diff --git a/2022/20xxx/CVE-2022-20409.json b/2022/20xxx/CVE-2022-20409.json index e88299bb5c1..cdfc798551a 100644 --- a/2022/20xxx/CVE-2022-20409.json +++ b/2022/20xxx/CVE-2022-20409.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://source.android.com/security/bulletin/2022-10-01", "url": "https://source.android.com/security/bulletin/2022-10-01" + }, + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=2ee0cab11f6626071f8a64c7792406dabdd94c8d", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=2ee0cab11f6626071f8a64c7792406dabdd94c8d" } ] }, diff --git a/2022/3xxx/CVE-2022-3382.json b/2022/3xxx/CVE-2022-3382.json index bf114d925e7..6855f690dc9 100644 --- a/2022/3xxx/CVE-2022-3382.json +++ b/2022/3xxx/CVE-2022-3382.json @@ -1,18 +1,87 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2022-10-06T18:13:00.000Z", "ID": "CVE-2022-3382", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HIWIN Robot System Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.3.21.9869" + } + ] + } + } + ] + }, + "vendor_name": "HIWIN" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HIWIN Robot System Software version 3.3.21.9869 does not properly address the terminated command source. As a result, an attacker could craft code to disconnect HRSS and the controller and cause a denial-of-service condition." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-279-02", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-279-02" + } + ] + }, + "source": { + "advisory": "ICSA-22-279-02", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3421.json b/2022/3xxx/CVE-2022-3421.json index 64629b3a207..86109ec4af0 100644 --- a/2022/3xxx/CVE-2022-3421.json +++ b/2022/3xxx/CVE-2022-3421.json @@ -1,85 +1,86 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@google.com", - "ID": "CVE-2022-3421", - "STATE": "PUBLIC", - "TITLE": "Privilege escalation in Google Drive for Desktop on MacOS" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Drive for Desktop MacOS", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "64.0" - } - ] - } - } - ] - }, - "vendor_name": "Google LLC" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An attacker can pre-create the `/Applications/Google\\ Drive.app/Contents/MacOS` directory which is expected to be owned by root to be owned by a non-root user. When the Drive for Desktop installer is run for the first time, it will place a binary in that directory with execute permissions and set its setuid bit. Since the attacker owns the directory, the attacker can replace the binary with a symlink, causing the installer to set the setuid bit on the symlink. When the symlink is executed, it will run with root permissions. We recommend upgrading past version 64.0" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "LOW", - "baseScore": 5.6, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-264 Permissions, Privileges, and Access Controls" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://support.google.com/a/answer/7577057?hl=en" - } - ] - }, - "source": { - "discovery": "UNKNOWN" - } -} + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2022-3421", + "STATE": "PUBLIC", + "TITLE": "Privilege escalation in Google Drive for Desktop on MacOS" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Drive for Desktop MacOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "64.0" + } + ] + } + } + ] + }, + "vendor_name": "Google LLC" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An attacker can pre-create the `/Applications/Google\\ Drive.app/Contents/MacOS` directory which is expected to be owned by root to be owned by a non-root user. When the Drive for Desktop installer is run for the first time, it will place a binary in that directory with execute permissions and set its setuid bit. Since the attacker owns the directory, the attacker can replace the binary with a symlink, causing the installer to set the setuid bit on the symlink. When the symlink is executed, it will run with root permissions. We recommend upgrading past version 64.0" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 5.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-264 Permissions, Privileges, and Access Controls" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.google.com/a/answer/7577057?hl=en", + "name": "https://support.google.com/a/answer/7577057?hl=en" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3517.json b/2022/3xxx/CVE-2022-3517.json index 46eef4c1ed5..21e2d894332 100644 --- a/2022/3xxx/CVE-2022-3517.json +++ b/2022/3xxx/CVE-2022-3517.