admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-09-09 18:00:35 +00:00
parent a06deed894
commit 93b652889a
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
22 changed files with 217 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2018/1xxx/CVE-2018-1285.json
View File

@ -123,6 +123,11 @@
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220909-0001/",
"url": "https://security.netapp.com/advisory/ntap-20220909-0001/"
}
]
},

5
2019/17xxx/CVE-2019-17498.json
View File

@ -96,6 +96,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20211217 [SECURITY] [DLA 2848-1] libssh2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220909-0004/",
"url": "https://security.netapp.com/advisory/ntap-20220909-0004/"
}
]
}

66
2021/40xxx/CVE-2021-40647.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-40647",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-40647",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In man2html 1.6g, a specific string being read in from a file will overwrite the size parameter in the top chunk of the heap. This at least causes the program to segmentation abort if the heap size parameter isn't aligned correctly. In version before GLIBC version 2.29 and aligned correctly, it allows arbitrary write anywhere in the programs memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://man2html.com",
"refsource": "MISC",
"name": "http://man2html.com"
},
{
"url": "http://na.com",
"refsource": "MISC",
"name": "http://na.com"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/untaman/cb58123fe89fc65e3984165db5d40933",
"url": "https://gist.github.com/untaman/cb58123fe89fc65e3984165db5d40933"
}
]
}

66
2021/40xxx/CVE-2021-40648.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-40648",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-40648",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In man2html 1.6g, a filename can be created to overwrite the previous size parameter of the next chunk and the fd, bk, fd_nextsize, bk_nextsize of the current chunk. The next chunk is then freed later on, causing a freeing of an arbitrary amount of memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://man2html.com",
"refsource": "MISC",
"name": "http://man2html.com"
},
{
"url": "http://na.com",
"refsource": "MISC",
"name": "http://na.com"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/untaman/cb58123fe89fc65e3984165db5d40933",
"url": "https://gist.github.com/untaman/cb58123fe89fc65e3984165db5d40933"
}
]
}

7
2022/2xxx/CVE-2022-2191.json
View File

@ -83,7 +83,12 @@
"name": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-8mpp-f3f7-xc28",
"refsource": "CONFIRM",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-8mpp-f3f7-xc28"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220909-0003/",
"url": "https://security.netapp.com/advisory/ntap-20220909-0003/"
}
]
}
}
}

5
2022/31xxx/CVE-2022-31144.json
View File

@ -78,6 +78,11 @@
"name": "https://github.com/redis/redis/releases/tag/7.0.4",
"refsource": "MISC",
"url": "https://github.com/redis/redis/releases/tag/7.0.4"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220909-0002/",
"url": "https://security.netapp.com/advisory/ntap-20220909-0002/"
}
]
},

5
2022/31xxx/CVE-2022-31151.json
View File

@ -83,6 +83,11 @@
"name": "https://hackerone.com/reports/1635514",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1635514"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220909-0006/",
"url": "https://security.netapp.com/advisory/ntap-20220909-0006/"
}
]
},

5
2022/31xxx/CVE-2022-31160.json
View File

@ -88,6 +88,11 @@
"refsource": "MISC",
"name": "https://www.drupal.org/sa-contrib-2022-052",
"url": "https://www.drupal.org/sa-contrib-2022-052"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220909-0007/",
"url": "https://security.netapp.com/advisory/ntap-20220909-0007/"
}
]
},

5
2022/34xxx/CVE-2022-34704.json
View File

@ -233,6 +233,11 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34704",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34704"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/168329/Windows-Credential-Guard-Non-Constant-Time-Comparison-Information-Disclosure.html",
"url": "http://packetstormsecurity.com/files/168329/Windows-Credential-Guard-Non-Constant-Time-Comparison-Information-Disclosure.html"
}
]
},

5
2022/34xxx/CVE-2022-34705.json
View File

@ -215,6 +215,11 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34705",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34705"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/168315/Windows-Credential-Guard-BCrypt-Context-Use-After-Free-Privilege-Escalation.html",
"url": "http://packetstormsecurity.com/files/168315/Windows-Credential-Guard-BCrypt-Context-Use-After-Free-Privilege-Escalation.html"
}
]
},

5
2022/34xxx/CVE-2022-34707.json
View File

@ -278,6 +278,11 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34707",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34707"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/168311/Windows-Kernel-Refcount-Overflow-Use-After-Free.html",
"url": "http://packetstormsecurity.com/files/168311/Windows-Kernel-Refcount-Overflow-Use-After-Free.html"
}
]
},

