From 77ad00268e157c0155c30a2ff4150c825fc26e6d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 25 Aug 2022 18:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/5xxx/CVE-2018-5483.json | 14 ++--- 2018/5xxx/CVE-2018-5494.json | 14 ++--- 2021/20xxx/CVE-2021-20192.json | 4 +- 2021/20xxx/CVE-2021-20258.json | 4 +- 2021/20xxx/CVE-2021-20287.json | 4 +- 2021/20xxx/CVE-2021-20301.json | 4 +- 2021/42xxx/CVE-2021-42521.json | 50 +++++++++++++++- 2021/42xxx/CVE-2021-42522.json | 50 +++++++++++++++- 2021/42xxx/CVE-2021-42523.json | 50 +++++++++++++++- 2021/43xxx/CVE-2021-43766.json | 55 +++++++++++++++++- 2021/43xxx/CVE-2021-43767.json | 55 +++++++++++++++++- 2021/4xxx/CVE-2021-4022.json | 50 +++++++++++++++- 2021/4xxx/CVE-2021-4042.json | 4 +- 2021/4xxx/CVE-2021-4141.json | 4 +- 2022/0xxx/CVE-2022-0135.json | 50 +++++++++++++++- 2022/23xxx/CVE-2022-23235.json | 50 +++++++++++++++- 2022/23xxx/CVE-2022-23715.json | 57 +++++++++++++++++-- 2022/2xxx/CVE-2022-2031.json | 50 +++++++++++++++- 2022/2xxx/CVE-2022-2255.json | 60 +++++++++++++++++++- 2022/2xxx/CVE-2022-2463.json | 87 ++++++++++++++++++++++++++-- 2022/2xxx/CVE-2022-2464.json | 87 ++++++++++++++++++++++++++-- 2022/2xxx/CVE-2022-2465.json | 87 ++++++++++++++++++++++++++-- 2022/2xxx/CVE-2022-2959.json | 55 +++++++++++++++++- 2022/2xxx/CVE-2022-2991.json | 55 +++++++++++++++++- 2022/2xxx/CVE-2022-2993.json | 18 ++++++ 2022/32xxx/CVE-2022-32742.json | 50 +++++++++++++++- 2022/32xxx/CVE-2022-32744.json | 50 +++++++++++++++- 2022/32xxx/CVE-2022-32745.json | 50 +++++++++++++++- 2022/32xxx/CVE-2022-32746.json | 50 +++++++++++++++- 2022/36xxx/CVE-2022-36358.json | 93 ++++++++++++++++++++++++++++-- 2022/37xxx/CVE-2022-37952.json | 101 ++++++++++++++++++++++++++++++--- 2022/37xxx/CVE-2022-37953.json | 101 ++++++++++++++++++++++++++++++--- 32 files changed, 1397 insertions(+), 116 deletions(-) create mode 100644 2022/2xxx/CVE-2022-2993.json diff --git a/2018/5xxx/CVE-2018-5483.json b/2018/5xxx/CVE-2018-5483.json index e98dffbe748..35e47b5ef3b 100644 --- a/2018/5xxx/CVE-2018-5483.json +++ b/2018/5xxx/CVE-2018-5483.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-5483", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-5483", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2018/5xxx/CVE-2018-5494.json b/2018/5xxx/CVE-2018-5494.json index 50d89c6f4d0..68edf953842 100644 --- a/2018/5xxx/CVE-2018-5494.json +++ b/2018/5xxx/CVE-2018-5494.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-5494", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-5494", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2021/20xxx/CVE-2021-20192.json b/2021/20xxx/CVE-2021-20192.json index 4c6e4b0c37a..38157499db8 100644 --- a/2021/20xxx/CVE-2021-20192.json +++ b/2021/20xxx/CVE-2021-20192.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-20192", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2021/20xxx/CVE-2021-20258.json b/2021/20xxx/CVE-2021-20258.json index 0c4d21c293e..1b3318b3c14 100644 --- a/2021/20xxx/CVE-2021-20258.json +++ b/2021/20xxx/CVE-2021-20258.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-20258", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2021/20xxx/CVE-2021-20287.json b/2021/20xxx/CVE-2021-20287.json index d921011c668..a3ef82c14e7 100644 --- a/2021/20xxx/CVE-2021-20287.json +++ b/2021/20xxx/CVE-2021-20287.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-20287", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2021/20xxx/CVE-2021-20301.json b/2021/20xxx/CVE-2021-20301.json index 0abc065330c..c9e6dab6674 100644 --- a/2021/20xxx/CVE-2021-20301.json +++ b/2021/20xxx/CVE-2021-20301.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-20301", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2021/42xxx/CVE-2021-42521.json b/2021/42xxx/CVE-2021-42521.json index cc9582fd5dc..4634df6b739 100644 --- a/2021/42xxx/CVE-2021-42521.json +++ b/2021/42xxx/CVE-2021-42521.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-42521", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "patrick@puiterwijk.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "vtk", + "version": { + "version_data": [ + { + "version_value": "VTK - 9.0.0 and before" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gitlab.kitware.com/vtk/vtk/issues/17818", + "url": "https://gitlab.kitware.com/vtk/vtk/issues/17818" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a NULL pointer dereference vulnerability in VTK, and it lies in IO/Infovis/vtkXMLTreeReader.cxx. The vendor didn't check the return value of libxml2 API 'xmlDocGetRootElement', and try to dereference it. It is unsafe as the return value can be NULL and that NULL pointer dereference may crash the application." } ] } diff --git a/2021/42xxx/CVE-2021-42522.json b/2021/42xxx/CVE-2021-42522.json index ed692d64ebf..93746656213 100644 --- a/2021/42xxx/CVE-2021-42522.json +++ b/2021/42xxx/CVE-2021-42522.