admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-11-23 18:00:36 +00:00
parent 9f2d993002
commit 6fd1d24624
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
15 changed files with 494 additions and 107 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
2009/1xxx/CVE-2009-1142.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1142",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugs.gentoo.org/264577",
"refsource": "MISC",
"name": "https://bugs.gentoo.org/264577"
},
{
"url": "https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848",
"refsource": "MISC",
"name": "https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848"
}
]
}

53
2009/1xxx/CVE-2009-1143.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1143",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugs.gentoo.org/264577",
"refsource": "MISC",
"name": "https://bugs.gentoo.org/264577"
},
{
"url": "https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848",
"refsource": "MISC",
"name": "https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848"
}
]
}

15
2020/1xxx/CVE-2020-1045.json
View File

@ -69,6 +69,21 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-48fa1ad65c",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ASICXQXS4M7MTAF6SGQMCLCA63DLCUT3/"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/dotnet/core/blob/main/release-notes/3.1/3.1.8/3.1.8.md#changes-in-318",
"url": "https://github.com/dotnet/core/blob/main/release-notes/3.1/3.1.8/3.1.8.md#changes-in-318"
},
{
"refsource": "MISC",
"name": "https://security.snyk.io/vuln/SNYK-RHEL8-DOTNET-1439600",
"url": "https://security.snyk.io/vuln/SNYK-RHEL8-DOTNET-1439600"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:3699",
"url": "https://access.redhat.com/errata/RHSA-2020:3699"
}
]
}

56
2021/35xxx/CVE-2021-35284.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-35284",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-35284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL Injection vulnerability in function get_user in login_manager.php in rizalafani cms-php v1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/rizalafani/cms-php/issues/1",
"refsource": "MISC",
"name": "https://github.com/rizalafani/cms-php/issues/1"
}
]
}

6
2021/38xxx/CVE-2021-38578.json
View File

@ -40,7 +40,7 @@
"version": {
"version_data": [
{
"version_value": "edk2-stable201808",
"version_value": "edk-stable202208",
"version_affected": "="
}
]
@ -74,10 +74,10 @@
{
"base64": false,
"type": "text/html",
"value": "<a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/tianocore/edk2/commit/cab1f02565d3b29081dd21afb074f35fdb4e1fd6\">https://github.com/tianocore/edk2/commit/cab1f02565d3b29081dd21afb074f35fdb4e1fd6</a><br>"
"value": "patch&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/tianocore/edk2/commit/cab1f02565d3b29081dd21afb074f35fdb4e1fd6\">https://github.com/tianocore/edk2/commit/cab1f02565d3b29081dd21afb074f35fdb4e1fd6</a><br><br>"
}
],
"value": " https://github.com/tianocore/edk2/commit/cab1f02565d3b29081dd21afb074f35fdb4e1fd6 https://github.com/tianocore/edk2/commit/cab1f02565d3b29081dd21afb074f35fdb4e1fd6 \n"
"value": "patch\u00a0 https://github.com/tianocore/edk2/commit/cab1f02565d3b29081dd21afb074f35fdb4e1fd6 https://github.com/tianocore/edk2/commit/cab1f02565d3b29081dd21afb074f35fdb4e1fd6 \n\n"
}
],
"impact": {

133
2022/23xxx/CVE-2022-23740.json
View File

@ -1,73 +1,74 @@
{
"CVE_data_meta": {
"ASSIGNER": "product-cna@github.com",
"ID": "CVE-2022-23740",
"STATE": "PUBLIC",
"TITLE": "Improper Neutralization of Argument Delimiters in a Command in GitHub Enterprise Server leading to Remote Code Execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitHub Enterprise Server",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.7",
"version_value": "3.7.1"
}
]
"CVE_data_meta": {
"ASSIGNER": "product-cna@github.com",
"ID": "CVE-2022-23740",
"STATE": "PUBLIC",
"TITLE": "Improper Neutralization of Argument Delimiters in a Command in GitHub Enterprise Server leading to Remote Code Execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitHub Enterprise Server",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.7",
"version_value": "3.7.1"
}
]
}
}
]
},
"vendor_name": "GitHub"
}
}
]
},
"vendor_name": "GitHub"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "yvvdwf"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. To exploit this vulnerability, an attacker would need permission to create and build GitHub Pages using GitHub Actions. This vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
},
"credit": [
{
"lang": "eng",
"value": "CWE-88"
}
"value": "yvvdwf"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. To exploit this vulnerability, an attacker would need permission to create and build GitHub Pages using GitHub Actions. This vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.1"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-88"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.1",
"name": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.1"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

7
2022/34xxx/CVE-2022-34526.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file."
"value": "A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file parsed by the \"tiffsplit\" or \"tiffcrop\" utilities."
}
]
},
@ -66,6 +66,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220930-0002/",
"url": "https://security.netapp.com/advisory/ntap-20220930-0002/"
},
{
"refsource": "MISC",
"name": "https://gitlab.com/libtiff/libtiff/-/issues/486",
"url": "https://gitlab.com/libtiff/libtiff/-/issues/486"
}
]
}

