admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-12 02:05:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

JPCERT/CC 2022-12-21-17-06

Browse Source
This commit is contained in:
Ikuya Fukumoto 2022-12-21 17:06:44 +09:00
parent 4f68390d3e
commit 786015f027
No known key found for this signature in database
GPG Key ID: 603034D3468A3441
5 changed files with 244 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
2022/43xxx/CVE-2022-43543.json
View File

@ -4,14 +4,64 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-43543",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "KDDI CORPORATION, NTT DOCOMO, INC., and SoftBank Corp.",
"product": {
"product_data": [
{
"product_name": "KDDI +Message App for Android and for iOS, NTT DOCOMO +Message App for Android and for iOS, and SoftBank +Message App for Android and for iOS",
"version": {
"version_data": [
{
"version_value": "KDDI +Message App for Android prior to version 3.9.2 and +Message App for iOS prior to version 3.9.4, NTT DOCOMO +Message App for Android prior to version 54.49.0500 and +Message App for iOS prior to version 3.9.4, and SoftBank +Message App for Android prior to version 12.9.5 and +Message App for iOS prior to version 3.9.4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "User Interface (UI) Misrepresentation of Critical Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.au.com/mobile/service/plus-message/information/"
},
{
"url": "https://www.docomo.ne.jp/service/plus_message/"
},
{
"url": "https://www.softbank.jp/mobile/service/plus-message/"
},
{
"url": "https://jvn.jp/en/jp/JVN43561812/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "KDDI +Message App, NTT DOCOMO +Message App, and SoftBank +Message App contain a vulnerability caused by improper handling of Unicode control characters. +Message App displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode control character's specifications. Therefore, a crafted text may display misleading web links. As a result, a spoofed URL may be displayed and phishing attacks may be conducted. Affected products and versions are as follows: KDDI +Message App for Android prior to version 3.9.2 and +Message App for iOS prior to version 3.9.4, NTT DOCOMO +Message App for Android prior to version 54.49.0500 and +Message App for iOS prior to version 3.9.4, and SoftBank +Message App for Android prior to version 12.9.5 and +Message App for iOS prior to version 3.9.4"
}
]
}

53
2022/44xxx/CVE-2022-44449.json
View File

@ -4,14 +4,61 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-44449",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Zenphoto",
"product": {
"product_data": [
{
"product_name": "Zenphoto",
"version": {
"version_data": [
{
"version_value": "versions prior to 1.6"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/zenphoto/zenphoto"
},
{
"url": "https://www.zenphoto.org/"
},
{
"url": "https://jvn.jp/en/jp/JVN06093462/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Stored cross-site scripting vulnerability in Zenphoto versions prior to 1.6 allows remote a remote authenticated attacker with an administrative privilege to inject an arbitrary script."
}
]
}

47
2022/46xxx/CVE-2022-46282.json
View File

@ -4,14 +4,55 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-46282",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "OMRON Corporation",
"product": {
"product_data": [
{
"product_name": "CX-Drive",
"version": {
"version_data": [
{
"version_value": "V3.00 and earlier"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jvn.jp/en/vu/JVNVU92689335/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Use after free vulnerability in CX-Drive V3.00 and earlier allows a local attacker to execute arbitrary code by having a user to open a specially crafted file,"
}
]
}

53
2022/46xxx/CVE-2022-46330.json
View File

@ -4,14 +4,61 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-46330",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Squirrel",
"product": {
"product_data": [
{
"product_name": "Installers generated by Squirrel.Windows",
"version": {
"version_data": [
{
"version_value": "2.0.1 and earlier"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Uncontrolled Search Path Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/Squirrel/Squirrel.Windows/pull/1807"
},
{
"url": "https://github.com/Squirrel/Squirrel.Windows"
},
{
"url": "https://jvn.jp/en/jp/JVN29902403/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Squirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications. Installers generated by Squirrel.Windows 2.0.1 and earlier contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer."
}
]
}

50
2022/46xxx/CVE-2022-46662.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-46662",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Corel Corporation",
"product": {
"product_data": [
{
"product_name": "Roxio Creator LJB",
"version": {
"version_data": [
{
"version_value": "version number 12.2 build number 106B62B, version number 12.2 build number 106B63A, version number 12.2 build number 106B69A, version number 12.2 build number 106B71A, and version number 12.2 build number 106B74A"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unquoted Search Path or Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://kb.corel.com/jp/129393"
},
{
"url": "https://jvn.jp/en/jp/JVN13075438/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Roxio Creator LJB starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service. The affected product and versions are as follows: Roxio Creator LJB version number 12.2 build number 106B62B, version number 12.2 build number 106B63A, version number 12.2 build number 106B69A, version number 12.2 build number 106B71A, and version number 12.2 build number 106B74A)"
}
]
}