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-42522", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "patrick@puiterwijk.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "GNOME anjuta", + "version": { + "version_data": [ + { + "version_value": "anjuta - 2.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gitlab.gnome.org/GNOME/anjuta/-/issues/12", + "url": "https://gitlab.gnome.org/GNOME/anjuta/-/issues/12" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a Information Disclosure vulnerability in anjuta/plugins/document-manager/anjuta-bookmarks.c. This issue was caused by the incorrect use of libxml2 API. The vendor forgot to call 'g_free()' to release the return value of 'xmlGetProp()'." } ] } diff --git a/2021/42xxx/CVE-2021-42523.json b/2021/42xxx/CVE-2021-42523.json index e5f5b042ffc..71b099aff73 100644 --- a/2021/42xxx/CVE-2021-42523.json +++ b/2021/42xxx/CVE-2021-42523.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-42523", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "patrick@puiterwijk.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "colord", + "version": { + "version_data": [ + { + "version_value": "colord - 1.4.4, 1.4.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/hughsie/colord/issues/110", + "url": "https://github.com/hughsie/colord/issues/110" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There are two Information Disclosure vulnerabilities in colord, and they lie in colord/src/cd-device-db.c and colord/src/cd-profile-db.c separately. They exist because the 'err_msg' of 'sqlite3_exec' is not releasing after use, while libxml2 emphasizes that the caller needs to release it." } ] } diff --git a/2021/43xxx/CVE-2021-43766.json b/2021/43xxx/CVE-2021-43766.json index f10f6665c10..83ef1cbba4a 100644 --- a/2021/43xxx/CVE-2021-43766.json +++ b/2021/43xxx/CVE-2021-43766.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-43766", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "patrick@puiterwijk.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Odyssey", + "version": { + "version_data": [ + { + "version_value": "Odyssey 1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.postgresql.org/support/security/CVE-2021-23214/", + "url": "https://www.postgresql.org/support/security/CVE-2021-23214/" + }, + { + "refsource": "MISC", + "name": "https://github.com/yandex/odyssey/issues/376,", + "url": "https://github.com/yandex/odyssey/issues/376," + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Odyssey passes to server unencrypted bytes from man-in-the-middle When Odyssey is configured to use certificate Common Name for client authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. This is similar to CVE-2021-23214 for PostgreSQL." } ] } diff --git a/2021/43xxx/CVE-2021-43767.json b/2021/43xxx/CVE-2021-43767.json index 371fcd1f93a..6e039fcd50c 100644 --- a/2021/43xxx/CVE-2021-43767.json +++ b/2021/43xxx/CVE-2021-43767.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-43767", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "patrick@puiterwijk.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Odyssey", + "version": { + "version_data": [ + { + "version_value": "Odyssey 1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-522" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.postgresql.org/support/security/CVE-2021-23222/", + "url": "https://www.postgresql.org/support/security/CVE-2021-23222/" + }, + { + "refsource": "MISC", + "name": "https://github.com/yandex/odyssey/issues/377,", + "url": "https://github.com/yandex/odyssey/issues/377," + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using 'trust' authentication with a 'clientcert' requirement or to use 'cert' authentication, a man-in-the-middle attacker can inject false responses to the client's first few queries. Despite the use of SSL certificate verification and encryption, Odyssey will pass these results to client as if they originated from valid server. This is similar to CVE-2021-23222 for PostgreSQL." } ] } diff --git a/2021/4xxx/CVE-2021-4022.json b/2021/4xxx/CVE-2021-4022.json index 015ffc33fff..956ff750050 100644 --- a/2021/4xxx/CVE-2021-4022.json +++ b/2021/4xxx/CVE-2021-4022.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-4022", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "patrick@puiterwijk.