admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-03-03 16:00:40 +00:00
parent 3120c55e22
commit 8a08ceafc4
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
8 changed files with 334 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
2022/2xxx/CVE-2022-2835.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2835",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "coreDNS",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-923"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2118542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118542"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in coreDNS. This flaw allows a malicious user to reroute internal calls to some internal services that were accessed by the FQDN in a format of <service>.<namespace>.svc."
}
]
}

50
2022/2xxx/CVE-2022-2837.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2837",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "coreDNS",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-923"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2118543",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118543"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains (TLD) to a pod they control by creating projects and namespaces that match the TLD."
}
]
}

55
2022/41xxx/CVE-2022-41862.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-41862",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "postgresql",
"version": {
"version_data": [
{
"version_value": "postgresql 5.2, postgresql 14.7, postgresql 13.10, postgresql 12.14, postgresql 11.19"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.postgresql.org/support/security/CVE-2022-41862/",
"url": "https://www.postgresql.org/support/security/CVE-2022-41862/"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2165722",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165722"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes."
}
]
}

15
2022/46xxx/CVE-2022-46285.json
View File

@ -48,6 +48,21 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2160092",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160092"
},
{
"refsource": "MISC",
"name": "https://gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/9",
"url": "https://gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/9"
},
{
"refsource": "MISC",
"name": "https://lists.x.org/archives/xorg-announce/2023-January/003312.html",
"url": "https://lists.x.org/archives/xorg-announce/2023-January/003312.html"
},
{
"refsource": "MISC",
"name": "https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/a3a7c6dcc3b629d7650148",
"url": "https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/a3a7c6dcc3b629d7650148"
}
]
},

84
2022/4xxx/CVE-2022-4645.json
View File

@ -4,15 +4,91 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4645",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "libtiff",
"product": {
"product_data": [
{
"product_name": "libtiff",
"version": {
"version_data": [
{
"version_value": "<=4.4.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds read in libtiff"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/libtiff/libtiff/-/issues/277",
"url": "https://gitlab.com/libtiff/libtiff/-/issues/277",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246",
"url": "https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4645.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4645.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
}
},
"credit": [
{
"lang": "eng",
"value": "wangdw.augustus@gmail.com"
}
]
}

15
2022/4xxx/CVE-2022-4883.json
View File

@ -48,6 +48,21 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2160213",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160213"
},
{
"refsource": "MISC",
"name": "https://gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/9",
"url": "https://gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/9"
},
{
"refsource": "MISC",
"name": "https://lists.x.org/archives/xorg-announce/2023-January/003312.html",
"url": "https://lists.x.org/archives/xorg-announce/2023-January/003312.html"
},
{
"refsource": "MISC",
"name": "https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/515294bb8023a45ff91669",
"url": "https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/515294bb8023a45ff91669"
}
]
},

18
2023/1xxx/CVE-2023-1167.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-1167",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

66
2023/26xxx/CVE-2023-26604.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-26604",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-26604",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the \"systemctl status\" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://medium.com/@zenmoviefornotification/saidov-maxim-cve-2023-26604-c1232a526ba7",
"url": "https://medium.com/@zenmoviefornotification/saidov-maxim-cve-2023-26604-c1232a526ba7"
},
{
"refsource": "MISC",
"name": "https://github.com/systemd/systemd/blob/main/NEWS#L4335-L4340",
"url": "https://github.com/systemd/systemd/blob/main/NEWS#L4335-L4340"
},
{
"refsource": "MISC",
"name": "https://blog.compass-security.com/2012/10/dangerous-sudoers-entries-part-2-insecure-functionality/",
"url": "https://blog.compass-security.com/2012/10/dangerous-sudoers-entries-part-2-insecure-functionality/"
}
]
}