotected configuration file." } ] }, @@ -76,8 +76,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.twcert.org.tw/tw/cp-132-6680-af0aa-1.html" + "refsource": "MISC", + "url": "https://www.twcert.org.tw/tw/cp-132-6680-af0aa-1.html", + "name": "https://www.twcert.org.tw/tw/cp-132-6680-af0aa-1.html" } ] }, diff --git a/2022/38xxx/CVE-2022-38122.json b/2022/38xxx/CVE-2022-38122.json index b3249221198..483d65992dc 100644 --- a/2022/38xxx/CVE-2022-38122.json +++ b/2022/38xxx/CVE-2022-38122.json @@ -76,8 +76,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.twcert.org.tw/tw/cp-132-6681-e9650-1.html" + "refsource": "MISC", + "url": "https://www.twcert.org.tw/tw/cp-132-6681-e9650-1.html", + "name": "https://www.twcert.org.tw/tw/cp-132-6681-e9650-1.html" } ] }, diff --git a/2022/39xxx/CVE-2022-39036.json b/2022/39xxx/CVE-2022-39036.json index f3142df29c8..ed184abc001 100644 --- a/2022/39xxx/CVE-2022-39036.json +++ b/2022/39xxx/CVE-2022-39036.json @@ -76,12 +76,14 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.twcert.org.tw/tw/cp-132-6682-21207-1.html" + "refsource": "MISC", + "url": "https://www.twcert.org.tw/tw/cp-132-6682-21207-1.html", + "name": "https://www.twcert.org.tw/tw/cp-132-6682-21207-1.html" }, { - "refsource": "CONFIRM", - "url": "https://www.flowring.com/2022/09/19/%e7%94%a2%e5%93%81%e6%9b%b4%e6%96%b0agentflow-v4-0%e3%80%81v3-7%e5%a4%be%e6%aa%94%e5%8a%9f%e8%83%bd%e8%b3%87%e5%ae%89%e4%bf%ae%e6%ad%a3/" + "refsource": "MISC", + "url": "https://www.flowring.com/2022/09/19/%e7%94%a2%e5%93%81%e6%9b%b4%e6%96%b0agentflow-v4-0%e3%80%81v3-7%e5%a4%be%e6%aa%94%e5%8a%9f%e8%83%bd%e8%b3%87%e5%ae%89%e4%bf%ae%e6%ad%a3/", + "name": "https://www.flowring.com/2022/09/19/%e7%94%a2%e5%93%81%e6%9b%b4%e6%96%b0agentflow-v4-0%e3%80%81v3-7%e5%a4%be%e6%aa%94%e5%8a%9f%e8%83%bd%e8%b3%87%e5%ae%89%e4%bf%ae%e6%ad%a3/" } ] }, diff --git a/2022/39xxx/CVE-2022-39037.json b/2022/39xxx/CVE-2022-39037.json index 0902fa4f7ae..409d5b9dbc0 100644 --- a/2022/39xxx/CVE-2022-39037.json +++ b/2022/39xxx/CVE-2022-39037.json @@ -76,12 +76,14 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.twcert.org.tw/tw/cp-132-6683-57b71-1.html" + "refsource": "MISC", + "url": "https://www.flowring.com/2022/09/19/%e7%94%a2%e5%93%81%e6%9b%b4%e6%96%b0agentflow-v4-0%e3%80%81v3-7%e5%a4%be%e6%aa%94%e5%8a%9f%e8%83%bd%e8%b3%87%e5%ae%89%e4%bf%ae%e6%ad%a3/", + "name": "https://www.flowring.com/2022/09/19/%e7%94%a2%e5%93%81%e6%9b%b4%e6%96%b0agentflow-v4-0%e3%80%81v3-7%e5%a4%be%e6%aa%94%e5%8a%9f%e8%83%bd%e8%b3%87%e5%ae%89%e4%bf%ae%e6%ad%a3/" }, { - "refsource": "CONFIRM", - "url": "https://www.flowring.com/2022/09/19/%e7%94%a2%e5%93%81%e6%9b%b4%e6%96%b0agentflow-v4-0%e3%80%81v3-7%e5%a4%be%e6%aa%94%e5%8a%9f%e8%83%bd%e8%b3%87%e5%ae%89%e4%bf%ae%e6%ad%a3/" + "refsource": "MISC", + "url": "https://www.twcert.org.tw/tw/cp-132-6683-57b71-1.html", + "name": "https://www.twcert.org.tw/tw/cp-132-6683-57b71-1.html" } ] }, diff --git a/2022/39xxx/CVE-2022-39038.json b/2022/39xxx/CVE-2022-39038.json index 46e796079ec..3f116f5589c 100644 --- a/2022/39xxx/CVE-2022-39038.json +++ b/2022/39xxx/CVE-2022-39038.json @@ -76,12 +76,14 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.twcert.org.tw/tw/cp-132-6684-53149-1.html" + "refsource": "MISC", + "url": "https://www.flowring.com/2022/09/19/%e7%94%a2%e5%93%81%e6%9b%b4%e6%96%b0agentflow-v4-0%e3%80%81v3-7%e5%a4%be%e6%aa%94%e5%8a%9f%e8%83%bd%e8%b3%87%e5%ae%89%e4%bf%ae%e6%ad%a3/", + "name": "https://www.flowring.com/2022/09/19/%e7%94%a2%e5%93%81%e6%9b%b4%e6%96%b0agentflow-v4-0%e3%80%81v3-7%e5%a4%be%e6%aa%94%e5%8a%9f%e8%83%bd%e8%b3%87%e5%ae%89%e4%bf%ae%e6%ad%a3/" }, { - "refsource": "CONFIRM", - "url": "https://www.flowring.com/2022/09/19/%e7%94%a2%e5%93%81%e6%9b%b4%e6%96%b0agentflow-v4-0%e3%80%81v3-7%e5%a4%be%e6%aa%94%e5%8a%9f%e8%83%bd%e8%b3%87%e5%ae%89%e4%bf%ae%e6%ad%a3/" + "refsource": "MISC", + "url": "https://www.twcert.org.tw/tw/cp-132-6684-53149-1.html", + "name": "https://www.twcert.org.tw/tw/cp-132-6684-53149-1.html" } ] }, diff --git a/2022/3xxx/CVE-2022-3550.json b/2022/3xxx/CVE-2022-3550.json index 56a03b2a73e..91c01ee80ff 100644 --- a/2022/3xxx/CVE-2022-3550.json +++ b/2022/3xxx/CVE-2022-3550.json @@ -71,6 +71,11 @@ "url": "https://vuldb.com/?id.211051", "refsource": "MISC", "name": "https://vuldb.com/?id.211051" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221110 [SECURITY] [DLA 3185-1] xorg-server security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00012.html" } ] } diff --git a/2022/3xxx/CVE-2022-3551.json b/2022/3xxx/CVE-2022-3551.json index ddcb9a1c402..bd39ed4c316 100644 --- a/2022/3xxx/CVE-2022-3551.json +++ b/2022/3xxx/CVE-2022-3551.json @@ -71,6 +71,11 @@ "url": "https://vuldb.com/?id.211052", "refsource": "MISC", "name": "https://vuldb.com/?id.211052" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221110 [SECURITY] [DLA 3185-1] xorg-server security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00012.html" } ] } diff --git a/2022/3xxx/CVE-2022-3927.json b/2022/3xxx/CVE-2022-3927.json new file mode 100644 index 00000000000..193baf24b46 --- /dev/null +++ b/2022/3xxx/CVE-2022-3927.