admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-08-05 17:00:53 +00:00
parent d83437c991
commit 844644a145
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
13 changed files with 617 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
2018/1xxx/CVE-2018-1076.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-1076",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-1076",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}

4
2019/10xxx/CVE-2019-10204.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2019-10204",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}

116
2021/28xxx/CVE-2021-28511.json
View File

@ -1,18 +1,120 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@arista.com",
"DATE_PUBLIC": "2022-07-19T21:15:00.000Z",
"ID": "CVE-2021-28511",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "This advisory documents the impact of an internally found vulnerability in Arista EOS for security ACL bypass. The impact of this vulnerability is that the security ACL drop rule might be bypassed if a NAT ACL rule filter with permit action matches the packet flow. This could allow a host with an IP address in a range that matches the range allowed by a NAT ACL and a range denied by a Security ACL to be forwarded incorrectly as it should have been denied by the Security ACL. This can enable an ACL bypass."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EOS",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "4.24.0",
"version_value": "4.24.9"
},
{
"version_affected": "<=",
"version_name": "4.25.0",
"version_value": "4.25.8"
},
{
"version_affected": "<=",
"version_name": "4.26.0",
"version_value": "4.26.5"
},
{
"version_affected": "<=",
"version_name": "4.27.0",
"version_value": "4.27.3"
}
]
}
}
]
},
"vendor_name": "Arista Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "This advisory documents the impact of an internally found vulnerability in Arista EOS for security ACL bypass. The impact of this vulnerability is that the security ACL drop rule might be bypassed if a NAT ACL rule filter with permit action matches the packet flow. This could allow a host with an IP address in a range that matches the range allowed by a NAT ACL and a range denied by a Security ACL to be forwarded incorrectly as it should have been denied by the Security ACL. This can enable an ACL bypass."
}
]
}
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/15862-security-advisory-0078",
"name": "https://www.arista.com/en/support/advisories-notices/security-advisory/15862-security-advisory-0078"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience.\n\nThe fixed versions for the currently supported release trains are as follows:\n\n4.24.10 and later releases in the 4.24.x train\n4.25.9 and later releases in the 4.25.x train\n4.26.6 and later releases in the 4.26.x train\n4.27.4 and later releases in the 4.27.x train\n4.28.0 and later releases in the 4.28.x train"
}
],
"source": {
"advisory": "78",
"defect": [
"BUG",
"641088"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Configure a NAT \u201cdrop\u201d ACL rule for each security ACL \u201cdrop\u201d rule that should be applied to the interface that has NAT configured. This will prevent the packets from being translated at the expense of maintaining the configuration in two places."
}
]
}

55
2022/1xxx/CVE-2022-1158.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1158",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "kernel 5.18"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2069793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069793"
},
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2022/04/08/4",
"url": "https://www.openwall.com/lists/oss-security/2022/04/08/4"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as the offset to get the page's pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and potentially corrupt the kernel, resulting in a denial of service condition."
}
]
}

9
2022/1xxx/CVE-2022-1852.json
View File

@ -15,11 +15,11 @@
"product": {
"product_data": [
{
"product_name": "Kernel",
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "Linuc Kernel version prior to 5.19 rc1"
"version_value": "kernel 5.19 rc1"
}
]
}
@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/fee060cd52d69c114b62d1a2948ea9648b5131f9",
"url": "https://github.com/torvalds/linux/commit/fee060cd52d69c114b62d1a2948ea9648b5131f9"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2089815",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089815"
}
]
},

50
2022/1xxx/CVE-2022-1973.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1973",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "kernel 5.19 rc1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-415"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2092542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092542"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal. This flaw allows a local attacker to crash the system and leads to a kernel information leak problem."
}
]
}

50
2022/27xxx/CVE-2022-27535.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-27535",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnerability@kaspersky.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Kaspersky VPN Secure Connection for Windows",
"version": {
"version_data": [
{
"version_value": "prior to 21.6"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local Privilege Escalation (LPE)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its 'Delete All Service Data And Reports' feature by the local authenticated attacker."
}
]
}

