From 61fac7c7368b175a1d7964fafbf09628e38cc3e5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 12 Oct 2022 21:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/18xxx/CVE-2018-18446.json | 58 ++++++++++++++++++++++++++++-- 2018/18xxx/CVE-2018-18447.json | 58 ++++++++++++++++++++++++++++-- 2021/36xxx/CVE-2021-36369.json | 66 ++++++++++++++++++++++++++++++---- 2022/36xxx/CVE-2022-36067.json | 5 +++ 2022/40xxx/CVE-2022-40664.json | 5 +++ 2022/41xxx/CVE-2022-41316.json | 61 +++++++++++++++++++++++++++---- 6 files changed, 237 insertions(+), 16 deletions(-) diff --git a/2018/18xxx/CVE-2018-18446.json b/2018/18xxx/CVE-2018-18446.json index 8e209d36567..e0d0a31450f 100644 --- a/2018/18xxx/CVE-2018-18446.json +++ b/2018/18xxx/CVE-2018-18446.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18446", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 1 of 2)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.dotpdn.com", + "refsource": "MISC", + "name": "https://www.dotpdn.com" + }, + { + "url": "https://www.getpaint.net", + "refsource": "MISC", + "name": "https://www.getpaint.net" + }, + { + "refsource": "MISC", + "name": "https://blog.getpaint.net/2018/10/22/paint-net-4-1-2-is-now-available/", + "url": "https://blog.getpaint.net/2018/10/22/paint-net-4-1-2-is-now-available/" } ] } diff --git a/2018/18xxx/CVE-2018-18447.json b/2018/18xxx/CVE-2018-18447.json index b2d560af387..80f22a4bd95 100644 --- a/2018/18xxx/CVE-2018-18447.json +++ b/2018/18xxx/CVE-2018-18447.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18447", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 2 of 2)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.dotpdn.com", + "refsource": "MISC", + "name": "https://www.dotpdn.com" + }, + { + "url": "https://www.getpaint.net", + "refsource": "MISC", + "name": "https://www.getpaint.net" + }, + { + "refsource": "MISC", + "name": "https://blog.getpaint.net/2018/10/22/paint-net-4-1-2-is-now-available/", + "url": "https://blog.getpaint.net/2018/10/22/paint-net-4-1-2-is-now-available/" } ] } diff --git a/2021/36xxx/CVE-2021-36369.json b/2021/36xxx/CVE-2021-36369.json index 287cfb26a89..abd336620b9 100644 --- a/2021/36xxx/CVE-2021-36369.json +++ b/2021/36xxx/CVE-2021-36369.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36369", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36369", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measures such as FIDO2 tokens or SSH-Askpass. Thus, it allows an attacker to abuse a forwarded agent for logging on to another server unnoticed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/mkj/dropbear/pull/128", + "refsource": "MISC", + "name": "https://github.com/mkj/dropbear/pull/128" + }, + { + "url": "https://github.com/mkj/dropbear/releases", + "refsource": "MISC", + "name": "https://github.com/mkj/dropbear/releases" + }, + { + "refsource": "MISC", + "name": "https://github.com/mkj/dropbear/releases/tag/DROPBEAR_2022.82", + "url": "https://github.com/mkj/dropbear/releases/tag/DROPBEAR_2022.82" } ] } diff --git a/2022/36xxx/CVE-2022-36067.json b/2022/36xxx/CVE-2022-36067.json index 8cde1cdb367..08445308d7d 100644 --- a/2022/36xxx/CVE-2022-36067.json +++ b/2022/36xxx/CVE-2022-36067.json @@ -88,6 +88,11 @@ "name": "https://github.com/patriksimek/vm2/blob/master/lib/setup-sandbox.js#L71", "refsource": "MISC", "url": "https://github.com/patriksimek/vm2/blob/master/lib/setup-sandbox.js#L71" + }, + { + "refsource": "MISC", + "name": "https://www.oxeye.io/blog/vm2-sandbreak-vulnerability-cve-2022-36067", + "url": "https://www.oxeye.io/blog/vm2-sandbreak-vulnerability-cve-2022-36067" } ] }, diff --git a/2022/40xxx/CVE-2022-40664.json b/2022/40xxx/CVE-2022-40664.json index 2b19e8396d2..11e898836b6 100644 --- a/2022/40xxx/CVE-2022-40664.json +++ b/2022/40xxx/CVE-2022-40664.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[oss-security] 20221011 CVE-2022-40664: Apache Shiro: Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher", "url": "http://www.openwall.com/lists/oss-security/2022/10/12/1" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221012 Re: CVE-2022-40664: Apache Shiro: Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher", + "url": "http://www.openwall.com/lists/oss-security/2022/10/12/2" } ] }, diff --git a/2022/41xxx/CVE-2022-41316.json b/2022/41xxx/CVE-2022-41316.json index 040fa7ff422..462edabdb55 100644 --- a/2022/41xxx/CVE-2022-41316.json +++ b/2022/41xxx/CVE-2022-41316.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41316", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41316", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HashiCorp Vault and Vault Enterprise\u2019s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and 1.9.10." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://discuss.hashicorp.com", + "refsource": "MISC", + "name": "https://discuss.hashicorp.com" + }, + { + "refsource": "MISC", + "name": "https://discuss.hashicorp.com/t/hcsec-2022-24-vaults-tls-cert-auth-method-only-loaded-crl-after-first-request/45483", + "url": "https://discuss.hashicorp.com/t/hcsec-2022-24-vaults-tls-cert-auth-method-only-loaded-crl-after-first-request/45483" } ] }