5
2022/34xxx/CVE-2022-34708.json
View File

@ -278,6 +278,11 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34708",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34708"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/168312/Windows-Kernel-Unchecked-Blink-Cell-Index-Invalid-Read-Write.html",
"url": "http://packetstormsecurity.com/files/168312/Windows-Kernel-Unchecked-Blink-Cell-Index-Invalid-Read-Write.html"
}
]
},

5
2022/34xxx/CVE-2022-34709.json
View File

@ -233,6 +233,11 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34709",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34709"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/168314/Windows-Credential-Guard-ASN1-Decoder-Type-Confusion-Privilege-Escalation.html",
"url": "http://packetstormsecurity.com/files/168314/Windows-Credential-Guard-ASN1-Decoder-Type-Confusion-Privilege-Escalation.html"
}
]
},

5
2022/34xxx/CVE-2022-34710.json
View File

@ -233,6 +233,11 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34710",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34710"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/168318/Windows-Credential-Guard-Insufficient-Checks-On-Kerberos-Encryption-Type-Use.html",
"url": "http://packetstormsecurity.com/files/168318/Windows-Credential-Guard-Insufficient-Checks-On-Kerberos-Encryption-Type-Use.html"
}
]
},

5
2022/34xxx/CVE-2022-34711.json
View File

@ -247,6 +247,11 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34711",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34711"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/168325/Windows-Credential-Guard-KerbIumCreateApReqAuthenticator-Key-Information-Disclosure.html",
"url": "http://packetstormsecurity.com/files/168325/Windows-Credential-Guard-KerbIumCreateApReqAuthenticator-Key-Information-Disclosure.html"
}
]
},

5
2022/34xxx/CVE-2022-34712.json
View File

@ -186,6 +186,11 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34712",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34712"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/168326/Windows-Credential-Guard-KerbIumGetNtlmSupplementalCredential-Information-Disclosure.html",
"url": "http://packetstormsecurity.com/files/168326/Windows-Credential-Guard-KerbIumGetNtlmSupplementalCredential-Information-Disclosure.html"
}
]
},

5
2022/34xxx/CVE-2022-34716.json
View File

@ -66,6 +66,11 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34716",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34716"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/168332/.NET-XML-Signature-Verification-External-Entity-Injection.html",
"url": "http://packetstormsecurity.com/files/168332/.NET-XML-Signature-Verification-External-Entity-Injection.html"
}
]
},

5
2022/35xxx/CVE-2022-35768.json
View File

@ -278,6 +278,11 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35768",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35768"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/168313/Windows-Kernel-Registry-Hive-Memory-Problems.html",
"url": "http://packetstormsecurity.com/files/168313/Windows-Kernel-Registry-Hive-Memory-Problems.html"
}
]
},

5
2022/35xxx/CVE-2022-35771.json
View File

@ -233,6 +233,11 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35771",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35771"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/168319/Windows-Credential-Guard-Kerberos-Change-Password-Privilege-Escalation.html",
"url": "http://packetstormsecurity.com/files/168319/Windows-Credential-Guard-Kerberos-Change-Password-Privilege-Escalation.html"
}
]
},

5
2022/35xxx/CVE-2022-35822.json
View File

@ -247,6 +247,11 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35822",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35822"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/168331/Windows-Credential-Guard-TGT-Renewal-Information-Disclosure.html",
"url": "http://packetstormsecurity.com/files/168331/Windows-Credential-Guard-TGT-Renewal-Information-Disclosure.html"
}
]
},

2
2022/36xxx/CVE-2022-36109.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. This bug is fixed in Moby (Docker Engine) 20.10.18. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade, this problem can be worked around by not using the `\"USER $USERNAME\"` Dockerfile instruction. Instead by calling `ENTRYPOINT [\"su\", \"-\", \"user\"]` the supplementary groups will be set up properly."
"value": "Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. This bug is fixed in Moby (Docker Engine) 20.10.18. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade, this problem can be worked around by not using the `\"USER $USERNAME\"` Dockerfile instruction. Instead by calling `ENTRYPOINT [\"su\", \"-\", \"user\"]` the supplementary groups will be set up properly."
}
]
},

5
2022/36xxx/CVE-2022-36313.json
View File

@ -66,6 +66,11 @@
"refsource": "CONFIRM",
"name": "https://github.com/sindresorhus/file-type/releases/tag/v16.5.4",
"url": "https://github.com/sindresorhus/file-type/releases/tag/v16.5.4"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220909-0005/",
"url": "https://security.netapp.com/advisory/ntap-20220909-0005/"
}
]
}