12
2022/36xxx/CVE-2022-36111.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "immudb is a database with built-in cryptographic proof and verification. In versions prior to 1.4.1, a malicious immudb server can provide a falsified proof that will be accepted by the client SDK signing a falsified transaction replacing the genuine one. This situation can not be triggered by a genuine immudb server and requires the client to perform a specific list of verified operations resulting in acceptance of an invalid state value. This vulnerability only affects immudb client SDKs, the immudb server itself is not affected by this vulnerability.\n\nThis issue has been patched in version 1.4.1."
"value": "immudb is a database with built-in cryptographic proof and verification. In versions prior to 1.4.1, a malicious immudb server can provide a falsified proof that will be accepted by the client SDK signing a falsified transaction replacing the genuine one. This situation can not be triggered by a genuine immudb server and requires the client to perform a specific list of verified operations resulting in acceptance of an invalid state value. This vulnerability only affects immudb client SDKs, the immudb server itself is not affected by this vulnerability. This issue has been patched in version 1.4.1."
}
]
},
@ -69,16 +69,16 @@
},
"references": {
"reference_data": [
{
"name": "https://github.com/codenotary/immudb/security/advisories/GHSA-672p-m5jq-mrh8",
"refsource": "CONFIRM",
"url": "https://github.com/codenotary/immudb/security/advisories/GHSA-672p-m5jq-mrh8"
},
{
"name": "https://github.com/codenotary/immudb/releases/tag/v1.4.1",
"refsource": "MISC",
"url": "https://github.com/codenotary/immudb/releases/tag/v1.4.1"
},
{
"name": "https://github.com/codenotary/immudb/security/advisories/GHSA-672p-m5jq-mrh8",
"refsource": "CONFIRM",
"url": "https://github.com/codenotary/immudb/security/advisories/GHSA-672p-m5jq-mrh8"
},
{
"name": "https://github.com/codenotary/immudb/tree/master/docs/security/vulnerabilities/linear-fake",
"refsource": "MISC",

7
2022/38xxx/CVE-2022-38266.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue in the Leptonica linked library (v1.79.0) in Tesseract v5.0.0 allows attackers to cause an arithmetic exception leading to a Denial of Service (DoS) via a crafted JPEG file."
"value": "An issue in the Leptonica linked library (v1.79.0) allows attackers to cause an arithmetic exception leading to a Denial of Service (DoS) via a crafted JPEG file."
}
]
},
@ -56,6 +56,11 @@
"url": "https://github.com/tesseract-ocr/tesseract/issues/3498",
"refsource": "MISC",
"name": "https://github.com/tesseract-ocr/tesseract/issues/3498"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/DanBloomberg/leptonica/commit/f062b42c0ea8dddebdc6a152fd16152de215d614",
"url": "https://github.com/DanBloomberg/leptonica/commit/f062b42c0ea8dddebdc6a152fd16152de215d614"
}
]
}

48
2022/39xxx/CVE-2022-39833.json
View File

@ -5,13 +5,57 @@
"CVE_data_meta": {
"ID": "CVE-2022-39833",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.filecloud.com/supportdocs/fcdoc/latest/server/security-advisories/2022-security-advisories/advisory-2022-10-01-unauthorized-access-and-potential-remote-code-execution",
"url": "https://www.filecloud.com/supportdocs/fcdoc/latest/server/security-advisories/2022-security-advisories/advisory-2022-10-01-unauthorized-access-and-potential-remote-code-execution"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "FileCloud Versions 20.2 and later allows remote attackers to potentially cause unauthorized remote code execution and access to reported API endpoints via a crafted HTTP request."
}
]
}

66
2022/40xxx/CVE-2022-40304.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-40304",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-40304",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags",
"refsource": "MISC",
"name": "https://gitlab.gnome.org/GNOME/libxml2/-/tags"
},
{
"refsource": "MISC",
"name": "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3"
},
{
"refsource": "MISC",
"name": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b"
}
]
}

61
2022/40xxx/CVE-2022-40771.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-40771",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-40771",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://manageengine.com",
"refsource": "MISC",
"name": "https://manageengine.com"
},
{
"refsource": "MISC",
"name": "https://www.manageengine.com/products/service-desk/CVE-2022-40771.html",
"url": "https://www.manageengine.com/products/service-desk/CVE-2022-40771.html"
}
]
}

61
2022/40xxx/CVE-2022-40772.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-40772",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-40772",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://manageengine.com",
"refsource": "MISC",
"name": "https://manageengine.com"
},
{
"refsource": "MISC",
"name": "https://www.manageengine.com/products/service-desk/CVE-2022-40772.html",
"url": "https://www.manageengine.com/products/service-desk/CVE-2022-40772.html"
}
]
}

5
2022/42xxx/CVE-2022-42905.json
View File

@ -61,6 +61,11 @@
"url": "https://github.com/wolfSSL/wolfssl/releases",
"refsource": "MISC",
"name": "https://github.com/wolfSSL/wolfssl/releases"
},
{
"refsource": "MISC",
"name": "https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.2-stable",
"url": "https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.2-stable"
}
]
}

18
2022/4xxx/CVE-2022-4131.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4131",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}