admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-12-27 01:00:43 +00:00
parent 5e290e4dc3
commit 68d9e08f97
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
9 changed files with 456 additions and 559 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

154
2022/42xxx/CVE-2022-42856.json
View File

@ -1,79 +1,19 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42856",
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "16.2"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "13.1"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "15.7"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "16.1"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "16.2"
}
]
}
}
]
}
}
]
}
"description": {
"description_data": [
{
"lang": "eng",
"value": "A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.."
}
]
},
"problemtype": {
"problemtype_data": [
@ -87,70 +27,86 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_value": "unspecified",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213535",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/HT213535"
},
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213532",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/HT213532"
},
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213531",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/HT213531"
},
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213516",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/HT213516"
},
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213537",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/HT213537"
},
{
"refsource": "FULLDISC",
"name": "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2",
"url": "http://seclists.org/fulldisclosure/2022/Dec/21"
"url": "http://seclists.org/fulldisclosure/2022/Dec/23",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2022/Dec/23"
},
{
"refsource": "FULLDISC",
"name": "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1",
"url": "http://seclists.org/fulldisclosure/2022/Dec/23"
"url": "http://seclists.org/fulldisclosure/2022/Dec/26",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2022/Dec/26"
},
{
"refsource": "FULLDISC",
"name": "20221220 APPLE-SA-2022-12-13-3 iOS 16.1.2",
"url": "http://seclists.org/fulldisclosure/2022/Dec/22"
"url": "http://seclists.org/fulldisclosure/2022/Dec/21",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2022/Dec/21"
},
{
"refsource": "FULLDISC",
"name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2",
"url": "http://seclists.org/fulldisclosure/2022/Dec/26"
"url": "http://seclists.org/fulldisclosure/2022/Dec/28",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2022/Dec/28"
},
{
"refsource": "FULLDISC",
"name": "20221220 APPLE-SA-2022-12-13-9 Safari 16.2",
"url": "http://seclists.org/fulldisclosure/2022/Dec/28"
"url": "http://seclists.org/fulldisclosure/2022/Dec/22",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2022/Dec/22"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221226 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0011",
"url": "http://www.openwall.com/lists/oss-security/2022/12/26/1"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.."
"url": "http://www.openwall.com/lists/oss-security/2022/12/26/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/12/26/1"
}
]
}

165
2022/42xxx/CVE-2022-42863.json
View File

@ -1,79 +1,19 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42863",
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "16.2"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "13.1"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "16.2"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "9.2"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "16.2"
}
]
}
}
]
}
}
]
}
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
@ -87,70 +27,97 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_value": "unspecified",
"version_affected": "="
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_value": "unspecified",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213535",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/HT213535"
},
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213532",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/HT213532"
},
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213530",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/HT213530"
},
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213536",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/HT213536"
},
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213537",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/HT213537"
},
{
"refsource": "FULLDISC",
"name": "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2",
"url": "http://seclists.org/fulldisclosure/2022/Dec/20"
"url": "http://seclists.org/fulldisclosure/2022/Dec/20",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2022/Dec/20"
},
{
"refsource": "FULLDISC",
"name": "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1",
"url": "http://seclists.org/fulldisclosure/2022/Dec/23"
"url": "http://seclists.org/fulldisclosure/2022/Dec/23",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2022/Dec/23"
},
{
"refsource": "FULLDISC",
"name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2",
"url": "http://seclists.org/fulldisclosure/2022/Dec/26"
"url": "http://seclists.org/fulldisclosure/2022/Dec/26",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2022/Dec/26"
},
{
"refsource": "FULLDISC",
"name": "20221220 APPLE-SA-2022-12-13-9 Safari 16.2",
"url": "http://seclists.org/fulldisclosure/2022/Dec/28"
"url": "http://seclists.org/fulldisclosure/2022/Dec/28",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2022/Dec/28"
},
{
"refsource": "FULLDISC",
"name": "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2",
"url": "http://seclists.org/fulldisclosure/2022/Dec/27"
"url": "http://seclists.org/fulldisclosure/2022/Dec/27",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2022/Dec/27"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221226 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0011",
"url": "http://www.openwall.com/lists/oss-security/2022/12/26/1"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution."
"url": "http://www.openwall.com/lists/oss-security/2022/12/26/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/12/26/1"
}
]
}