91
2022/28xxx/CVE-2022-28880.json
View File

@ -1,18 +1,97 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2022-28880",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Denial-of-Service (DoS) Vulnerability "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All F-Secure and WithSecure Endpoint Protection products for Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files it is possible that can crash the scanning engine. The exploit can be triggered remotely by an attacker."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-Service (DoS) Vulnerability "
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.withsecure.com/en/expertise/people",
"name": "https://www.withsecure.com/en/expertise/people"
},
{
"refsource": "MISC",
"url": "https://www.f-secure.com/en/home/support/vulnerability-reward-program/hall-of-fame",
"name": "https://www.f-secure.com/en/home/support/vulnerability-reward-program/hall-of-fame"
}
]
},
"solution": [
{
"lang": "eng",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-07-29_13"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

116
2022/29xxx/CVE-2022-29071.json
View File

@ -1,18 +1,120 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@arista.com",
"DATE_PUBLIC": "2022-07-26T21:01:00.000Z",
"ID": "CVE-2022-29071",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked in the Audit and System logs. The impact of this vulnerability is that the CVP user login passwords might be leaked to other authenticated users."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CloudVision Portal",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2020.2"
},
{
"version_affected": "=",
"version_value": "2020.3"
},
{
"version_affected": "=",
"version_value": "2021.1"
},
{
"version_affected": "=",
"version_value": "2021.2"
},
{
"version_affected": "=",
"version_value": "2021.3"
}
]
}
}
]
},
"vendor_name": "Arista Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked in the Audit and System logs. The impact of this vulnerability is that the CVP user login passwords might be leaked to other authenticated users."
}
]
}
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/15865-security-advisory-0079",
"name": "https://www.arista.com/en/support/advisories-notices/security-advisory/15865-security-advisory-0079"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience.\nCVP 2022.1.1\nCVP 2022.2.0 (pending release)"
}
],
"source": {
"advisory": "79",
"defect": [
"BUG",
"695468"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "It is recommended for users logging into CVP to change their password and ensure that it is the same as the enable password on the switch. As a security best practice, it is recommended to restrict access to the CVP application and host operating system to trusted users/user groups and periodically rotate user passwords."
}
]
}

11
2022/2xxx/CVE-2022-2078.json
View File

@ -15,11 +15,11 @@
"product": {
"product_data": [
{
"product_name": "Kernel",
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "Linux kernel version prior to 5.19 rc1"
"version_value": "kernel 5.19 rc1"
}
]
}
@ -36,7 +36,7 @@
"description": [
{
"lang": "eng",
"value": "CWE 121"
"value": "CWE-121"
}
]
}
@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/nf_tables_api.c?id=fecf31ee395b0295f2d7260aa29946b7605f7c85",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/nf_tables_api.c?id=fecf31ee395b0295f2d7260aa29946b7605f7c85"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2096178",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096178"
}
]
},

50
2022/2xxx/CVE-2022-2668.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2668",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "keycloak",
"version": {
"version_data": [
{
"version_value": "Keycloak 18"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Expected Behavior Violation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-2668",
"url": "https://access.redhat.com/security/cve/CVE-2022-2668"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled"
}
]
}

5
2022/30xxx/CVE-2022-30333.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/",
"url": "https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/167989/Zimbra-UnRAR-Path-Traversal.html",
"url": "http://packetstormsecurity.com/files/167989/Zimbra-UnRAR-Path-Traversal.html"
}
]
}

98
2022/37xxx/CVE-2022-37398.json
View File

@ -1,18 +1,104 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@asustor.com",
"DATE_PUBLIC": "2022-08-18T03:00:00.000Z",
"ID": "CVE-2022-37398",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "A stack-based buffer overflow vulnerability was found on ADM"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ADM",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "3.5",
"version_value": "3.5.9.RUE3"
},
{
"version_affected": "<=",
"version_name": "4.0",
"version_value": "4.0.5.RVI1"
},
{
"version_affected": "<=",
"version_name": "4.1",
"version_value": "4.1.0.RJD1"
}
]
}
}
]
},
"vendor_name": "ASUSTOR"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Nikita Abramov (Positive Technologies)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A stack-based buffer overflow vulnerability was found inside ADM when using WebDAV due to the lack of data size validation. An attacker can exploit this vulnerability to run arbitrary code. Affected ADM versions include: 3.5.9.RUE3 and below, 4.0.5.RVI1 and below as well as 4.1.0.RJD1 and below."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.asustor.com/security/security_advisory_detail?id=12",
"name": "https://www.asustor.com/security/security_advisory_detail?id=12"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}