From 6bb1c3a6d02d4256b19ad5c7c0c454ee5d840c5e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 12 Feb 2022 03:01:11 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/43xxx/CVE-2021-43859.json | 10 ++++ 2021/44xxx/CVE-2021-44648.json | 10 ++++ 2021/45xxx/CVE-2021-45341.json | 5 ++ 2021/45xxx/CVE-2021-45342.json | 5 ++ 2021/45xxx/CVE-2021-45343.json | 5 ++ 2022/21xxx/CVE-2022-21699.json | 10 ++++ 2022/22xxx/CVE-2022-22765.json | 95 +++++++++++++++++++++++++++++++--- 2022/23xxx/CVE-2022-23990.json | 10 ++++ 2022/24xxx/CVE-2022-24311.json | 5 ++ 2022/24xxx/CVE-2022-24312.json | 5 ++ 2022/24xxx/CVE-2022-24313.json | 5 ++ 2022/24xxx/CVE-2022-24315.json | 5 ++ 2022/24xxx/CVE-2022-24316.json | 5 ++ 2022/24xxx/CVE-2022-24317.json | 5 ++ 14 files changed, 173 insertions(+), 7 deletions(-) diff --git a/2021/43xxx/CVE-2021-43859.json b/2021/43xxx/CVE-2021-43859.json index cd71f1ffb20..c04fed584a2 100644 --- a/2021/43xxx/CVE-2021-43859.json +++ b/2021/43xxx/CVE-2021-43859.json @@ -88,6 +88,16 @@ "refsource": "MLIST", "name": "[oss-security] 20220209 Vulnerability in Jenkins", "url": "http://www.openwall.com/lists/oss-security/2022/02/09/1" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-ad5cf1c0dd", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XODFRE2ZL64FICBJDOPWOLPTSSAI4U7X/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-983a78275c", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VACQYG356OHUTD5WQGAQ4L2TTFTAV3SJ/" } ] }, diff --git a/2021/44xxx/CVE-2021-44648.json b/2021/44xxx/CVE-2021-44648.json index ac3e0b3a3d3..8ff956ba482 100644 --- a/2021/44xxx/CVE-2021-44648.json +++ b/2021/44xxx/CVE-2021-44648.json @@ -61,6 +61,16 @@ "url": "https://sahildhar.github.io/blogpost/GdkPixbuf-Heap-Buffer-Overflow-in-lzw_decoder_new/", "refsource": "MISC", "name": "https://sahildhar.github.io/blogpost/GdkPixbuf-Heap-Buffer-Overflow-in-lzw_decoder_new/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-725db8230b", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PEKBMOO52RXONWKB6ZKKHTVPLF6WC3KF/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-a16e5d72fc", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEVTOGIJITK2N5AOOLKKMDIICZDQE6CH/" } ] } diff --git a/2021/45xxx/CVE-2021-45341.json b/2021/45xxx/CVE-2021-45341.json index effb94e584a..6f4f813adbf 100644 --- a/2021/45xxx/CVE-2021-45341.json +++ b/2021/45xxx/CVE-2021-45341.json @@ -56,6 +56,11 @@ "url": "https://github.com/LibreCAD/LibreCAD/issues/1462", "refsource": "MISC", "name": "https://github.com/LibreCAD/LibreCAD/issues/1462" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-08d7ee21f7", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUMH3CWGVSMR2UIZEA35Q5UB7PDVVVYS/" } ] } diff --git a/2021/45xxx/CVE-2021-45342.json b/2021/45xxx/CVE-2021-45342.json index 1e8adef1ccc..f56c2b3932c 100644 --- a/2021/45xxx/CVE-2021-45342.json +++ b/2021/45xxx/CVE-2021-45342.json @@ -56,6 +56,11 @@ "url": "https://github.com/LibreCAD/LibreCAD/issues/1464", "refsource": "MISC", "name": "https://github.com/LibreCAD/LibreCAD/issues/1464" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-08d7ee21f7", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUMH3CWGVSMR2UIZEA35Q5UB7PDVVVYS/" } ] } diff --git a/2021/45xxx/CVE-2021-45343.json b/2021/45xxx/CVE-2021-45343.json index ddb6ba73851..94277e4fbff 100644 --- a/2021/45xxx/CVE-2021-45343.json +++ b/2021/45xxx/CVE-2021-45343.json @@ -56,6 +56,11 @@ "url": "https://github.com/LibreCAD/LibreCAD/issues/1468", "refsource": "MISC", "name": "https://github.com/LibreCAD/LibreCAD/issues/1468" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-08d7ee21f7", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUMH3CWGVSMR2UIZEA35Q5UB7PDVVVYS/" } ] } diff --git a/2022/21xxx/CVE-2022-21699.json b/2022/21xxx/CVE-2022-21699.json index 9d9e2bc93bc..204896cce7e 100644 --- a/2022/21xxx/CVE-2022-21699.json +++ b/2022/21xxx/CVE-2022-21699.json @@ -105,6 +105,16 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20220124 [SECURITY] [DLA 2896-1] ipython security update", "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00021.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-b58d156ab0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CRQRTWHYXMLDJ572VGVUZMUPEOTPM3KB/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-b9e38f8a56", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZ7LVZBB4D7KVSFNEQUBEHFO3JW6D2ZK/" } ] }, diff --git a/2022/22xxx/CVE-2022-22765.json b/2022/22xxx/CVE-2022-22765.json index 95094fe2f18..65151a852e7 100644 --- a/2022/22xxx/CVE-2022-22765.json +++ b/2022/22xxx/CVE-2022-22765.