165
2022/42xxx/CVE-2022-42867.json
View File

@ -1,79 +1,19 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42867",
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "16.2"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "13.1"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "16.2"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "9.2"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "16.2"
}
]
}
}
]
}
}
]
}
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
@ -87,70 +27,97 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_value": "unspecified",
"version_affected": "="
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_value": "unspecified",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213535",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/HT213535"
},
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213532",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/HT213532"
},
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213530",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/HT213530"
},
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213536",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/HT213536"
},
{
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213537",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/HT213537"
},
{
"refsource": "FULLDISC",
"name": "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2",
"url": "http://seclists.org/fulldisclosure/2022/Dec/20"
"url": "http://seclists.org/fulldisclosure/2022/Dec/20",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2022/Dec/20"
},
{
"refsource": "FULLDISC",
"name": "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1",
"url": "http://seclists.org/fulldisclosure/2022/Dec/23"
"url": "http://seclists.org/fulldisclosure/2022/Dec/23",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2022/Dec/23"
},
{
"refsource": "FULLDISC",
"name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2",
"url": "http://seclists.org/fulldisclosure/2022/Dec/26"
"url": "http://seclists.org/fulldisclosure/2022/Dec/26",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2022/Dec/26"
},
{
"refsource": "FULLDISC",
"name": "20221220 APPLE-SA-2022-12-13-9 Safari 16.2",
"url": "http://seclists.org/fulldisclosure/2022/Dec/28"
"url": "http://seclists.org/fulldisclosure/2022/Dec/28",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2022/Dec/28"
},
{
"refsource": "FULLDISC",
"name": "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2",
"url": "http://seclists.org/fulldisclosure/2022/Dec/27"
"url": "http://seclists.org/fulldisclosure/2022/Dec/27",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2022/Dec/27"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221226 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0011",
"url": "http://www.openwall.com/lists/oss-security/2022/12/26/1"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution."
"url": "http://www.openwall.com/lists/oss-security/2022/12/26/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/12/26/1"
}
]
}

56
2022/43xxx/CVE-2022-43551.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-43551",
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) `.`. Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cleartext Transmission of Sensitive Information (CWE-319)",
"cweId": "CWE-319"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,7 +40,8 @@
"version": {
"version_data": [
{
"version_value": "Fixed in curl 7.87.0"
"version_value": "Fixed in curl 7.87.0",
"version_affected": "="
}
]
}
@ -30,37 +52,17 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cleartext Transmission of Sensitive Information (CWE-319)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://hackerone.com/reports/1755083",
"refsource": "MISC",
"name": "https://hackerone.com/reports/1755083",
"url": "https://hackerone.com/reports/1755083"
"name": "https://hackerone.com/reports/1755083"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-d7ee33d4ad",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TVWZW5CNSJ7UYAF2BGSYAWAEXDJYUBHA/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) `.`. Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded."
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TVWZW5CNSJ7UYAF2BGSYAWAEXDJYUBHA/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TVWZW5CNSJ7UYAF2BGSYAWAEXDJYUBHA/"
}
]
}

95
2022/46xxx/CVE-2022-46341.json
View File

@ -1,34 +1,19 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-46341",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "xorg-x11-server",
"version": {
"version_data": [
{
"version_value": "xorg-x11-server-1.20.4"
}
]
}
}
]
}
}
]
}
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions."
}
]
},
"problemtype": {
"problemtype_data": [
@ -42,45 +27,61 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "xorg-x11-server",
"version": {
"version_data": [
{
"version_value": "xorg-x11-server-1.20.4",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151756",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2151756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151756"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2151756"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-46341",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-46341",
"url": "https://access.redhat.com/security/cve/CVE-2022-46341"
"name": "https://access.redhat.com/security/cve/CVE-2022-46341"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-c3a65f7c65",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/"
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-721a78b7e5",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/"
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/"
},
{
"refsource": "DEBIAN",
"name": "DSA-5304",
"url": "https://www.debian.org/security/2022/dsa-5304"
"url": "https://www.debian.org/security/2022/dsa-5304",
"refsource": "MISC",
"name": "https://www.debian.org/security/2022/dsa-5304"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-dd3eb7e0a8",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions."
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/"
}
]
}