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3517", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "minimatch", + "version": { + "version_data": [ + { + "version_value": "minimatch versions prior to 3.0.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/isaacs/minimatch/commit/a8763f4388e51956be62dc6025cec1126beeb5e6", + "url": "https://github.com/isaacs/minimatch/commit/a8763f4388e51956be62dc6025cec1126beeb5e6" + }, + { + "refsource": "MISC", + "name": "https://github.com/grafana/grafana-image-renderer/issues/329", + "url": "https://github.com/grafana/grafana-image-renderer/issues/329" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service." } ] } diff --git a/2022/3xxx/CVE-2022-3568.json b/2022/3xxx/CVE-2022-3568.json new file mode 100644 index 00000000000..4d9c26fa7db --- /dev/null +++ b/2022/3xxx/CVE-2022-3568.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3568", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41642.json b/2022/41xxx/CVE-2022-41642.json new file mode 100644 index 00000000000..2497990d6a3 --- /dev/null +++ b/2022/41xxx/CVE-2022-41642.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-41642", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41777.json b/2022/41xxx/CVE-2022-41777.json new file mode 100644 index 00000000000..d5c8b9232ca --- /dev/null +++ b/2022/41xxx/CVE-2022-41777.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-41777", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42149.json b/2022/42xxx/CVE-2022-42149.json index 81aed275382..ec69b1b9ccd 100644 --- a/2022/42xxx/CVE-2022-42149.json +++ b/2022/42xxx/CVE-2022-42149.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-42149", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-42149", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via controller\\OnlinePreviewController.java." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/xiaojiangxl/paper/blob/main/kkFileView/ssrf_vul_en.md", + "refsource": "MISC", + "name": "https://github.com/xiaojiangxl/paper/blob/main/kkFileView/ssrf_vul_en.md" } ] } diff --git a/2022/42xxx/CVE-2022-42496.json b/2022/42xxx/CVE-2022-42496.json new file mode 100644 index 00000000000..b0dce7a5c5c --- /dev/null +++ b/2022/42xxx/CVE-2022-42496.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-42496", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43379.json b/2022/43xxx/CVE-2022-43379.json new file mode 100644 index 00000000000..3a3ecf61183 --- /dev/null +++ b/2022/43xxx/CVE-2022-43379.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43379", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43380.json b/2022/43xxx/CVE-2022-43380.json new file mode 100644 index 00000000000..53a34d5c266 --- /dev/null +++ b/2022/43xxx/CVE-2022-43380.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43380", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43381.json b/2022/43xxx/CVE-2022-43381.json new file mode 100644 index 00000000000..6e353d28e11 --- /dev/null +++ b/2022/43xxx/CVE-2022-43381.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43381", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43382.json b/2022/43xxx/CVE-2022-43382.json new file mode 100644 index 00000000000..73bd13bbb29 --- /dev/null +++ b/2022/43xxx/CVE-2022-43382.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43382", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43383.json b/2022/43xxx/CVE-2022-43383.json new file mode 100644 index 00000000000..0182745901a --- /dev/null +++ b/2022/43xxx/CVE-2022-43383.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43383", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43384.json b/2022/43xxx/CVE-2022-43384.json new file mode 100644 index 00000000000..d22a03b6e34 --- /dev/null +++ b/2022/43xxx/CVE-2022-43384.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43384", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43385.json b/2022/43xxx/CVE-2022-43385.json new file mode 100644 index 00000000000..8472bdf383a --- /dev/null +++ b/2022/43xxx/CVE-2022-43385.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43385", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43386.json b/2022/43xxx/CVE-2022-43386.json new file mode 100644 index 00000000000..eef43929968 --- /dev/null +++ b/2022/43xxx/CVE-2022-43386.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43386", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43387.json b/2022/43xxx/CVE-2022-43387.json new file mode 100644 index 00000000000..e212beee85f --- /dev/null +++ b/2022/43xxx/CVE-2022-43387.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43387", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file