diff --git a/2020/0xxx/CVE-2020-0427.json b/2020/0xxx/CVE-2020-0427.json index 22a96fc2bee..cb5c055104c 100644 --- a/2020/0xxx/CVE-2020-0427.json +++ b/2020/0xxx/CVE-2020-0427.json @@ -68,6 +68,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html", "url": "http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html" + }, + { + "refsource": "MISC", + "name": "https://www.starwindsoftware.com/security/sw-20210325-0005/", + "url": "https://www.starwindsoftware.com/security/sw-20210325-0005/" } ] }, diff --git a/2020/36xxx/CVE-2020-36322.json b/2020/36xxx/CVE-2020-36322.json index 6836ae39738..d87c7aec9bc 100644 --- a/2020/36xxx/CVE-2020-36322.json +++ b/2020/36xxx/CVE-2020-36322.json @@ -76,6 +76,11 @@ "refsource": "DEBIAN", "name": "DSA-5096", "url": "https://www.debian.org/security/2022/dsa-5096" + }, + { + "refsource": "MISC", + "name": "https://www.starwindsoftware.com/security/sw-20220816-0001/", + "url": "https://www.starwindsoftware.com/security/sw-20220816-0001/" } ] } diff --git a/2021/20xxx/CVE-2021-20271.json b/2021/20xxx/CVE-2021-20271.json index 5ddae1d092b..cec5a9c549e 100644 --- a/2021/20xxx/CVE-2021-20271.json +++ b/2021/20xxx/CVE-2021-20271.json @@ -73,6 +73,11 @@ "refsource": "GENTOO", "name": "GLSA-202107-43", "url": "https://security.gentoo.org/glsa/202107-43" + }, + { + "refsource": "MISC", + "name": "https://www.starwindsoftware.com/security/sw-20220805-0002/", + "url": "https://www.starwindsoftware.com/security/sw-20220805-0002/" } ] }, diff --git a/2021/41xxx/CVE-2021-41617.json b/2021/41xxx/CVE-2021-41617.json index f68eee168d7..db5a171d7c5 100644 --- a/2021/41xxx/CVE-2021-41617.json +++ b/2021/41xxx/CVE-2021-41617.json @@ -101,6 +101,11 @@ "url": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujul2022.html" + }, + { + "refsource": "MISC", + "name": "https://www.starwindsoftware.com/security/sw-20220805-0001/", + "url": "https://www.starwindsoftware.com/security/sw-20220805-0001/" } ] } diff --git a/2021/42xxx/CVE-2021-42574.json b/2021/42xxx/CVE-2021-42574.json index 346777159b9..05f27ffeeef 100644 --- a/2021/42xxx/CVE-2021-42574.json +++ b/2021/42xxx/CVE-2021-42574.json @@ -131,6 +131,11 @@ "refsource": "MISC", "name": "https://www.unicode.org/reports/tr9/tr9-44.html#HL4", "url": "https://www.unicode.org/reports/tr9/tr9-44.html#HL4" + }, + { + "refsource": "MISC", + "name": "https://www.starwindsoftware.com/security/sw-20220804-0002/", + "url": "https://www.starwindsoftware.com/security/sw-20220804-0002/" } ] } diff --git a/2021/42xxx/CVE-2021-42739.json b/2021/42xxx/CVE-2021-42739.json index ba8ccbca9c5..b140710b062 100644 --- a/2021/42xxx/CVE-2021-42739.json +++ b/2021/42xxx/CVE-2021-42739.json @@ -58,6 +58,11 @@ "url": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujul2022.html" + }, + { + "refsource": "MISC", + "name": "https://www.starwindsoftware.com/security/sw-20220804-0001/", + "url": "https://www.starwindsoftware.com/security/sw-20220804-0001/" } ] }, diff --git a/2021/43xxx/CVE-2021-43527.json b/2021/43xxx/CVE-2021-43527.json index 59bb6c958a0..d68a4158984 100644 --- a/2021/43xxx/CVE-2021-43527.json +++ b/2021/43xxx/CVE-2021-43527.json @@ -83,6 +83,11 @@ "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-594438.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-594438.pdf" + }, + { + "refsource": "MISC", + "name": "https://www.starwindsoftware.com/security/sw-20220802-0001/", + "url": "https://www.starwindsoftware.com/security/sw-20220802-0001/" } ] }, diff --git a/2022/41xxx/CVE-2022-41380.json b/2022/41xxx/CVE-2022-41380.json index a9cc256d48a..c1a8941bdfe 100644 --- a/2022/41xxx/CVE-2022-41380.json +++ b/2022/41xxx/CVE-2022-41380.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41380", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41380", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The d8s-yaml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pypi.org/project/democritus-file-system/", + "refsource": "MISC", + "name": "https://pypi.org/project/democritus-file-system/" + }, + { + "url": "https://pypi.org/project/d8s-yaml/", + "refsource": "MISC", + "name": "https://pypi.org/project/d8s-yaml/" + }, + { + "url": "https://github.com/democritus-project/d8s-yaml/issues/4", + "refsource": "MISC", + "name": "https://github.com/democritus-project/d8s-yaml/issues/4" } ] } diff --git a/2022/41xxx/CVE-2022-41381.json b/2022/41xxx/CVE-2022-41381.json index c0a56ae33c8..0e6988c7930 100644 --- a/2022/41xxx/CVE-2022-41381.json +++ b/2022/41xxx/CVE-2022-41381.