admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-10-14 15:00:49 +00:00
parent 9703a00c4d
commit 87d830c739
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
33 changed files with 451 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2022/41xxx/CVE-2022-41180.json
View File

@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_name": "<",
"version_affected": "=",
"version_value": "9"
}
]

2
2022/41xxx/CVE-2022-41181.json
View File

@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_name": "<",
"version_affected": "=",
"version_value": "9"
}
]

2
2022/41xxx/CVE-2022-41182.json
View File

@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_name": "<",
"version_affected": "=",
"version_value": "9"
}
]

2
2022/41xxx/CVE-2022-41183.json
View File

@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_name": "<",
"version_affected": "=",
"version_value": "9"
}
]

2
2022/41xxx/CVE-2022-41184.json
View File

@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_name": "<",
"version_affected": "=",
"version_value": "9"
}
]

2
2022/41xxx/CVE-2022-41185.json
View File

@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_name": "<",
"version_affected": "=",
"version_value": "9"
}
]

2
2022/41xxx/CVE-2022-41186.json
View File

@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_name": "<",
"version_affected": "=",
"version_value": "9"
}
]

2
2022/41xxx/CVE-2022-41187.json
View File

@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_name": "<",
"version_affected": "=",
"version_value": "9"
}
]

2
2022/41xxx/CVE-2022-41188.json
View File

@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_name": "<",
"version_affected": "=",
"version_value": "9"
}
]

2
2022/41xxx/CVE-2022-41189.json
View File

@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_name": "<",
"version_affected": "=",
"version_value": "9"
}
]

2
2022/41xxx/CVE-2022-41190.json
View File

@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_name": "<",
"version_affected": "=",
"version_value": "9"
}
]

2
2022/41xxx/CVE-2022-41191.json
View File

@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_name": "<",
"version_affected": "=",
"version_value": "9"
}
]

2
2022/41xxx/CVE-2022-41192.json
View File

@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_name": "<",
"version_affected": "=",
"version_value": "9"
}
]

2
2022/41xxx/CVE-2022-41193.json
View File

@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_name": "<",
"version_affected": "=",
"version_value": "9"
}
]

2
2022/41xxx/CVE-2022-41194.json
View File

@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_name": "<",
"version_affected": "=",
"version_value": "9"
}
]

2
2022/41xxx/CVE-2022-41195.json
View File

@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_name": "<",
"version_affected": "=",
"version_value": "9"
}
]

2
2022/41xxx/CVE-2022-41196.json
View File

@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_name": "<",
"version_affected": "=",
"version_value": "9"
}
]

2
2022/41xxx/CVE-2022-41197.json
View File

@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_name": "<",
"version_affected": "=",
"version_value": "9"
}
]

2
2022/41xxx/CVE-2022-41198.json
View File

@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_name": "<",
"version_affected": "=",
"version_value": "9"
}
]

2
2022/41xxx/CVE-2022-41199.json
View File

@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_name": "<",
"version_affected": "=",
"version_value": "9"
}
]

2
2022/41xxx/CVE-2022-41200.json
View File

@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_name": "<",
"version_affected": "=",
"version_value": "9"
}
]

2
2022/41xxx/CVE-2022-41201.json
View File

@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_name": "<",
"version_affected": "=",
"version_value": "9"
}
]

2
2022/41xxx/CVE-2022-41202.json
View File

@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_name": "<",
"version_affected": "=",
"version_value": "9"
}
]

10
2022/41xxx/CVE-2022-41204.json
View File

@ -19,23 +19,23 @@
"version": {
"version_data": [
{
"version_name": "<",
"version_affected": "=",
"version_value": "1905"
},
{
"version_name": "<",
"version_affected": "=",
"version_value": "2005"
},
{
"version_name": "<",
"version_affected": "=",
"version_value": "2105"
},
{
"version_name": "<",
"version_affected": "=",
"version_value": "2011"
},
{
"version_name": "<",
"version_affected": "=",
"version_value": "2205"
}
]

4
2022/41xxx/CVE-2022-41206.json
View File

@ -19,11 +19,11 @@
"version": {
"version_data": [
{
"version_name": "<",
"version_affected": "=",
"version_value": "420"
},
{
"version_name": "<",
"version_affected": "=",
"version_value": "430"
}
]

2
2022/41xxx/CVE-2022-41209.json
View File

@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_name": "<",
"version_affected": "=",
"version_value": "7.4"
}
]

2
2022/41xxx/CVE-2022-41210.json
View File

@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_name": "<",
"version_affected": "=",
"version_value": "7.4"
}
]