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3927", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3928.json b/2022/3xxx/CVE-2022-3928.json new file mode 100644 index 00000000000..f57945dcd47 --- /dev/null +++ b/2022/3xxx/CVE-2022-3928.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3928", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/40xxx/CVE-2022-40157.json b/2022/40xxx/CVE-2022-40157.json index 53abfb3113e..bd3f53b5e6f 100644 --- a/2022/40xxx/CVE-2022-40157.json +++ b/2022/40xxx/CVE-2022-40157.json @@ -1,85 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@apache.org", - "ID": "CVE-2022-40157", - "STATE": "PUBLIC", - "TITLE": "Stack Overflow in JXPath" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "jxpath", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_value": "1.3" - } - ] - } - } - ] - }, - "vendor_name": "jxpath" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-40157", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Those using JXPath to interpret XPath may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack." + "value": "** DISPUTED ** This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google in breach of the CNA rules. After review by the JXPath maintainers, the original report was found to be invalid." } ] }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 7.7, - "baseSeverity": "HIGH", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", - "version": "3.1" - } - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-121 Stack-based Buffer Overflow" + "value": "CWE-121 Stack-based Buffer Overflow", + "cweId": "CWE-121" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "jxpath", + "product": { + "product_data": [ + { + "product_name": "jxpath", + "version": { + "version_data": [ + { + "version_value": "unspecified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "refsource": "MISC", "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47061", + "refsource": "MISC", "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47061" } ] }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, "source": { "discovery": "INTERNAL" } diff --git a/2022/40xxx/CVE-2022-40158.json b/2022/40xxx/CVE-2022-40158.json index c4ed15ac62d..08f7f1f7203 100644 --- a/2022/40xxx/CVE-2022-40158.json +++ b/2022/40xxx/CVE-2022-40158.json @@ -1,85 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@apache.org", - "ID": "CVE-2022-40158", - "STATE": "PUBLIC", - "TITLE": "Stack Overflow in JXPath" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "jxpath", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_value": "1.3" - } - ] - } - } - ] - }, - "vendor_name": "jxpath" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-40158", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Those using JXPath to interpret XPath may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack." + "value": "** DISPUTED ** This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google in breach of the CNA rules. After review by the JXPath maintainers, the original report was found to be invalid." } ] }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 7.7, - "baseSeverity": "HIGH", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", - "version": "3.1" - } - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-121 Stack-based Buffer Overflow" + "value": "CWE-121 Stack-based Buffer Overflow", + "cweId": "CWE-121" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "jxpath", + "product": { + "product_data": [ + { + "product_name": "jxpath", + "version": { + "version_data": [ + { + "version_value": "unspecified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "refsource": "MISC", "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47058", + "refsource": "MISC", "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47058" } ] }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, "source": { "discovery": "INTERNAL" } diff --git a/2022/40xxx/CVE-2022-40159.json b/2022/40xxx/CVE-2022-40159.json