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41381", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41381", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pypi.org/project/d8s-utility/", + "refsource": "MISC", + "name": "https://pypi.org/project/d8s-utility/" + }, + { + "url": "https://pypi.org/project/democritus-file-system/", + "refsource": "MISC", + "name": "https://pypi.org/project/democritus-file-system/" + }, + { + "url": "https://github.com/democritus-project/d8s-utility/issues/10", + "refsource": "MISC", + "name": "https://github.com/democritus-project/d8s-utility/issues/10" } ] } diff --git a/2022/41xxx/CVE-2022-41382.json b/2022/41xxx/CVE-2022-41382.json index 7a8a9c00405..ad5b4915f1d 100644 --- a/2022/41xxx/CVE-2022-41382.json +++ b/2022/41xxx/CVE-2022-41382.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41382", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41382", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The d8s-json package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pypi.org/project/d8s-json/", + "refsource": "MISC", + "name": "https://pypi.org/project/d8s-json/" + }, + { + "url": "https://pypi.org/project/democritus-file-system/", + "refsource": "MISC", + "name": "https://pypi.org/project/democritus-file-system/" + }, + { + "url": "https://github.com/democritus-project/d8s-json/issues/10", + "refsource": "MISC", + "name": "https://github.com/democritus-project/d8s-json/issues/10" } ] } diff --git a/2022/41xxx/CVE-2022-41383.json b/2022/41xxx/CVE-2022-41383.json index 4ffc42568e4..97609918030 100644 --- a/2022/41xxx/CVE-2022-41383.json +++ b/2022/41xxx/CVE-2022-41383.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41383", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41383", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The d8s-archives package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pypi.org/project/d8s-archives/", + "refsource": "MISC", + "name": "https://pypi.org/project/d8s-archives/" + }, + { + "url": "https://pypi.org/project/democritus-file-system/", + "refsource": "MISC", + "name": "https://pypi.org/project/democritus-file-system/" + }, + { + "url": "https://github.com/democritus-project/d8s-archives/issues/13", + "refsource": "MISC", + "name": "https://github.com/democritus-project/d8s-archives/issues/13" } ] } diff --git a/2022/41xxx/CVE-2022-41384.json b/2022/41xxx/CVE-2022-41384.json index 81bd53de834..5a24245e769 100644 --- a/2022/41xxx/CVE-2022-41384.json +++ b/2022/41xxx/CVE-2022-41384.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41384", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41384", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The d8s-domains package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pypi.org/project/d8s-domains/", + "refsource": "MISC", + "name": "https://pypi.org/project/d8s-domains/" + }, + { + "url": "https://pypi.org/project/democritus-urls/", + "refsource": "MISC", + "name": "https://pypi.org/project/democritus-urls/" + }, + { + "url": "https://github.com/democritus-project/d8s-domains/issues/9", + "refsource": "MISC", + "name": "https://github.com/democritus-project/d8s-domains/issues/9" } ] } diff --git a/2022/41xxx/CVE-2022-41385.json b/2022/41xxx/CVE-2022-41385.json index 423b5adc492..fc586fde93f 100644 --- a/2022/41xxx/CVE-2022-41385.json +++ b/2022/41xxx/CVE-2022-41385.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41385", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41385", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The d8s-html package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pypi.org/project/d8s-html/", + "refsource": "MISC", + "name": "https://pypi.org/project/d8s-html/" + }, + { + "url": "https://pypi.org/project/democritus-urls/", + "refsource": "MISC", + "name": "https://pypi.org/project/democritus-urls/" + }, + { + "url": "https://github.com/democritus-project/d8s-html/issues/12", + "refsource": "MISC", + "name": "https://github.com/democritus-project/d8s-html/issues/12" } ] } diff --git a/2022/41xxx/CVE-2022-41386.json b/2022/41xxx/CVE-2022-41386.json index 2356dccdc8a..d3b4b17f52f 100644 --- a/2022/41xxx/CVE-2022-41386.json +++ b/2022/41xxx/CVE-2022-41386.