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "rizin", + "version": { + "version_data": [ + { + "version_value": "rizin 0.3.1 and before" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/rizinorg/rizin/issues/2015", + "url": "https://github.com/rizinorg/rizin/issues/2015" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in rizin. The bug involves an ELF64 binary for the HPPA architecture. When a specially crafted binarygets analysed by rizin, it causes rizin to crash by freeing an uninitialized (and potentially user controlled, depending on the build) memory address." } ] } diff --git a/2021/4xxx/CVE-2021-4042.json b/2021/4xxx/CVE-2021-4042.json index 3b5c79cc690..c66df37b3f7 100644 --- a/2021/4xxx/CVE-2021-4042.json +++ b/2021/4xxx/CVE-2021-4042.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-4042", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2021/4xxx/CVE-2021-4141.json b/2021/4xxx/CVE-2021-4141.json index 6427313c4d7..cbb34c08765 100644 --- a/2021/4xxx/CVE-2021-4141.json +++ b/2021/4xxx/CVE-2021-4141.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-4141", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2022/0xxx/CVE-2022-0135.json b/2022/0xxx/CVE-2022-0135.json index e3b2d4c356a..92039bd90af 100644 --- a/2022/0xxx/CVE-2022-0135.json +++ b/2022/0xxx/CVE-2022-0135.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-0135", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "virglrenderer", + "version": { + "version_data": [ + { + "version_value": "virglrenderer 0.8.1 and after" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2037790", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2037790" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl, leading to a denial of service or possible code execution." } ] } diff --git a/2022/23xxx/CVE-2022-23235.json b/2022/23xxx/CVE-2022-23235.json index c8f98d74c29..ff67523e86b 100644 --- a/2022/23xxx/CVE-2022-23235.json +++ b/2022/23xxx/CVE-2022-23235.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23235", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@netapp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Active IQ Unified Manager", + "version": { + "version_data": [ + { + "version_value": "prior to 9.10P1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20220324-0001/", + "url": "https://security.netapp.com/advisory/ntap-20220324-0001/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.10P1 are susceptible to a vulnerability which could allow an attacker to discover cluster, node and Active IQ Unified Manager specific information via AutoSupport telemetry data that is sent even when AutoSupport has been disabled." } ] } diff --git a/2022/23xxx/CVE-2022-23715.json b/2022/23xxx/CVE-2022-23715.json index f5a8aebab96..e90c9c223b3 100644 --- a/2022/23xxx/CVE-2022-23715.json +++ b/2022/23xxx/CVE-2022-23715.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", "data_format": "MITRE", + "data_type": "CVE", "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@elastic.co", "ID": "CVE-2022-23715", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Elastic", + "product": { + "product_data": [ + { + "product_name": "Elastic Cloud Enterprise", + "version": { + "version_data": [ + { + "version_value": "Versions through 3.4.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-532" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.elastic.co/community/security", + "refsource": "MISC", + "name": "https://www.elastic.co/community/security" + }, + { + "url": "https://discuss.elastic.co/t/elastic-cloud-enterprise-3-4-0-security-update/312825", + "refsource": "MISC", + "name": "https://discuss.elastic.co/t/elastic-cloud-enterprise-3-4-0-security-update/312825" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or deployment logs in the Logging and Monitoring cluster. The affected APIs are PATCH /api/v1/user and PATCH /deployments/{deployment_id}/elasticsearch/{ref_id}/keystore" } ] } diff --git a/2022/2xxx/CVE-2022-2031.json b/2022/2xxx/CVE-2022-2031.json index 373a3069bde..aebd0e69859 100644 --- a/2022/2xxx/CVE-2022-2031.json +++ b/2022/2xxx/CVE-2022-2031.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2031", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "samba", + "version": { + "version_data": [ + { + "version_value": "Versions prior to samba 4.16.4, samba 4.15.9, samba 4.14.14" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-288" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.samba.org/samba/security/CVE-2022-2031.html", + "url": "https://www.samba.org/samba/security/CVE-2022-2031.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other services." } ] } diff --git a/2022/2xxx/CVE-2022-2255.json b/2022/2xxx/CVE-2022-2255.json index 243619024d8..a91672685e5 100644 --- a/2022/2xxx/CVE-2022-2255.json +++ b/2022/2xxx/CVE-2022-2255.