From 85fac1816d1614fa24af6a9dee988a31ead6fbfd Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 8 Dec 2022 20:00:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/41xxx/CVE-2022-41622.json | 2 +- 2022/41xxx/CVE-2022-41717.json | 103 +++++++++++++++++++++++++++++++-- 2022/41xxx/CVE-2022-41800.json | 2 +- 2022/44xxx/CVE-2022-44938.json | 56 ++++++++++++++++-- 2022/46xxx/CVE-2022-46832.json | 18 ++++++ 2022/46xxx/CVE-2022-46833.json | 18 ++++++ 2022/46xxx/CVE-2022-46834.json | 18 ++++++ 2022/46xxx/CVE-2022-46835.json | 18 ++++++ 2022/4xxx/CVE-2022-4367.json | 18 ++++++ 9 files changed, 240 insertions(+), 13 deletions(-) create mode 100644 2022/46xxx/CVE-2022-46832.json create mode 100644 2022/46xxx/CVE-2022-46833.json create mode 100644 2022/46xxx/CVE-2022-46834.json create mode 100644 2022/46xxx/CVE-2022-46835.json create mode 100644 2022/4xxx/CVE-2022-4367.json diff --git a/2022/41xxx/CVE-2022-41622.json b/2022/41xxx/CVE-2022-41622.json index 1ce7448e137..87975948cc2 100644 --- a/2022/41xxx/CVE-2022-41622.json +++ b/2022/41xxx/CVE-2022-41622.json @@ -96,7 +96,7 @@ "engine": "Vulnogram 0.1.0-dev" }, "source": { - "discovery": "UNKNOWN" + "discovery": "EXTERNAL" }, "credits": [ { diff --git a/2022/41xxx/CVE-2022-41717.json b/2022/41xxx/CVE-2022-41717.json index ad922ce5222..d1357fb15da 100644 --- a/2022/41xxx/CVE-2022-41717.json +++ b/2022/41xxx/CVE-2022-41717.json @@ -1,18 +1,111 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41717", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@golang.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE 400: Uncontrolled Resource Consumption" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Go standard library", + "product": { + "product_data": [ + { + "product_name": "net/http", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + }, + { + "version_value": "1.19.0", + "version_affected": "=" + } + ] + } + } + ] + } + }, + { + "vendor_name": "golang.org/x/net", + "product": { + "product_data": [ + { + "product_name": "golang.org/x/net/http2", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ", + "refsource": "MISC", + "name": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ" + }, + { + "url": "https://go.dev/issue/56350", + "refsource": "MISC", + "name": "https://go.dev/issue/56350" + }, + { + "url": "https://go.dev/cl/455717", + "refsource": "MISC", + "name": "https://go.dev/cl/455717" + }, + { + "url": "https://go.dev/cl/455635", + "refsource": "MISC", + "name": "https://go.dev/cl/455635" + }, + { + "url": "https://pkg.go.dev/vuln/GO-2022-1144", + "refsource": "MISC", + "name": "https://pkg.go.dev/vuln/GO-2022-1144" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Josselin Costanzi" + } + ] } \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41800.json b/2022/41xxx/CVE-2022-41800.json index fed04b15ded..3417a896465 100644 --- a/2022/41xxx/CVE-2022-41800.json +++ b/2022/41xxx/CVE-2022-41800.json @@ -81,7 +81,7 @@ "engine": "Vulnogram 0.1.0-dev" }, "source": { - "discovery": "UNKNOWN" + "discovery": "EXTERNAL" }, "credits": [ { diff --git a/2022/44xxx/CVE-2022-44938.json b/2022/44xxx/CVE-2022-44938.json index b7ce12cb4c5..7dfcc3af135 100644 --- a/2022/44xxx/CVE-2022-44938.json +++ b/2022/44xxx/CVE-2022-44938.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-44938", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-44938", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Weak reset token generation in SeedDMS v6.0.20 and v5.1.7 allows attackers to execute a full account takeover via a brute force attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://pwnit.io/2022/11/23/weak-password-reset-token-leads-to-account-takeover-in-seeddms/", + "url": "https://pwnit.io/2022/11/23/weak-password-reset-token-leads-to-account-takeover-in-seeddms/" } ] } diff --git a/2022/46xxx/CVE-2022-46832.json b/2022/46xxx/CVE-2022-46832.json new file mode 100644 index 00000000000..f3cf7e1dd5d --- /dev/null +++ b/2022/46xxx/CVE-2022-46832.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-46832", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/46xxx/CVE-2022-46833.json b/2022/46xxx/CVE-2022-46833.json new file mode 100644 index 00000000000..d0e8d341a82 --- /dev/null +++ b/2022/46xxx/CVE-2022-46833.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-46833", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/46xxx/CVE-2022-46834.json b/2022/46xxx/CVE-2022-46834.json new file mode 100644 index 00000000000..79af8268009 --- /dev/null +++ b/2022/46xxx/CVE-2022-46834.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-46834", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/46xxx/CVE-2022-46835.json b/2022/46xxx/CVE-2022-46835.json new file mode 100644 index 00000000000..ff263b427ae --- /dev/null +++ b/2022/46xxx/CVE-2022-46835.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-46835", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4367.json b/2022/4xxx/CVE-2022-4367.json new file mode 100644 index 00000000000..7a257e7e851 --- /dev/null +++ b/2022/4xxx/CVE-2022-4367.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4367", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file