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41386", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41386", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pypi.org/project/d8s-utility/", + "refsource": "MISC", + "name": "https://pypi.org/project/d8s-utility/" + }, + { + "url": "https://pypi.org/project/democritus-urls/", + "refsource": "MISC", + "name": "https://pypi.org/project/democritus-urls/" + }, + { + "url": "https://github.com/democritus-project/d8s-utility/issues/11", + "refsource": "MISC", + "name": "https://github.com/democritus-project/d8s-utility/issues/11" } ] } diff --git a/2022/41xxx/CVE-2022-41387.json b/2022/41xxx/CVE-2022-41387.json index e256a5c5be3..4f469c8a8f5 100644 --- a/2022/41xxx/CVE-2022-41387.json +++ b/2022/41xxx/CVE-2022-41387.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41387", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41387", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The d8s-pdfs package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pypi.org/project/d8s-pdfs/", + "refsource": "MISC", + "name": "https://pypi.org/project/d8s-pdfs/" + }, + { + "url": "https://pypi.org/project/democritus-urls/", + "refsource": "MISC", + "name": "https://pypi.org/project/democritus-urls/" + }, + { + "url": "https://github.com/democritus-project/d8s-pdfs/issues/7", + "refsource": "MISC", + "name": "https://github.com/democritus-project/d8s-pdfs/issues/7" } ] } diff --git a/2022/41xxx/CVE-2022-41550.json b/2022/41xxx/CVE-2022-41550.json index df328d58e82..1c440f1dc06 100644 --- a/2022/41xxx/CVE-2022-41550.json +++ b/2022/41xxx/CVE-2022-41550.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41550", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41550", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GNU oSIP v5.3.0 was discovered to contain an integer overflow via the component osip_body_parse_header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://savannah.gnu.org/bugs/?63103", + "refsource": "MISC", + "name": "https://savannah.gnu.org/bugs/?63103" } ] } diff --git a/2022/42xxx/CVE-2022-42036.json b/2022/42xxx/CVE-2022-42036.json index 05d7357aa94..3134715007b 100644 --- a/2022/42xxx/CVE-2022-42036.json +++ b/2022/42xxx/CVE-2022-42036.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-42036", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-42036", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The d8s-urls package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pypi.org/project/d8s-urls/", + "refsource": "MISC", + "name": "https://pypi.org/project/d8s-urls/" + }, + { + "url": "https://pypi.org/project/democritus-csv/", + "refsource": "MISC", + "name": "https://pypi.org/project/democritus-csv/" + }, + { + "url": "https://github.com/democritus-project/d8s-urls/issues/12", + "refsource": "MISC", + "name": "https://github.com/democritus-project/d8s-urls/issues/12" } ] } diff --git a/2022/42xxx/CVE-2022-42037.json b/2022/42xxx/CVE-2022-42037.json index 3f544aad83d..4dfc939f21b 100644 --- a/2022/42xxx/CVE-2022-42037.json +++ b/2022/42xxx/CVE-2022-42037.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-42037", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-42037", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pypi.org/project/d8s-asns/", + "refsource": "MISC", + "name": "https://pypi.org/project/d8s-asns/" + }, + { + "url": "https://pypi.org/project/democritus-csv/", + "refsource": "MISC", + "name": "https://pypi.org/project/democritus-csv/" + }, + { + "url": "https://github.com/democritus-project/d8s-asns/issues/9", + "refsource": "MISC", + "name": "https://github.com/democritus-project/d8s-asns/issues/9" } ] } diff --git a/2022/42xxx/CVE-2022-42038.json b/2022/42xxx/CVE-2022-42038.json index 465259f8196..b9a6493437c 100644 --- a/2022/42xxx/CVE-2022-42038.json +++ b/2022/42xxx/CVE-2022-42038.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-42038", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-42038", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pypi.org/project/d8s-ip-addresses/", + "refsource": "MISC", + "name": "https://pypi.org/project/d8s-ip-addresses/" + }, + { + "url": "https://pypi.org/project/democritus-csv/", + "refsource": "MISC", + "name": "https://pypi.org/project/democritus-csv/" + }, + { + "url": "https://github.com/democritus-project/d8s-ip-addresses/issues/14", + "refsource": "MISC", + "name": "https://github.com/democritus-project/d8s-ip-addresses/issues/14" } ] } diff --git a/2022/42xxx/CVE-2022-42039.json b/2022/42xxx/CVE-2022-42039.json index b00a76f5cf0..e55db41415b 100644 --- a/2022/42xxx/CVE-2022-42039.json +++ b/2022/42xxx/CVE-2022-42039.