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2255", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "mod_wsgi", + "version": { + "version_data": [ + { + "version_value": "mod_wsgi versions prior to 4.9.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-348" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://modwsgi.readthedocs.io/en/latest/release-notes/version-4.9.3.html", + "url": "https://modwsgi.readthedocs.io/en/latest/release-notes/version-4.9.3.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/GrahamDumpleton/mod_wsgi/blob/4.9.2/src/server/mod_wsgi.c#L13940-L13941", + "url": "https://github.com/GrahamDumpleton/mod_wsgi/blob/4.9.2/src/server/mod_wsgi.c#L13940-L13941" + }, + { + "refsource": "MISC", + "name": "https://github.com/GrahamDumpleton/mod_wsgi/blob/4.9.2/src/server/mod_wsgi.c#L14046-L14082", + "url": "https://github.com/GrahamDumpleton/mod_wsgi/blob/4.9.2/src/server/mod_wsgi.c#L14046-L14082" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing." } ] } diff --git a/2022/2xxx/CVE-2022-2463.json b/2022/2xxx/CVE-2022-2463.json index 239bc7bc00e..d7141c996ef 100644 --- a/2022/2xxx/CVE-2022-2463.json +++ b/2022/2xxx/CVE-2022-2463.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2022-2463", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "ISaGRAF Workbench Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-22" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ISaGRAF Workbench", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "6.0", + "version_value": "6.6.9" + } + ] + } + } + ] + }, + "vendor_name": "Rockwell Automation" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Mashav Sapir of Claroty Research reported these vulnerabilities to Rockwell Automation and CISA." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. A crafted malicious .7z exchange file may allow an attacker to gain the privileges of the ISaGRAF Workbench software when opened. If the software is running at the SYSTEM level, then the attacker will gain admin level privileges. User interaction is required for this exploit to be successful." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-03", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-03" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2464.json b/2022/2xxx/CVE-2022-2464.json index dac44c9f621..25b04da35bb 100644 --- a/2022/2xxx/CVE-2022-2464.json +++ b/2022/2xxx/CVE-2022-2464.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2022-2464", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "ISaGRAF Workbench Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-22" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ISaGRAF Workbench", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "6.0", + "version_value": "6.6.9" + } + ] + } + } + ] + }, + "vendor_name": "Rockwell Automation" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Mashav Sapir of Claroty Research reported these vulnerabilities to Rockwell Automation and CISA." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. Crafted malicious files can allow an attacker to traverse the file system when opened by ISaGRAF Workbench. If successfully exploited, an attacker could overwrite existing files and create additional files with the same permissions of the ISaGRAF Workbench software. User interaction is required for this exploit to be successful." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-03", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-03" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2465.json b/2022/2xxx/CVE-2022-2465.json index 901b1bda8d9..e9f62ac0dca 100644 --- a/2022/2xxx/CVE-2022-2465.json +++ b/2022/2xxx/CVE-2022-2465.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2022-2465", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "ISaGRAF Workbench Deserialization of Untrusted Data CWE-502" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ISaGRAF Workbench", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "6.0", + "version_value": "6.6.9" + } + ] + } + } + ] + }, + "vendor_name": "Rockwell Automation" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Mashav Sapir of Claroty Research reported these vulnerabilities to Rockwell Automation and CISA." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Deserialization of Untrusted Data vulnerability. ISaGRAF Workbench does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in ISaGRAF Workbench, may result in remote code execution. This vulnerability requires user interaction to be successfully exploited." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502 Deserialization of Untrusted Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-03", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-03" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2959.json b/2022/2xxx/CVE-2022-2959.json index bb9c7382053..befd1ce7ed6 100644 --- a/2022/2xxx/CVE-2022-2959.json +++ b/2022/2xxx/CVE-2022-2959.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2959", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "kernel", + "version": { + "version_data": [ + { + "version_value": "Fixed in kernel 5.19" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-667" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-1165/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1165/" + }, + { + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/189b0ddc245139af81198d1a3637cac74f96e13a", + "url": "https://github.com/torvalds/linux/commit/189b0ddc245139af81198d1a3637cac74f96e13a" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system." } ] } diff --git a/2022/2xxx/CVE-2022-2991.json b/2022/2xxx/CVE-2022-2991.json index b37fcb3eb89..a7a92b292c4 100644 --- a/2022/2xxx/CVE-2022-2991.json +++ b/2022/2xxx/CVE-2022-2991.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2991", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "kernel", + "version": { + "version_data": [ + { + "version_value": "Fixed in kernel 5.15-rc1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-960/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-960/" + }, + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/drivers/lightnvm/Kconfig?h=v5.10.114&id=549209caabc89f2877ad5f62d11fca5c052e0e8", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/drivers/lightnvm/Kconfig?h=v5.10.114&id=549209caabc89f2877ad5f62d11fca5c052e0e8" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A heap-based buffer overflow was found in the Linux kernel's LightNVM subsystem. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. This vulnerability allows a local attacker to escalate privileges and execute arbitrary code in the context of the kernel. The attacker must first obtain the ability to execute high-privileged code on the target system to exploit this vulnerability." } ] } diff --git a/2022/2xxx/CVE-2022-2993.json b/2022/2xxx/CVE-2022-2993.json new file mode 100644 index 00000000000..93ee69fdded --- /dev/null +++ b/2022/2xxx/CVE-2022-2993.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2993", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/32xxx/CVE-2022-32742.json b/2022/32xxx/CVE-2022-32742.json index 5d97ab2cf72..817bc494d8d 100644 --- a/2022/32xxx/CVE-2022-32742.json +++ b/2022/32xxx/CVE-2022-32742.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-32742", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "samba", + "version": { + "version_data": [ + { + "version_value": "Versions prior to samba 4.16.4, samba 4.15.9, samba 4.14.14" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.samba.org/samba/security/CVE-2022-32742.html", + "url": "https://www.samba.org/samba/security/CVE-2022-32742.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer)." } ] } diff --git a/2022/32xxx/CVE-2022-32744.json b/2022/32xxx/CVE-2022-32744.json index d0e8ccee17b..b4974476462 100644 --- a/2022/32xxx/CVE-2022-32744.json +++ b/2022/32xxx/CVE-2022-32744.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-32744", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "samba", + "version": { + "version_data": [ + { + "version_value": "Versions prior to samba 4.16.4, samba 4.15.9, samba 4.14.14" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-290" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.samba.org/samba/security/CVE-2022-32744.html", + "url": "https://www.samba.org/samba/security/CVE-2022-32744.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover." } ] } diff --git a/2022/32xxx/CVE-2022-32745.json b/2022/32xxx/CVE-2022-32745.json index 87a6fa88a7c..0da16c6bf46 100644 --- a/2022/32xxx/CVE-2022-32745.json +++ b/2022/32xxx/CVE-2022-32745.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-32745", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "samba", + "version": { + "version_data": [ + { + "version_value": "Versions prior to samba 4.16.4, samba 4.15.9, samba 4.14.14" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "(CWE-125|CWE-457)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.samba.org/samba/security/CVE-2022-32745.html", + "url": "https://www.samba.org/samba/security/CVE-2022-32745.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault." } ] } diff --git a/2022/32xxx/CVE-2022-32746.json b/2022/32xxx/CVE-2022-32746.json index e29d9bd43c0..ec8f7cae82e 100644 --- a/2022/32xxx/CVE-2022-32746.json +++ b/2022/32xxx/CVE-2022-32746.