admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-02-25 19:01:10 +00:00
parent 9cb758835f
commit a33489dc79
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
55 changed files with 3168 additions and 748 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2018/13xxx/CVE-2018-13405.json
View File

@ -186,6 +186,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2022-3a60c34473",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTKKIAUMR5FAYLZ7HLEPOXMKAAE3BYBQ/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-5d0676b098",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HRBNBX73SAFKQWBOX76SLMWPTKJPVGEJ/"
}
]
}

5
2021/0xxx/CVE-2021-0561.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/pixel/2021-06-01",
"url": "https://source.android.com/security/bulletin/pixel/2021-06-01"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-db30f1bd42",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWXBVMPPSL377I7YM55ZYXVKVMYOKES2/"
}
]
},

104
2021/22xxx/CVE-2021-22319.json
View File

@ -1,17 +1,109 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-22319",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMUI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.0.1"
},
{
"version_affected": "=",
"version_value": "11.0.0"
},
{
"version_affected": "=",
"version_value": "10.1.1"
},
{
"version_affected": "=",
"version_value": "10.1.0"
}
]
}
},
{
"product_name": "Magic UI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.0.0"
},
{
"version_affected": "=",
"version_value": "3.1.1"
},
{
"version_affected": "=",
"version_value": "3.1.0"
}
]
}
},
{
"product_name": "HarmonyOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is an improper verification vulnerability in smartphones. Successful exploitation of this vulnerability may cause integer overflows."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper verification vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2021/10/",
"refsource": "MISC",
"name": "https://consumer.huawei.com/en/support/bulletin/2021/10/"
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202109-0000001150310956",
"refsource": "MISC",
"name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202109-0000001150310956"
}
]
}

100
2021/22xxx/CVE-2021-22394.json
View File

@ -1,17 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-22394",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMUI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.0.0"
},
{
"version_affected": "=",
"version_value": "10.1.1"
},
{
"version_affected": "=",
"version_value": "10.1.0"
}
]
}
},
{
"product_name": "Magic UI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.0.0"
},
{
"version_affected": "=",
"version_value": "3.1.1"
},
{
"version_affected": "=",
"version_value": "3.1.0"
}
]
}
},
{
"product_name": "HarmonyOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is a buffer overflow vulnerability in smartphones. Successful exploitation of this vulnerability may cause DoS of the apps during Multi-Screen Collaboration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer overflow vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2021/7/",
"refsource": "MISC",
"name": "https://consumer.huawei.com/en/support/bulletin/2021/7/"
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202108-0000001181125881",
"refsource": "MISC",
"name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202108-0000001181125881"
}
]
}

100
2021/22xxx/CVE-2021-22395.json
View File

@ -1,17 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-22395",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMUI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.0.0"
},
{
"version_affected": "=",
"version_value": "10.1.1"
},
{
"version_affected": "=",
"version_value": "10.1.0"
}
]
}
},
{
"product_name": "Magic UI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.0.0"
},
{
"version_affected": "=",
"version_value": "3.1.1"
},
{
"version_affected": "=",
"version_value": "3.1.0"
}
]
}
},
{
"product_name": "HarmonyOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is a code injection vulnerability in smartphones. Successful exploitation of this vulnerability may affect service confidentiality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code injection vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2021/7/",
"refsource": "MISC",
"name": "https://consumer.huawei.com/en/support/bulletin/2021/7/"
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202108-0000001181125881",
"refsource": "MISC",
"name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202108-0000001181125881"
}
]
}

100
2021/22xxx/CVE-2021-22426.json
View File

@ -1,17 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-22426",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMUI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.0.0"
},
{
"version_affected": "=",
"version_value": "10.1.1"
},
{
"version_affected": "=",
"version_value": "10.1.0"
}
]
}
},
{
"product_name": "Magic UI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.0.0"
},
{
"version_affected": "=",
"version_value": "3.1.1"
},
{
"version_affected": "=",
"version_value": "3.1.0"
}
]
}
},
{
"product_name": "HarmonyOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory address out of bounds"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2021/6/",
"refsource": "MISC",
"name": "https://consumer.huawei.com/en/support/bulletin/2021/6/"
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202107-0000001170634565",
"refsource": "MISC",
"name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202107-0000001170634565"
}
]
}