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-42039", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-42039", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The d8s-lists package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pypi.org/project/d8s-lists/", + "refsource": "MISC", + "name": "https://pypi.org/project/d8s-lists/" + }, + { + "url": "https://pypi.org/project/democritus-dicts/", + "refsource": "MISC", + "name": "https://pypi.org/project/democritus-dicts/" + }, + { + "url": "https://github.com/democritus-project/d8s-lists/issues/18", + "refsource": "MISC", + "name": "https://github.com/democritus-project/d8s-lists/issues/18" } ] } diff --git a/2022/42xxx/CVE-2022-42040.json b/2022/42xxx/CVE-2022-42040.json index e38bdbecab0..b988e596c2c 100644 --- a/2022/42xxx/CVE-2022-42040.json +++ b/2022/42xxx/CVE-2022-42040.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-42040", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-42040", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pypi.org/project/democritus-dicts/", + "refsource": "MISC", + "name": "https://pypi.org/project/democritus-dicts/" + }, + { + "url": "https://pypi.org/project/d8s-algorithms/", + "refsource": "MISC", + "name": "https://pypi.org/project/d8s-algorithms/" + }, + { + "url": "https://github.com/dadadadada111/info/issues/1", + "refsource": "MISC", + "name": "https://github.com/dadadadada111/info/issues/1" } ] } diff --git a/2022/42xxx/CVE-2022-42041.json b/2022/42xxx/CVE-2022-42041.json index 5a3ac6a0ae3..6338cab95dd 100644 --- a/2022/42xxx/CVE-2022-42041.json +++ b/2022/42xxx/CVE-2022-42041.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-42041", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-42041", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The d8s-file-system package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hashes package. The affected version is 0.1.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pypi.org/project/d8s-file-system/", + "refsource": "MISC", + "name": "https://pypi.org/project/d8s-file-system/" + }, + { + "url": "https://pypi.org/project/democritus-hashes/", + "refsource": "MISC", + "name": "https://pypi.org/project/democritus-hashes/" + }, + { + "url": "https://github.com/dadadadada111/info/issues/2", + "refsource": "MISC", + "name": "https://github.com/dadadadada111/info/issues/2" } ] } diff --git a/2022/42xxx/CVE-2022-42042.json b/2022/42xxx/CVE-2022-42042.json index 59a6e5e5833..a24bf00f2fa 100644 --- a/2022/42xxx/CVE-2022-42042.json +++ b/2022/42xxx/CVE-2022-42042.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-42042", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-42042", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The d8s-networking package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hashes package. The affected version is 0.1.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pypi.org/project/democritus-hashes/", + "refsource": "MISC", + "name": "https://pypi.org/project/democritus-hashes/" + }, + { + "url": "https://pypi.org/project/d8s-networking/", + "refsource": "MISC", + "name": "https://pypi.org/project/d8s-networking/" + }, + { + "url": "https://github.com/dadadadada111/info/issues/3", + "refsource": "MISC", + "name": "https://github.com/dadadadada111/info/issues/3" } ] } diff --git a/2022/42xxx/CVE-2022-42043.json b/2022/42xxx/CVE-2022-42043.json index b7d6f7513f5..4456778fbc5 100644 --- a/2022/42xxx/CVE-2022-42043.json +++ b/2022/42xxx/CVE-2022-42043.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-42043", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-42043", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pypi.org/project/d8s-xml/", + "refsource": "MISC", + "name": "https://pypi.org/project/d8s-xml/" + }, + { + "url": "https://pypi.org/project/democritus-html/", + "refsource": "MISC", + "name": "https://pypi.org/project/democritus-html/" + }, + { + "url": "https://github.com/dadadadada111/info/issues/5", + "refsource": "MISC", + "name": "https://github.com/dadadadada111/info/issues/5" } ] } diff --git a/2022/42xxx/CVE-2022-42044.json b/2022/42xxx/CVE-2022-42044.json index d41192f5c58..db1474c3582 100644 --- a/2022/42xxx/CVE-2022-42044.json +++ b/2022/42xxx/CVE-2022-42044.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-42044", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-42044", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pypi.org/project/d8s-asns/", + "refsource": "MISC", + "name": "https://pypi.org/project/d8s-asns/" + }, + { + "url": "https://pypi.org/project/democritus-html/", + "refsource": "MISC", + "name": "https://pypi.org/project/democritus-html/" + }, + { + "url": "https://github.com/dadadadada111/info/issues/4", + "refsource": "MISC", + "name": "https://github.com/dadadadada111/info/issues/4" } ] }