admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-08-17 00:00:56 +00:00
parent dcbb3d1c68
commit 9fc1441d91
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
7 changed files with 82 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
2022/1xxx/CVE-2022-1399.json
View File

@ -33,11 +33,11 @@
"credit": [
{
"lang": "eng",
"value": "Ștefania POPESCU - Team Lead, Security @ Bitdefender"
"value": "\u0218tefania POPESCU - Team Lead, Security @ Bitdefender"
},
{
"lang": "eng",
"value": "Ionuț LALU - Security Engineer @ Bitdefender"
"value": "Ionu\u021b LALU - Security Engineer @ Bitdefender"
},
{
"lang": "eng",
@ -45,7 +45,7 @@
},
{
"lang": "eng",
"value": "Alexandru LAZĂR - Security Researcher @ Bitdefender"
"value": "Alexandru LAZ\u0102R - Security Researcher @ Bitdefender"
}
],
"data_format": "MITRE",
@ -55,7 +55,7 @@
"description_data": [
{
"lang": "eng",
"value": "An Argument Injection or Modification vulnerability in the \"Change Secret\" username field as used in the Discovery component of Device42 CMDB allows a local attacker to run arbitrary code on the appliance with root privileges.\nThis issue affects:\nDevice42 CMDB\nversion 18.01.00 and prior versions."
"value": "An Argument Injection or Modification vulnerability in the \"Change Secret\" username field as used in the Discovery component of Device42 CMDB allows a local attacker to run arbitrary code on the appliance with root privileges. This issue affects: Device42 CMDB version 18.01.00 and prior versions."
}
]
},
@ -93,8 +93,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.bitdefender.com/blog/labs/a-red-team-perspective-on-the-device42-asset-management-appliance/"
"refsource": "MISC",
"url": "https://www.bitdefender.com/blog/labs/a-red-team-perspective-on-the-device42-asset-management-appliance/",
"name": "https://www.bitdefender.com/blog/labs/a-red-team-perspective-on-the-device42-asset-management-appliance/"
}
]
},

13
2022/1xxx/CVE-2022-1400.json
View File

@ -33,11 +33,11 @@
"credit": [
{
"lang": "eng",
"value": "Ștefania POPESCU - Team Lead, Security @ Bitdefender"
"value": "\u0218tefania POPESCU - Team Lead, Security @ Bitdefender"
},
{
"lang": "eng",
"value": "Ionuț LALU - Security Engineer @ Bitdefender"
"value": "Ionu\u021b LALU - Security Engineer @ Bitdefender"
},
{
"lang": "eng",
@ -45,7 +45,7 @@
},
{
"lang": "eng",
"value": "Alexandru LAZĂR - Security Researcher @ Bitdefender"
"value": "Alexandru LAZ\u0102R - Security Researcher @ Bitdefender"
}
],
"data_format": "MITRE",
@ -55,7 +55,7 @@
"description_data": [
{
"lang": "eng",
"value": "Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges.\nThis issue affects:\nDevice42 CMDB\nversions prior to 18.01.00."
"value": "Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions prior to 18.01.00."
}
]
},
@ -93,8 +93,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.bitdefender.com/blog/labs/a-red-team-perspective-on-the-device42-asset-management-appliance/"
"refsource": "MISC",
"url": "https://www.bitdefender.com/blog/labs/a-red-team-perspective-on-the-device42-asset-management-appliance/",
"name": "https://www.bitdefender.com/blog/labs/a-red-team-perspective-on-the-device42-asset-management-appliance/"
}
]
},

13
2022/1xxx/CVE-2022-1401.json
View File

@ -33,11 +33,11 @@
"credit": [
{
"lang": "eng",
"value": "Ștefania POPESCU - Team Lead, Security @ Bitdefender"
"value": "\u0218tefania POPESCU - Team Lead, Security @ Bitdefender"
},
{
"lang": "eng",
"value": "Ionuț LALU - Security Engineer @ Bitdefender"
"value": "Ionu\u021b LALU - Security Engineer @ Bitdefender"
},
{
"lang": "eng",
@ -45,7 +45,7 @@
},
{
"lang": "eng",
"value": "Alexandru LAZĂR - Security Researcher @ Bitdefender"
"value": "Alexandru LAZ\u0102R - Security Researcher @ Bitdefender"
}
],
"data_format": "MITRE",
@ -55,7 +55,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper Access Control vulnerability in the /Exago/WrImageResource.adx route as used in Device42 Asset Management Appliance allows an unauthenticated attacker to read sensitive server files with root permissions.\nThis issue affects:\nDevice42 CMDB\nversions prior to 18.01.00."
"value": "Improper Access Control vulnerability in the /Exago/WrImageResource.adx route as used in Device42 Asset Management Appliance allows an unauthenticated attacker to read sensitive server files with root permissions. This issue affects: Device42 CMDB versions prior to 18.01.00."
}
]
},
@ -93,8 +93,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.bitdefender.com/blog/labs/a-red-team-perspective-on-the-device42-asset-management-appliance/"
"refsource": "MISC",
"url": "https://www.bitdefender.com/blog/labs/a-red-team-perspective-on-the-device42-asset-management-appliance/",
"name": "https://www.bitdefender.com/blog/labs/a-red-team-perspective-on-the-device42-asset-management-appliance/"
}
]
},

13
2022/1xxx/CVE-2022-1410.json
View File

@ -33,11 +33,11 @@
"credit": [
{
"lang": "eng",
"value": "Ștefania POPESCU - Team Lead, Security @ Bitdefender"
"value": "\u0218tefania POPESCU - Team Lead, Security @ Bitdefender"
},
{
"lang": "eng",
"value": "Ionuț LALU - Security Engineer @ Bitdefender"
"value": "Ionu\u021b LALU - Security Engineer @ Bitdefender"
},
{
"lang": "eng",
@ -45,7 +45,7 @@
},
{
"lang": "eng",
"value": "Alexandru LAZĂR - Security Researcher @ Bitdefender"
"value": "Alexandru LAZ\u0102R - Security Researcher @ Bitdefender"
}
],
"data_format": "MITRE",
@ -55,7 +55,7 @@
"description_data": [
{
"lang": "eng",
"value": "OS Command Injection vulnerability in the db_optimize component of Device42 Asset Management Appliance allows an authenticated attacker to execute remote code on the device.\nThis issue affects:\nDevice42 CMDB\nversion 18.01.00 and prior versions."
"value": "OS Command Injection vulnerability in the db_optimize component of Device42 Asset Management Appliance allows an authenticated attacker to execute remote code on the device. This issue affects: Device42 CMDB version 18.01.00 and prior versions."
}
]
},
@ -93,8 +93,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.bitdefender.com/blog/labs/a-red-team-perspective-on-the-device42-asset-management-appliance/"
"refsource": "MISC",
"url": "https://www.bitdefender.com/blog/labs/a-red-team-perspective-on-the-device42-asset-management-appliance/",
"name": "https://www.bitdefender.com/blog/labs/a-red-team-perspective-on-the-device42-asset-management-appliance/"
}
]
},

18
2022/2xxx/CVE-2022-2866.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2866",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/2xxx/CVE-2022-2867.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2867",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/2xxx/CVE-2022-2868.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2868",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}