100
2021/22xxx/CVE-2021-22429.json
View File

@ -1,17 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-22429",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMUI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.0.0"
},
{
"version_affected": "=",
"version_value": "10.1.1"
},
{
"version_affected": "=",
"version_value": "10.1.0"
}
]
}
},
{
"product_name": "Magic UI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.0.0"
},
{
"version_affected": "=",
"version_value": "3.1.1"
},
{
"version_affected": "=",
"version_value": "3.1.0"
}
]
}
},
{
"product_name": "HarmonyOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory address out of bounds"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2021/6/",
"refsource": "MISC",
"name": "https://consumer.huawei.com/en/support/bulletin/2021/6/"
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202107-0000001170634565",
"refsource": "MISC",
"name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202107-0000001170634565"
}
]
}

120
2021/22xxx/CVE-2021-22430.json
View File

@ -1,17 +1,125 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-22430",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMUI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.0.0"
},
{
"version_affected": "=",
"version_value": "10.1.1"
},
{
"version_affected": "=",
"version_value": "10.1.0"
},
{
"version_affected": "=",
"version_value": "10.0.0"
},
{
"version_affected": "=",
"version_value": "9.1.1"
},
{
"version_affected": "=",
"version_value": "9.1.0"
}
]
}
},
{
"product_name": "Magic UI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.0.0"
},
{
"version_affected": "=",
"version_value": "3.1.1"
},
{
"version_affected": "=",
"version_value": "3.1.0"
},
{
"version_affected": "=",
"version_value": "3.0.0"
},
{
"version_affected": "=",
"version_value": "2.1.1"
}
]
}
},
{
"product_name": "HarmonyOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is a logic bypass vulnerability in smartphones. Successful exploitation of this vulnerability may cause code injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Logic bypass vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2021/6/",
"refsource": "MISC",
"name": "https://consumer.huawei.com/en/support/bulletin/2021/6/"
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202107-0000001170634565",
"refsource": "MISC",
"name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202107-0000001170634565"
}
]
}

100
2021/22xxx/CVE-2021-22431.json
View File

@ -1,17 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-22431",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMUI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.0.0"
},
{
"version_affected": "=",
"version_value": "10.1.1"
},
{
"version_affected": "=",
"version_value": "10.1.0"
}
]
}
},
{
"product_name": "Magic UI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.0.0"
},
{
"version_affected": "=",
"version_value": "3.1.1"
},
{
"version_affected": "=",
"version_value": "3.1.0"
}
]
}
},
{
"product_name": "HarmonyOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is a vulnerability when configuring permission isolation in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Configuring permission isolation vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2021/6/",
"refsource": "MISC",
"name": "https://consumer.huawei.com/en/support/bulletin/2021/6/"
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202107-0000001170634565",
"refsource": "MISC",
"name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202107-0000001170634565"
}
]
}

100
2021/22xxx/CVE-2021-22432.json
View File

@ -1,17 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-22432",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMUI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.0.0"
},
{
"version_affected": "=",
"version_value": "10.1.1"
},
{
"version_affected": "=",
"version_value": "10.1.0"
}
]
}
},
{
"product_name": "Magic UI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.0.0"
},
{
"version_affected": "=",
"version_value": "3.1.1"
},
{
"version_affected": "=",
"version_value": "3.1.0"
}
]
}
},
{
"product_name": "HarmonyOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is a vulnerability when configuring permission isolation in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Configuring permission isolation vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2021/6/",
"refsource": "MISC",
"name": "https://consumer.huawei.com/en/support/bulletin/2021/6/"
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202107-0000001170634565",
"refsource": "MISC",
"name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202107-0000001170634565"
}
]
}

100
2021/22xxx/CVE-2021-22433.json
View File

@ -1,17 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-22433",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMUI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.0.0"
},
{
"version_affected": "=",
"version_value": "10.1.1"
},
{
"version_affected": "=",
"version_value": "10.1.0"
}
]
}
},
{
"product_name": "Magic UI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.0.0"
},
{
"version_affected": "=",
"version_value": "3.1.1"
},
{
"version_affected": "=",
"version_value": "3.1.0"
}
]
}
},
{
"product_name": "HarmonyOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory address out of bounds"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2021/6/",
"refsource": "MISC",
"name": "https://consumer.huawei.com/en/support/bulletin/2021/6/"
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202107-0000001170634565",
"refsource": "MISC",
"name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202107-0000001170634565"
}
]
}