index bfcef39d788..d457e14f543 100644 --- a/2022/40xxx/CVE-2022-40159.json +++ b/2022/40xxx/CVE-2022-40159.json @@ -1,85 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@apache.org", - "ID": "CVE-2022-40159", - "STATE": "PUBLIC", - "TITLE": "Stack Overflow in JXPath" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "jxpath", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_value": "1.3" - } - ] - } - } - ] - }, - "vendor_name": "jxpath" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-40159", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Those using JXPath to interpret XPath may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack." + "value": "** DISPUTED ** This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google in breach of the CNA rules. After review by the JXPath maintainers, the original report was found to be invalid." } ] }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 7.7, - "baseSeverity": "HIGH", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", - "version": "3.1" - } - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-121 Stack-based Buffer Overflow" + "value": "CWE-121 Stack-based Buffer Overflow", + "cweId": "CWE-121" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "jxpath", + "product": { + "product_data": [ + { + "product_name": "jxpath", + "version": { + "version_data": [ + { + "version_value": "unspecified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "refsource": "MISC", "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47057", + "refsource": "MISC", "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47057" } ] }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, "source": { "discovery": "INTERNAL" } diff --git a/2022/40xxx/CVE-2022-40160.json b/2022/40xxx/CVE-2022-40160.json index 81c703ca923..1c5b3706030 100644 --- a/2022/40xxx/CVE-2022-40160.json +++ b/2022/40xxx/CVE-2022-40160.json @@ -1,37 +1,12 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@apache.org", - "ID": "CVE-2022-40160", - "STATE": "PUBLIC", - "TITLE": "Stack Overflow in JXPath" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "jxpath", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_value": "1.3" - } - ] - } - } - ] - }, - "vendor_name": "jxpath" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-40160", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { @@ -40,46 +15,55 @@ } ] }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 7.7, - "baseSeverity": "HIGH", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", - "version": "3.1" - } - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-121 Stack-based Buffer Overflow" + "value": "CWE-121 Stack-based Buffer Overflow", + "cweId": "CWE-121" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "jxpath", + "product": { + "product_data": [ + { + "product_name": "jxpath", + "version": { + "version_data": [ + { + "version_value": "unspecified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "refsource": "MISC", "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47053", + "refsource": "MISC", "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47053" } ] }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, "source": { "discovery": "INTERNAL" } diff --git a/2022/40xxx/CVE-2022-40161.json b/2022/40xxx/CVE-2022-40161.json index 0a21a19a0f3..d3f063a23ba 100644 --- a/2022/40xxx/CVE-2022-40161.json +++ b/2022/40xxx/CVE-2022-40161.json @@ -1,85 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@apache.org", - "ID": "CVE-2022-40161", - "STATE": "PUBLIC", - "TITLE": "Stack Overflow in JXPath" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "jxpath", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_value": "1.3" - } - ] - } - } - ] - }, - "vendor_name": "jxpath" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-40161", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Those using JXPath to interpret XPath may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack." + "value": "** DISPUTED ** This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google in breach of the CNA rules. After review by the JXPath maintainers, the original report was found to be invalid." } ] }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 7.7, - "baseSeverity": "HIGH", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", - "version": "3.1" - } - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-121 Stack-based Buffer Overflow" + "value": "CWE-121 Stack-based Buffer Overflow", + "cweId": "CWE-121" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "jxpath", + "product": { + "product_data": [ + { + "product_name": "jxpath", + "version": { + "version_data": [ + { + "version_value": "unspecified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "refsource": "MISC", "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47097", + "refsource": "MISC", "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47097" } ] }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, "source": { "discovery": "INTERNAL" } diff --git a/2022/41xxx/CVE-2022-41852.json b/2022/41xxx/CVE-2022-41852.json index 72213ea312d..c07e6a96dd5 100644 --- a/2022/41xxx/CVE-2022-41852.json +++ b/2022/41xxx/CVE-2022-41852.json @@ -1,86 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@apache.org", - "DATE_PUBLIC": "2022-07-28T22:00:00.000Z", - "ID": "CVE-2022-41852", - "STATE": "PUBLIC", - "TITLE": "Remote code execution in jxpath" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "jxpath", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_value": "1.3" - } - ] - } - } - ] - }, - "vendor_name": "jxpath" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-41852", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Those using JXPath to interpret untrusted XPath expressions may be vulnerable to a remote code execution attack. All JXPathContext class functions processing a XPath string are vulnerable except compile() and compilePath() function. The XPath expression can be used by an attacker to load any Java class from the classpath resulting in code execution." + "value": "** DISPUTED ** This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google in breach of the CNA rules. After review by the JXPath maintainers, the original report was found to be invalid." } ] }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 7.7, - "baseSeverity": "HIGH", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", - "version": "3.1" - } - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')" + "value": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + "cweId": "CWE-470" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "jxpath", + "product": { + "product_data": [ + { + "product_name": "jxpath", + "version": { + "version_data": [ + { + "version_value": "unspecified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "refsource": "MISC", "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47133", + "refsource": "MISC", "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47133" } ] }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, "source": { "discovery": "INTERNAL" } diff --git a/2022/43xxx/CVE-2022-43753.json b/2022/43xxx/CVE-2022-43753.json index bf63ea2b7e2..f8901801b10 100644 --- a/2022/43xxx/CVE-2022-43753.json +++ b/2022/43xxx/CVE-2022-43753.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "security@suse.de", + "ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2022-11-04T00:00:00.000Z", "ID": "CVE-2022-43753", "STATE": "PUBLIC", @@ -68,7 +68,7 @@ "description_data": [ { "lang": "eng", - "value": "A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to read files available to the user running the process, typically tomcat.\nThis issue affects:\nSUSE Linux Enterprise Module for SUSE Manager Server 4.2\nhub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-150300.3.3.2, py27-compat-salt-3000.3-150300.7.7.26.2, python-urlgrabber-3.10.2.1py2_3-150300.3.3.2, spacecmd-4.2.20-150300.4.30.2, spacewalk-backend-4.2.25-150300.4.32.4, spacewalk-client-tools-4.2.21-150300.4.27.3, spacewalk-java-4.2.43-150300.3.48.2, spacewalk-utils-4.2.18-150300.3.21.2, spacewalk-web-4.2.30-150300.3.30.3, susemanager-4.2.38-150300.3.44.3, susemanager-doc-indexes-4.2-150300.12.36.3, susemanager-docs_en-4.2-150300.12.36.2, susemanager-schema-4.2.25-150300.3.30.3, susemanager-sls versions prior to 4.2.28.\nSUSE Linux Enterprise Module for SUSE Manager Server 4.3\nspacewalk-java versions prior to 4.3.39.\nSUSE Manager Server 4.2\nrelease-notes-susemanager versions prior to 4.2.10." + "value": "A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to read files available to the user running the process, typically tomcat. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-150300.3.3.2, py27-compat-salt-3000.3-150300.7.7.26.2, python-urlgrabber-3.10.2.1py2_3-150300.3.3.2, spacecmd-4.2.20-150300.4.30.2, spacewalk-backend-4.2.25-150300.4.32.4, spacewalk-client-tools-4.2.21-150300.4.27.3, spacewalk-java-4.2.43-150300.3.48.2, spacewalk-utils-4.2.18-150300.3.21.2, spacewalk-web-4.2.30-150300.3.30.3, susemanager-4.2.38-150300.3.44.3, susemanager-doc-indexes-4.2-150300.12.36.3, susemanager-docs_en-4.2-150300.12.36.2, susemanager-schema-4.2.25-150300.3.30.3, susemanager-sls versions prior to 4.2.28. SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39. SUSE Manager Server 4.2 release-notes-susemanager versions prior to 4.2.10." } ] }, diff --git a/2022/43xxx/CVE-2022-43754.json b/2022/43xxx/CVE-2022-43754.json index 085ccb9234a..ea9098a554a 100644 --- a/2022/43xxx/CVE-2022-43754.json +++ b/2022/43xxx/CVE-2022-43754.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "security@suse.de", + "ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2022-11-04T00:00:00.000Z", "ID": "CVE-2022-43754", "STATE": "PUBLIC", @@ -68,7 +68,7 @@ "description_data": [ { "lang": "eng", - "value": "An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to embed Javascript code via /rhn/audit/scap/Search.do \nThis issue affects:\nSUSE Linux Enterprise Module for SUSE Manager Server 4.2\nhub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-150300.3.3.2, py27-compat-salt-3000.3-150300.7.7.26.2, python-urlgrabber-3.10.2.1py2_3-150300.3.3.2, spacecmd-4.2.20-150300.4.30.2, spacewalk-backend-4.2.25-150300.4.32.4, spacewalk-client-tools-4.2.21-150300.4.27.3, spacewalk-java-4.2.43-150300.3.48.2, spacewalk-utils-4.2.18-150300.3.21.2, spacewalk-web-4.2.30-150300.3.30.3, susemanager-4.2.38-150300.3.44.3, susemanager-doc-indexes-4.2-150300.12.36.3, susemanager-docs_en-4.2-150300.12.36.2, susemanager-schema-4.2.25-150300.3.30.3, susemanager-sls versions prior to 4.2.28.\nSUSE Linux Enterprise Module for SUSE Manager Server 4.3\nspacewalk-java versions prior to 4.3.39.\nSUSE Manager Server 4.2\nrelease-notes-susemanager versions prior to 4.2.10." + "value": "An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to embed Javascript code via /rhn/audit/scap/Search.do This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-150300.3.3.2, py27-compat-salt-3000.3-150300.7.7.26.2, python-urlgrabber-3.10.2.1py2_3-150300.3.3.2, spacecmd-4.2.20-150300.4.30.2, spacewalk-backend-4.2.25-150300.4.32.4, spacewalk-client-tools-4.2.21-150300.4.27.3, spacewalk-java-4.2.43-150300.3.48.2, spacewalk-utils-4.2.18-150300.3.21.2, spacewalk-web-4.2.30-150300.3.30.3, susemanager-4.2.38-150300.3.44.3, susemanager-doc-indexes-4.2-150300.12.36.3, susemanager-docs_en-4.2-150300.12.36.2, susemanager-schema-4.2.25-150300.3.30.3, susemanager-sls versions prior to 4.2.28. SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39. SUSE Manager Server 4.2 release-notes-susemanager versions prior to 4.2.10." } ] }, diff --git a/2022/44xxx/CVE-2022-44087.json b/2022/44xxx/CVE-2022-44087.json index 0b75a004ba6..53d56a3ff29 100644 --- a/2022/44xxx/CVE-2022-44087.json +++ b/2022/44xxx/CVE-2022-44087.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-44087", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-44087", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component UPFILE_PIC_ZOOM_HIGHT." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://espcms.com", + "refsource": "MISC", + "name": "http://espcms.com" + }, + { + "url": "https://gitee.com/earclink/espcms/issues/I5WSA0", + "refsource": "MISC", + "name": "https://gitee.com/earclink/espcms/issues/I5WSA0" } ] } diff --git a/2022/44xxx/CVE-2022-44088.json b/2022/44xxx/CVE-2022-44088.json index c000803c8d8..d716ca2e5fa 100644 --- a/2022/44xxx/CVE-2022-44088.json +++ b/2022/44xxx/CVE-2022-44088.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-44088", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-44088", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component INPUT_ISDESCRIPTION." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://espcms.com", + "refsource": "MISC", + "name": "http://espcms.com" + }, + { + "url": "https://gitee.com/earclink/espcms/issues/I5WSND", + "refsource": "MISC", + "name": "https://gitee.com/earclink/espcms/issues/I5WSND" } ] } diff --git a/2022/44xxx/CVE-2022-44089.json b/2022/44xxx/CVE-2022-44089.json index 6d652662107..6e47f11ec89 100644 --- a/2022/44xxx/CVE-2022-44089.json +++ b/2022/44xxx/CVE-2022-44089.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-44089", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-44089", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component IS_GETCACHE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://espcms.com", + "refsource": "MISC", + "name": "http://espcms.com" + }, + { + "url": "https://gitee.com/earclink/espcms/issues/I5WSQ1", + "refsource": "MISC", + "name": "https://gitee.com/earclink/espcms/issues/I5WSQ1" } ] }