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cybersecurity@bd.com", + "DATE_PUBLIC": "2022-02-11T21:00:00.000Z", "ID": "CVE-2022-22765", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "BD Viper LT System - Hardcoded Credentials" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BD Viper LT System", + "version": { + "version_data": [ + { + "version_affected": ">", + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "Becton Dickinson (BD)" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). BD Viper LT system versions 4.0 and later utilize Microsoft Windows 10 and have additional Operating System hardening configurations which increase the attack complexity required to exploit this vulnerability." } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-798 Use of Hard-coded Credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://cybersecurity.bd.com/bulletins-and-patches/bd-viper-lt-system-%E2%80%93-hardcoded-credentials", + "refsource": "CONFIRM", + "url": "https://cybersecurity.bd.com/bulletins-and-patches/bd-viper-lt-system-%E2%80%93-hardcoded-credentials" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The fix is expected in BD Viper LT system version 4.80 software release." + } + ], + "source": { + "discovery": "INTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "Ensure physical access controls are in place and only authorized end-users have access to the BD Viper\u00e2\u201e\u00a2 LT system. Disconnect the BD Viper LT system from network access, where applicable. If the BD Viper LT system must be connected to a network, ensure industry standard network security policies and procedures are followed." + } + ] } \ No newline at end of file diff --git a/2022/23xxx/CVE-2022-23990.json b/2022/23xxx/CVE-2022-23990.json index 73849493f3b..11fdf97880a 100644 --- a/2022/23xxx/CVE-2022-23990.json +++ b/2022/23xxx/CVE-2022-23990.json @@ -61,6 +61,16 @@ "refsource": "CONFIRM", "name": "https://www.tenable.com/security/tns-2022-05", "url": "https://www.tenable.com/security/tns-2022-05" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-d2abd0858e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7FF2UH7MPXKTADYSJUAHI2Y5UHBSHUH/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-88f6a3d290", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34NXVL2RZC2YZRV74ZQ3RNFB7WCEUP7D/" } ] } diff --git a/2022/24xxx/CVE-2022-24311.json b/2022/24xxx/CVE-2022-24311.json index e57e0455192..77f2af9faf0 100644 --- a/2022/24xxx/CVE-2022-24311.json +++ b/2022/24xxx/CVE-2022-24311.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-01", "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-01" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-320/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-320/" } ] }, diff --git a/2022/24xxx/CVE-2022-24312.json b/2022/24xxx/CVE-2022-24312.json index 0d459034800..b6322efeff1 100644 --- a/2022/24xxx/CVE-2022-24312.json +++ b/2022/24xxx/CVE-2022-24312.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-01", "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-01" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-321/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-321/" } ] }, diff --git a/2022/24xxx/CVE-2022-24313.json b/2022/24xxx/CVE-2022-24313.json index 2be4a9b5c43..91af903a55c 100644 --- a/2022/24xxx/CVE-2022-24313.json +++ b/2022/24xxx/CVE-2022-24313.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-01", "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-01" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-325/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-325/" } ] }, diff --git a/2022/24xxx/CVE-2022-24315.json b/2022/24xxx/CVE-2022-24315.json index b98a38b4eb0..81e814e2edb 100644 --- a/2022/24xxx/CVE-2022-24315.json +++ b/2022/24xxx/CVE-2022-24315.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-01", "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-01" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-322/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-322/" } ] }, diff --git a/2022/24xxx/CVE-2022-24316.json b/2022/24xxx/CVE-2022-24316.json index 99fec9bdf91..6db5d732999 100644 --- a/2022/24xxx/CVE-2022-24316.json +++ b/2022/24xxx/CVE-2022-24316.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-01", "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-01" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-323/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-323/" } ] }, diff --git a/2022/24xxx/CVE-2022-24317.json b/2022/24xxx/CVE-2022-24317.json index f9efa3ec505..742401ea7f1 100644 --- a/2022/24xxx/CVE-2022-24317.json +++ b/2022/24xxx/CVE-2022-24317.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-01", "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-01" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-324/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-324/" } ] },