87
2022/41xxx/CVE-2022-41686.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "scy@openharmony.io",
"DATE_PUBLIC": "2022-10-11T00:00:00.000Z",
"ID": "CVE-2022-41686",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Out-of-bound memory read and write in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound memory leading sensitive to information disclosure. The processes with system user UID run on the device would be able to write out-of-bound memory which could lead to unspecified memory corruption."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenHarmony",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "OpenHarmony-v3.1.x-Release",
"version_value": "3.1.2"
},
{
"version_affected": "<=",
"version_name": "OpenHarmony-v3.0.x-LTS",
"version_value": "3.0.6"
}
]
}
}
]
},
"vendor_name": "OpenHarmony"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound memory leading sensitive to information disclosure. The processes with system user UID run on the device would be able to write out-of-bound memory which could lead to unspecified memory corruption."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-10.md",
"name": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-10.md"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

56
2022/42xxx/CVE-2022-42064.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42064",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-42064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Online Diagnostic Lab Management System version 1.0 remote exploit that bypasses login with SQL injection and then uploads a shell."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://packetstormsecurity.com/files/168498/Online-Diagnostic-Lab-Management-System-1.0-SQL-Injection-Shell-Upload.html",
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/168498/Online-Diagnostic-Lab-Management-System-1.0-SQL-Injection-Shell-Upload.html"
}
]
}

61
2022/42xxx/CVE-2022-42069.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42069",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-42069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Online Birth Certificate Management System version 1.0 suffers from a persistent Cross Site Scripting (XSS) vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.sourcecodester.com/php/15683/online-birth-certificate-management-system-php-free-download.html",
"refsource": "MISC",
"name": "https://www.sourcecodester.com/php/15683/online-birth-certificate-management-system-php-free-download.html"
},
{
"url": "https://packetstormsecurity.com/files/168529/Online-Birth-Certificate-Management-System-1.0-Cross-Site-Scripting.html",
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/168529/Online-Birth-Certificate-Management-System-1.0-Cross-Site-Scripting.html"
}
]
}

82
2022/42xxx/CVE-2022-42463.json
View File

@ -1,18 +1,88 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "scy@openharmony.io",
"DATE_PUBLIC": "2022-10-11T00:00:00.000Z",
"ID": "CVE-2022-42463",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Softbus_server in communication subsystem has a authenication bypass vulnerability in a callback handler function. Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary commands."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenHarmony",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "OpenHarmony-v3.1.x-Release",
"version_value": "3.1.2"
}
]
}
}
]
},
"vendor_name": "OpenHarmony"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OpenHarmony-v3.1.2 and prior versions have an authenication bypass vulnerability in a callback handler function of Softbus_server in communication subsystem. Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary commands."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-10.md",
"name": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-10.md"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

87
2022/42xxx/CVE-2022-42464.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "scy@openharmony.io",
"DATE_PUBLIC": "2022-10-11T00:00:00.000Z",
"ID": "CVE-2022-42464",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Kernel memory pool override in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could disclose sensitive information including kernel pointer, which could be used in further attacks. The processes with system user UID run on the device would be able to mmap memory pools used by kernel and override them which could be used to gain kernel code execution on the device, gain root privileges, or cause device reboot."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenHarmony",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "OpenHarmony-v3.1.x-Release",
"version_value": "3.1.2"
},
{
"version_affected": "<=",
"version_name": "OpenHarmony-v3.0.x-LTS",
"version_value": "3.0.6"
}
]
}
}
]
},
"vendor_name": "OpenHarmony"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have a Kernel memory pool override vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could disclose sensitive information including kernel pointer, which could be used in further attacks. The processes with system user UID run on the device would be able to mmap memory pools used by kernel and override them which could be used to gain kernel code execution on the device, gain root privileges, or cause device reboot."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276 Incorrect Default Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-10.md",
"name": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-10.md"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

82
2022/42xxx/CVE-2022-42488.json
View File

@ -1,18 +1,88 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "scy@openharmony.io",
"DATE_PUBLIC": "2022-10-11T00:00:00.000Z",
"ID": "CVE-2022-42488",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Startup subsystem missed permission validation in param service. An malicious application installed on the device could elevate its privileges to the root user, disable security features, or cause DoS by disabling particular services."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenHarmony",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "OpenHarmony-v3.1.x-Release",
"version_value": "3.1.2"
}
]
}
}
]
},
"vendor_name": "OpenHarmony"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OpenHarmony-v3.1.2 and prior versions have a Missing permission validation vulnerability in param service of startup subsystem. An malicious application installed on the device could elevate its privileges to the root user, disable security features, or cause DoS by disabling particular services."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-10.md",
"name": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-10.md"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}