95
2022/46xxx/CVE-2022-46342.json
View File

@ -1,34 +1,19 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-46342",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "xorg-x11-server",
"version": {
"version_data": [
{
"version_value": "xorg-x11-server-1.20.4"
}
]
}
}
]
}
}
]
}
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se"
}
]
},
"problemtype": {
"problemtype_data": [
@ -42,45 +27,61 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "xorg-x11-server",
"version": {
"version_data": [
{
"version_value": "xorg-x11-server-1.20.4",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151757",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2151757",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151757"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2151757"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-46342",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-46342",
"url": "https://access.redhat.com/security/cve/CVE-2022-46342"
"name": "https://access.redhat.com/security/cve/CVE-2022-46342"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-c3a65f7c65",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/"
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-721a78b7e5",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/"
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/"
},
{
"refsource": "DEBIAN",
"name": "DSA-5304",
"url": "https://www.debian.org/security/2022/dsa-5304"
"url": "https://www.debian.org/security/2022/dsa-5304",
"refsource": "MISC",
"name": "https://www.debian.org/security/2022/dsa-5304"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-dd3eb7e0a8",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se"
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/"
}
]
}

95
2022/46xxx/CVE-2022-46343.json
View File

@ -1,34 +1,19 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-46343",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "xorg-x11-server",
"version": {
"version_data": [
{
"version_value": "xorg-x11-server-1.20.4"
}
]
}
}
]
}
}
]
}
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions."
}
]
},
"problemtype": {
"problemtype_data": [
@ -42,45 +27,61 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "xorg-x11-server",
"version": {
"version_data": [
{
"version_value": "xorg-x11-server-1.20.4",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/cve/CVE-2022-46343",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-46343",
"url": "https://access.redhat.com/security/cve/CVE-2022-46343"
"name": "https://access.redhat.com/security/cve/CVE-2022-46343"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151758",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2151758",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151758"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2151758"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-c3a65f7c65",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/"
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-721a78b7e5",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/"
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/"
},
{
"refsource": "DEBIAN",
"name": "DSA-5304",
"url": "https://www.debian.org/security/2022/dsa-5304"
"url": "https://www.debian.org/security/2022/dsa-5304",
"refsource": "MISC",
"name": "https://www.debian.org/security/2022/dsa-5304"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-dd3eb7e0a8",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions."
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/"
}
]
}

95
2022/46xxx/CVE-2022-46344.json
View File

@ -1,34 +1,19 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-46344",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "xorg-x11-server",
"version": {
"version_data": [
{
"version_value": "xorg-x11-server-1.20.4"
}
]
}
}
]
}
}
]
}
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions."
}
]
},
"problemtype": {
"problemtype_data": [
@ -42,45 +27,61 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "xorg-x11-server",
"version": {
"version_data": [
{
"version_value": "xorg-x11-server-1.20.4",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/cve/CVE-2022-46344",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-46344",
"url": "https://access.redhat.com/security/cve/CVE-2022-46344"
"name": "https://access.redhat.com/security/cve/CVE-2022-46344"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151760",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2151760",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151760"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2151760"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-c3a65f7c65",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/"
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-721a78b7e5",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/"
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/"
},
{
"refsource": "DEBIAN",
"name": "DSA-5304",
"url": "https://www.debian.org/security/2022/dsa-5304"
"url": "https://www.debian.org/security/2022/dsa-5304",
"refsource": "MISC",
"name": "https://www.debian.org/security/2022/dsa-5304"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-dd3eb7e0a8",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions."
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/"
}
]
}

95
2022/4xxx/CVE-2022-4283.json
View File

@ -1,34 +1,19 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4283",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "xorg-x11-server",
"version": {
"version_data": [
{
"version_value": "xorg-x11-server-1.20.4"
}
]
}
}
]
}
}
]
}
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions."
}
]
},
"problemtype": {
"problemtype_data": [
@ -42,45 +27,61 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "xorg-x11-server",
"version": {
"version_data": [
{
"version_value": "xorg-x11-server-1.20.4",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151761",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2151761",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151761"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2151761"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-4283",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-4283",
"url": "https://access.redhat.com/security/cve/CVE-2022-4283"
"name": "https://access.redhat.com/security/cve/CVE-2022-4283"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-c3a65f7c65",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/"
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-721a78b7e5",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/"
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/"
},
{
"refsource": "DEBIAN",
"name": "DSA-5304",
"url": "https://www.debian.org/security/2022/dsa-5304"
"url": "https://www.debian.org/security/2022/dsa-5304",
"refsource": "MISC",
"name": "https://www.debian.org/security/2022/dsa-5304"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-dd3eb7e0a8",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions."
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/"
}
]
}