From 7cf47a07fba26aa48dc5c5d24786143e2d7f1660 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 10 Mar 2022 17:38:17 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/43xxx/CVE-2021-43976.json | 15 ++++++ 2022/0xxx/CVE-2022-0890.json | 83 ++++++++++++++++++++++++++++--- 2022/0xxx/CVE-2022-0891.json | 89 ++++++++++++++++++++++++++++++++-- 2022/24xxx/CVE-2022-24448.json | 15 ++++++ 2022/24xxx/CVE-2022-24959.json | 10 ++++ 2022/25xxx/CVE-2022-25258.json | 15 ++++++ 2022/25xxx/CVE-2022-25375.json | 15 ++++++ 2022/26xxx/CVE-2022-26652.json | 66 ++++++++++++++++++++++--- 8 files changed, 292 insertions(+), 16 deletions(-) diff --git a/2021/43xxx/CVE-2021-43976.json b/2021/43xxx/CVE-2021-43976.json index d849366481a..6ae88386ae6 100644 --- a/2021/43xxx/CVE-2021-43976.json +++ b/2021/43xxx/CVE-2021-43976.json @@ -76,6 +76,21 @@ "refsource": "DEBIAN", "name": "DSA-5092", "url": "https://www.debian.org/security/2022/dsa-5092" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5096", + "url": "https://www.debian.org/security/2022/dsa-5096" } ] } diff --git a/2022/0xxx/CVE-2022-0890.json b/2022/0xxx/CVE-2022-0890.json index 1dba0b28e9d..55d0a8e27cf 100644 --- a/2022/0xxx/CVE-2022-0890.json +++ b/2022/0xxx/CVE-2022-0890.json @@ -1,18 +1,89 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-0890", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "NULL Pointer Dereference in mruby/mruby" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "mruby/mruby", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "3.2" + } + ] + } + } + ] + }, + "vendor_name": "mruby" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NULL Pointer Dereference in GitHub repository mruby/mruby prior to 3.2." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476 NULL Pointer Dereference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/68e09ec1-6cc7-48b8-981d-30f478c70276", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/68e09ec1-6cc7-48b8-981d-30f478c70276" + }, + { + "name": "https://github.com/mruby/mruby/commit/da48e7dbb20024c198493b8724adae1b842083aa", + "refsource": "MISC", + "url": "https://github.com/mruby/mruby/commit/da48e7dbb20024c198493b8724adae1b842083aa" + } + ] + }, + "source": { + "advisory": "68e09ec1-6cc7-48b8-981d-30f478c70276", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0891.json b/2022/0xxx/CVE-2022-0891.json index 2061329aa79..215050b1859 100644 --- a/2022/0xxx/CVE-2022-0891.json +++ b/2022/0xxx/CVE-2022-0891.json @@ -4,15 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-0891", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "libtiff", + "product": { + "product_data": [ + { + "product_name": "libtiff", + "version": { + "version_data": [ + { + "version_value": ">=3.9.0, <=4.3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in libtiff" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/libtiff/libtiff/-/issues/380", + "url": "https://gitlab.com/libtiff/libtiff/-/issues/380", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/libtiff/libtiff/-/issues/382", + "url": "https://gitlab.com/libtiff/libtiff/-/issues/382", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c", + "url": "https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0891.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0891.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact" } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "shahchintanh@gmail.com" + } + ] } \ No newline at end of file diff --git a/2022/24xxx/CVE-2022-24448.json b/2022/24xxx/CVE-2022-24448.json index bf8abd380c3..c757e8d9774 100644 --- a/2022/24xxx/CVE-2022-24448.json +++ b/2022/24xxx/CVE-2022-24448.json @@ -76,6 +76,21 @@ "refsource": "DEBIAN", "name": "DSA-5092", "url": "https://www.debian.org/security/2022/dsa-5092" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5096", + "url": "https://www.debian.org/security/2022/dsa-5096" } ] } diff --git a/2022/24xxx/CVE-2022-24959.json b/2022/24xxx/CVE-2022-24959.json index f8430cbe684..1bb8557e33e 100644 --- a/2022/24xxx/CVE-2022-24959.json +++ b/2022/24xxx/CVE-2022-24959.json @@ -66,6 +66,16 @@ "refsource": "DEBIAN", "name": "DSA-5092", "url": "https://www.debian.org/security/2022/dsa-5092" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5096", + "url": "https://www.debian.org/security/2022/dsa-5096" } ] } diff --git a/2022/25xxx/CVE-2022-25258.json b/2022/25xxx/CVE-2022-25258.json index 6454b5b8224..53ef538aaba 100644 --- a/2022/25xxx/CVE-2022-25258.json +++ b/2022/25xxx/CVE-2022-25258.json @@ -76,6 +76,21 @@ "refsource": "DEBIAN", "name": "DSA-5092", "url": "https://www.debian.org/security/2022/dsa-5092" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5096", + "url": "https://www.debian.org/security/2022/dsa-5096" } ] } diff --git a/2022/25xxx/CVE-2022-25375.json b/2022/25xxx/CVE-2022-25375.json index 1d90f65e9c9..94edf5db146 100644 --- a/2022/25xxx/CVE-2022-25375.json +++ b/2022/25xxx/CVE-2022-25375.json @@ -76,6 +76,21 @@ "refsource": "DEBIAN", "name": "DSA-5092", "url": "https://www.debian.org/security/2022/dsa-5092" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5096", + "url": "https://www.debian.org/security/2022/dsa-5096" } ] } diff --git a/2022/26xxx/CVE-2022-26652.json b/2022/26xxx/CVE-2022-26652.json index c6b60cfba3e..aa8e98bf298 100644 --- a/2022/26xxx/CVE-2022-26652.json +++ b/2022/26xxx/CVE-2022-26652.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-26652", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-26652", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/nats-io/nats-server/releases", + "refsource": "MISC", + "name": "https://github.com/nats-io/nats-server/releases" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/nats-io/nats-server/security/advisories/GHSA-6h3m-36w8-hv68", + "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-6h3m-36w8-hv68" + }, + { + "refsource": "CONFIRM", + "name": "https://advisories.nats.io/CVE/CVE-2022-26652.txt", + "url": "https://advisories.nats.io/CVE/CVE-2022-26652.txt" } ] }