diff --git a/2022/0xxx/CVE-2022-0695.json b/2022/0xxx/CVE-2022-0695.json new file mode 100644 index 00000000000..599593609b7 --- /dev/null +++ b/2022/0xxx/CVE-2022-0695.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-0695", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0696.json b/2022/0xxx/CVE-2022-0696.json new file mode 100644 index 00000000000..0f72d6cd618 --- /dev/null +++ b/2022/0xxx/CVE-2022-0696.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-0696", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22126.json b/2022/22xxx/CVE-2022-22126.json index 0f3ebf09d68..eb1d1c710b7 100644 --- a/2022/22xxx/CVE-2022-22126.json +++ b/2022/22xxx/CVE-2022-22126.json @@ -1,9 +1,9 @@ { "CVE_data_meta": { - "ASSIGNER": "daniel.elkabes@whitesourcesoftware.com", + "ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com", "ID": "CVE-2022-22126", "STATE": "PUBLIC", - "TITLE": "Openmct XSS via the “Web Page” element" + "TITLE": "Openmct XSS via the \u201cWeb Page\u201d element" }, "affects": { "vendor": { @@ -48,7 +48,7 @@ "description_data": [ { "lang": "eng", - "value": "Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Web Page” element, that allows the injection of malicious JavaScript into the ‘URL’ field.\n\nThis issue affects:\nnasa openmct \n1.7.7 version and prior versions;\n1.3.0 version and later versions." + "value": "Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the \u201cWeb Page\u201d element, that allows the injection of malicious JavaScript into the \u2018URL\u2019 field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions." } ] }, @@ -86,8 +86,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://github.com/nasa/openmct/commit/abc93d0ec4b104dac1ea5f8a615d06e3ab78934a" + "refsource": "MISC", + "url": "https://github.com/nasa/openmct/commit/abc93d0ec4b104dac1ea5f8a615d06e3ab78934a", + "name": "https://github.com/nasa/openmct/commit/abc93d0ec4b104dac1ea5f8a615d06e3ab78934a" } ] }, @@ -95,4 +96,4 @@ "advisory": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22126", "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2022/23xxx/CVE-2022-23053.json b/2022/23xxx/CVE-2022-23053.json index 561b6ad59d1..30b174f7a32 100644 --- a/2022/23xxx/CVE-2022-23053.json +++ b/2022/23xxx/CVE-2022-23053.json @@ -1,9 +1,9 @@ { "CVE_data_meta": { - "ASSIGNER": "daniel.elkabes@whitesourcesoftware.com", + "ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com", "ID": "CVE-2022-23053", "STATE": "PUBLIC", - "TITLE": "Openmct XSS via the “Condition Widget”" + "TITLE": "Openmct XSS via the \u201cCondition Widget\u201d" }, "affects": { "vendor": { @@ -48,7 +48,7 @@ "description_data": [ { "lang": "eng", - "value": "Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Condition Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field.\n\nThis issue affects:\nnasa openmct \n1.7.7 version and prior versions;\n1.3.0 version and later versions." + "value": "Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the \u201cCondition Widget\u201d element, that allows the injection of malicious JavaScript into the \u2018URL\u2019 field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions." } ] }, @@ -86,8 +86,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://github.com/nasa/openmct/commit/abc93d0ec4b104dac1ea5f8a615d06e3ab78934a" + "refsource": "MISC", + "url": "https://github.com/nasa/openmct/commit/abc93d0ec4b104dac1ea5f8a615d06e3ab78934a", + "name": "https://github.com/nasa/openmct/commit/abc93d0ec4b104dac1ea5f8a615d06e3ab78934a" } ] }, @@ -95,4 +96,4 @@ "advisory": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23053", "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2022/23xxx/CVE-2022-23054.json b/2022/23xxx/CVE-2022-23054.json index f0de5ec650e..695f13b1860 100644 --- a/2022/23xxx/CVE-2022-23054.json +++ b/2022/23xxx/CVE-2022-23054.json @@ -1,9 +1,9 @@ { "CVE_data_meta": { - "ASSIGNER": "daniel.elkabes@whitesourcesoftware.com", + "ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com", "ID": "CVE-2022-23054", "STATE": "PUBLIC", - "TITLE": "Openmct XSS via the “Summary Widget” " + "TITLE": "Openmct XSS via the \u201cSummary Widget\u201d " }, "affects": { "vendor": { @@ -48,7 +48,7 @@ "description_data": [ { "lang": "eng", - "value": "Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Summary Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field.