diff --git a/2020/12xxx/CVE-2020-12944.json b/2020/12xxx/CVE-2020-12944.json index 4ecdb1ae5ed..6d474e444a3 100644 --- a/2020/12xxx/CVE-2020-12944.json +++ b/2020/12xxx/CVE-2020-12944.json @@ -1,7 +1,7 @@ { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", - "DATE_PUBLIC": "2021-11-09T20:00:00.000Z", + "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2020-12944", "STATE": "PUBLIC" }, @@ -12,34 +12,23 @@ "product": { "product_data": [ { - "product_name": "1st Gen AMD EPYC\u2122", + "product_name": "Ryzen\u2122 Series ", "version": { "version_data": [ { - "version_affected": "<", - "version_value": "NaplesPI-SP3_1.0.0.G" + "version_affected": "=", + "version_value": "various" } ] } }, { - "product_name": "2nd Gen AMD EPYC\u2122", + "product_name": " Athlon\u2122 Series ", "version": { "version_data": [ { - "version_affected": "<", - "version_value": "RomePI-SP3_1.0.0.C" - } - ] - } - }, - { - "product_name": "3rd Gen AMD EPYC\u2122", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "MilanPI-SP3_1.0.0.4" + "version_affected": "=", + "version_value": "various" } ] } @@ -58,7 +47,7 @@ "description_data": [ { "lang": "eng", - "value": "Insufficient validation of BIOS image length by PSP Firmware could lead to arbitrary code execution." + "value": "Insufficient validation of BIOS image length by ASP Firmware could lead to arbitrary code execution." } ] }, @@ -71,7 +60,7 @@ "description": [ { "lang": "eng", - "value": "CWE-20 Improper Input Validation" + "value": "tbd" } ] } @@ -81,13 +70,13 @@ "reference_data": [ { "refsource": "MISC", - "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021", - "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021" + "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ] }, "source": { - "advisory": "AMD-SB-1021", + "advisory": "AMD-SB-1027 ", "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3611.json b/2021/3xxx/CVE-2021-3611.json index 8b1c8dfb3d1..f5a4bc01bf6 100644 --- a/2021/3xxx/CVE-2021-3611.json +++ b/2021/3xxx/CVE-2021-3611.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3611", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "QEMU", + "version": { + "version_data": [ + { + "version_value": "QEMU versions prior to 7.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1973784", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1973784" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0." } ] } diff --git a/2022/22xxx/CVE-2022-22975.json b/2022/22xxx/CVE-2022-22975.json index 887115e0341..c84238b2b9b 100644 --- a/2022/22xxx/CVE-2022-22975.json +++ b/2022/22xxx/CVE-2022-22975.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22975", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Pinniped", + "version": { + "version_data": [ + { + "version_value": "Pinniped versions before v0.17.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "LDAP query injection in Pinniped Supervisor before v0.17.0 causes a malicious user to escalate privileges by changing Kubernetes group memberships when the attacker is also able to edit their own LDAP user entry" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/vmware-tanzu/pinniped/security/advisories/GHSA-hvrf-5hhv-4348", + "url": "https://github.com/vmware-tanzu/pinniped/security/advisories/GHSA-hvrf-5hhv-4348" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. An attack would involve the malicious user changing the common name (CN) of their user entry on the LDAP or AD server to include special characters, which could be used to perform LDAP query injection on the Supervisor's LDAP query which determines their Kubernetes group membership." } ] } diff --git a/2022/23xxx/CVE-2022-23137.json b/2022/23xxx/CVE-2022-23137.json index a0a72b80371..4122efe5d11 100644 --- a/2022/23xxx/CVE-2022-23137.json +++ b/2022/23xxx/CVE-2022-23137.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23137", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@zte.com.cn", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ZXCDN", + "version": { + "version_data": [ + { + "version_value": "All versions up to ZXCDN-IAMV8.01.01.02" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "reflective XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024404", + "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024404" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ZTE's ZXCDN product has a reflective XSS vulnerability. The attacker could modify the parameters in the content clearing request url, and when a user clicks the url, an XSS attack will be triggered." } ] } diff --git a/2022/23xxx/CVE-2022-23743.json b/2022/23xxx/CVE-2022-23743.json index 12e156cc727..43f2390ba85 100644 --- a/2022/23xxx/CVE-2022-23743.json +++ b/2022/23xxx/CVE-2022-23743.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23743", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@checkpoint.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ZoneAlarm", + "version": { + "version_data": [ + { + "version_value": "before 15.8.200.19118" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269: Improper Privilege Management" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.zonealarm.com/software/extreme-security/release-history", + "url": "https://www.zonealarm.com/software/extreme-security/release-history" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process." } ] } diff --git a/2022/29xxx/CVE-2022-29616.json b/2022/29xxx/CVE-2022-29616.json index 8ee15f7185c..1ec6f940d62 100644 --- a/2022/29xxx/CVE-2022-29616.json +++ b/2022/29xxx/CVE-2022-29616.json @@ -4,14 +4,150 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-29616", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP NetWeaver and ABAP Platform", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "KRNL64NUC 7.22" + }, + { + "version_affected": "=", + "version_value": "7.22EXT" + }, + { + "version_affected": "=", + "version_value": "7.49" + }, + { + "version_affected": "=", + "version_value": "KRNL64UC 8.04" + }, + { + "version_affected": "=", + "version_value": "7.22" + }, + { + "version_affected": "=", + "version_value": "7.22EXT" + }, + { + "version_affected": "=", + "version_value": "7.49" + }, + { + "version_affected": "=", + "version_value": "7.53" + }, + { + "version_affected": "=", + "version_value": "KERNEL 7.22" + }, + { + "version_affected": "=", + "version_value": "8.04" + }, + { + "version_affected": "=", + "version_value": "7.49" + }, + { + "version_affected": "=", + "version_value": "7.53" + }, + { + "version_affected": "=", + "version_value": "7.77" + }, + { + "version_affected": "=", + "version_value": "7.81" + }, + { + "version_affected": "=", + "version_value": "7.85" + }, + { + "version_affected": "=", + "version_value": "7.86" + }, + { + "version_affected": "=", + "version_value": "7.87" + }, + { + "version_affected": "=", + "version_value": "7.88" + } + ] + } + }, + { + "product_name": "SAP Host Agent", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7.22" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3145702", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3145702" } ] } diff --git a/2022/30xxx/CVE-2022-30550.json b/2022/30xxx/CVE-2022-30550.json new file mode 100644 index 00000000000..c03da5ae1c8 --- /dev/null +++ b/2022/30xxx/CVE-2022-30550.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-30550", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/30xxx/CVE-2022-30551.json b/2022/30xxx/CVE-2022-30551.json new file mode 100644 index 00000000000..d4a74ecd878 --- /dev/null +++ b/2022/30xxx/CVE-2022-30551.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-30551", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file