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-32746", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "samba", + "version": { + "version_data": [ + { + "version_value": "Versions prior to samba 4.16.4, samba 4.15.9, samba 4.14.14" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.samba.org/samba/security/CVE-2022-32746.html", + "url": "https://www.samba.org/samba/security/CVE-2022-32746.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl." } ] } diff --git a/2022/36xxx/CVE-2022-36358.json b/2022/36xxx/CVE-2022-36358.json index 6e9a9e7cfa7..f3389b1284d 100644 --- a/2022/36xxx/CVE-2022-36358.json +++ b/2022/36xxx/CVE-2022-36358.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-08-25T10:37:00.000Z", "ID": "CVE-2022-36358", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress SEO Scout plugin <= 0.9.83 - Cross-Site Request Forgery (CSRF) vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SEO Scout", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 0.9.83", + "version_value": "0.9.83" + } + ] + } + } + ] + }, + "vendor_name": "SEO Scout" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by ptsfence (Patchstack Alliance)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in SEO Scout plugin <= 0.9.83 at WordPress allows attackers to trick users with administrative rights to unintentionally change the plugin settings." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://patchstack.com/database/vulnerability/ab-rankings-testing-tool/wordpress-seo-scout-plugin-0-9-83-cross-site-request-forgery-csrf-vulnerability", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/ab-rankings-testing-tool/wordpress-seo-scout-plugin-0-9-83-cross-site-request-forgery-csrf-vulnerability" + }, + { + "name": "https://wordpress.org/plugins/ab-rankings-testing-tool/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/ab-rankings-testing-tool/" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/37xxx/CVE-2022-37952.json b/2022/37xxx/CVE-2022-37952.json index 2e3f35c2cad..166deb74c63 100644 --- a/2022/37xxx/CVE-2022-37952.json +++ b/2022/37xxx/CVE-2022-37952.json @@ -1,18 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "GEPowerCVD@ge.com", + "DATE_PUBLIC": "2022-08-23T21:00:00.000Z", "ID": "CVE-2022-37952", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WorkstationST - Reflected XSS in iHistorian Data Display Tags" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WorkstationST", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "07.09.15" + } + ] + } + } + ] + }, + "vendor_name": "GE Gas Power" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "GE Gas Power would like to thank Ammar Majali for his evaluation and responsible disclosure of this vulnerability. " + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A reflected cross-site scripting (XSS) vulnerability exists in the iHistorian Data Display of WorkstationST (= 7.09.15 which can be found in ControlST 7.09.07c SP8 and higher." + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "Customers should follow the guidance laid out in GEH-6839. The best practices described in that document limit the likelihood and impact of a wide variety of attacks." + } + ] } \ No newline at end of file diff --git a/2022/37xxx/CVE-2022-37953.json b/2022/37xxx/CVE-2022-37953.json index c1ac3295326..d6dcdd26b22 100644 --- a/2022/37xxx/CVE-2022-37953.json +++ b/2022/37xxx/CVE-2022-37953.json @@ -1,18 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "GEPowerCVD@ge.com", + "DATE_PUBLIC": "2022-08-23T21:00:00.000Z", "ID": "CVE-2022-37953", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WorkstationST - Response Splitting in AM Gateway Challenge-Response" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WorkstationST", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "07.09.15" + } + ] + } + } + ] + }, + "vendor_name": "GE Gas Power" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "GE Gas Power would like to thank Ammar Majali for his evaluation and responsible disclosure of this vulnerability. " + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An HTTP response splitting vulnerability exists in the AM Gateway Challenge-Response dialog of WorkstationST (= 7.09.15 which can be found in ControlST 7.09.07c SP8 and higher." + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "Customers should follow the guidance laid out in GEH-6839. The best practices described in that document limit the likelihood and impact of a wide variety of attacks." + } + ] } \ No newline at end of file