\n\nThis issue affects:\nnasa openmct \n1.7.7 version and prior versions;\n1.3.0 version and later versions." + "value": "Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the \u201cSummary Widget\u201d element, that allows the injection of malicious JavaScript into the \u2018URL\u2019 field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions." } ] }, @@ -86,8 +86,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://github.com/nasa/openmct/commit/abc93d0ec4b104dac1ea5f8a615d06e3ab78934a" + "refsource": "MISC", + "url": "https://github.com/nasa/openmct/commit/abc93d0ec4b104dac1ea5f8a615d06e3ab78934a", + "name": "https://github.com/nasa/openmct/commit/abc93d0ec4b104dac1ea5f8a615d06e3ab78934a" } ] }, @@ -95,4 +96,4 @@ "advisory": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23054", "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2022/25xxx/CVE-2022-25258.json b/2022/25xxx/CVE-2022-25258.json index 8aab0474630..c95b2c36247 100644 --- a/2022/25xxx/CVE-2022-25258.json +++ b/2022/25xxx/CVE-2022-25258.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory corruption might occur." + "value": "An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory corruption might occur." } ] }, diff --git a/2022/25xxx/CVE-2022-25372.json b/2022/25xxx/CVE-2022-25372.json new file mode 100644 index 00000000000..d9b97710dce --- /dev/null +++ b/2022/25xxx/CVE-2022-25372.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2022-25372", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/pritunl/pritunl-client-electron/blob/caa78d626198b6961f3f39eca2acd39064c2df96/CHANGES#L6", + "refsource": "MISC", + "name": "https://github.com/pritunl/pritunl-client-electron/blob/caa78d626198b6961f3f39eca2acd39064c2df96/CHANGES#L6" + }, + { + "url": "https://github.com/pritunl/pritunl-client-electron/commit/e16d47437f8ef62546aa00edb0d64be2a7d2205b", + "refsource": "MISC", + "name": "https://github.com/pritunl/pritunl-client-electron/commit/e16d47437f8ef62546aa00edb0d64be2a7d2205b" + } + ] + } +} \ No newline at end of file diff --git a/2022/25xxx/CVE-2022-25373.json b/2022/25xxx/CVE-2022-25373.json new file mode 100644 index 00000000000..d73644d9b42 --- /dev/null +++ b/2022/25xxx/CVE-2022-25373.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-25373", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/25xxx/CVE-2022-25374.json b/2022/25xxx/CVE-2022-25374.json new file mode 100644 index 00000000000..0a60aaec8d6 --- /dev/null +++ b/2022/25xxx/CVE-2022-25374.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-25374", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/25xxx/CVE-2022-25375.json b/2022/25xxx/CVE-2022-25375.json new file mode 100644 index 00000000000..70f29d58182 --- /dev/null +++ b/2022/25xxx/CVE-2022-25375.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2022-25375", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.10", + "refsource": "MISC", + "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.10" + }, + { + "url": "https://github.com/torvalds/linux/commit/38ea1eac7d88072bbffb630e2b3db83ca649b826", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/38ea1eac7d88072bbffb630e2b3db83ca649b826" + }, + { + "url": "https://github.com/szymonh/rndis-co", + "refsource": "MISC", + "name": "https://github.com/szymonh/rndis-co" + } + ] + } +} \ No newline at end of file diff --git a/2022/25xxx/CVE-2022-25376.json b/2022/25xxx/CVE-2022-25376.json new file mode 100644 index 00000000000..1103be3ecd9 --- /dev/null +++ b/2022/25xxx/CVE-2022-25376.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-25376", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file