100
2021/22xxx/CVE-2021-22434.json
View File

@ -1,17 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-22434",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMUI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.0.0"
},
{
"version_affected": "=",
"version_value": "10.1.1"
},
{
"version_affected": "=",
"version_value": "10.1.0"
}
]
}
},
{
"product_name": "Magic UI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.0.0"
},
{
"version_affected": "=",
"version_value": "3.1.1"
},
{
"version_affected": "=",
"version_value": "3.1.0"
}
]
}
},
{
"product_name": "HarmonyOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is a memory address out of bounds vulnerability in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory address out of bounds"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2021/6/",
"refsource": "MISC",
"name": "https://consumer.huawei.com/en/support/bulletin/2021/6/"
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202107-0000001170634565",
"refsource": "MISC",
"name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202107-0000001170634565"
}
]
}

76
2021/22xxx/CVE-2021-22437.json
View File

@ -1,17 +1,81 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-22437",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMUI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.1.1"
},
{
"version_affected": "=",
"version_value": "10.1.0"
}
]
}
},
{
"product_name": "Magic UI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.1.1"
},
{
"version_affected": "=",
"version_value": "3.1.0"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is a software integer overflow leading to a TOCTOU condition in smartphones. Successful exploitation of this vulnerability may cause random address access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "TOCTOU condition vulnerability caused by software integer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2021/9/",
"refsource": "MISC",
"name": "https://consumer.huawei.com/en/support/bulletin/2021/9/"
}
]
}

57
2021/22xxx/CVE-2021-22441.json
View File

@ -1,17 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-22441",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HarmonyOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Some Huawei products have an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to kernel crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Integer overflow vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202108-0000001180965965",
"refsource": "MISC",
"name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202108-0000001180965965"
}
]
}

104
2021/22xxx/CVE-2021-22448.json
View File

@ -1,17 +1,109 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-22448",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMUI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.0.0"
},
{
"version_affected": "=",
"version_value": "10.1.1"
},
{
"version_affected": "=",
"version_value": "10.1.0"
},
{
"version_affected": "=",
"version_value": "10.0.0"
},
{
"version_affected": "=",
"version_value": "9.1.1"
},
{
"version_affected": "=",
"version_value": "9.1.0"
}
]
}
},
{
"product_name": "Magic UI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.0.0"
},
{
"version_affected": "=",
"version_value": "3.1.1"
},
{
"version_affected": "=",
"version_value": "3.1.0"
},
{
"version_affected": "=",
"version_value": "3.0.0"
},
{
"version_affected": "=",
"version_value": "2.1.1"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is an improper verification vulnerability in smartphones. Successful exploitation of this vulnerability may cause unauthorized read and write of some files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper verification vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2021/6/",
"refsource": "MISC",
"name": "https://consumer.huawei.com/en/support/bulletin/2021/6/"
}
]
}

57
2021/22xxx/CVE-2021-22478.json
View File

@ -1,17 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-22478",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HarmonyOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The interface of a certain HarmonyOS module has a UAF vulnerability. Successful exploitation of this vulnerability may lead to information leakage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Resource Management Errors"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727",
"refsource": "MISC",
"name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727"
}
]
}

57
2021/22xxx/CVE-2021-22479.json
View File

@ -1,17 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-22479",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HarmonyOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The interface of a certain HarmonyOS module has an invalid address access vulnerability. Successful exploitation of this vulnerability may lead to kernel crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Invalid address access vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727",
"refsource": "MISC",
"name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727"
}
]
}

57
2021/22xxx/CVE-2021-22480.json
View File

@ -1,17 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-22480",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HarmonyOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The interface of a certain HarmonyOS module has an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to heap memory overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Integer overflow vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727",
"refsource": "MISC",
"name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727"
}
]
}

104
2021/22xxx/CVE-2021-22489.json
View File

@ -1,17 +1,109 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-22489",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMUI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.1.0"
},
{
"version_affected": "=",
"version_value": "10.0.0"
},
{
"version_affected": "=",
"version_value": "9.1.1"
},
{
"version_affected": "=",
"version_value": "9.1.0"
}
]
}
},
{
"product_name": "Magic UI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.1.0"
},
{
"version_affected": "=",
"version_value": "3.0.0"
},
{
"version_affected": "=",
"version_value": "2.1.1"
}
]
}
},
{
"product_name": "HarmonyOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is a DoS vulnerability in smartphones. Successful exploitation of this vulnerability may affect service availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2021/10/",
"refsource": "MISC",
"name": "https://consumer.huawei.com/en/support/bulletin/2021/10/"
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202108-0000001181125881",
"refsource": "MISC",
"name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202108-0000001181125881"
}
]
}

82
2021/26xxx/CVE-2021-26617.json
View File

@ -1,18 +1,88 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"ID": "CVE-2021-26617",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Gabia Firstmall remote code execution vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firstmall",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "=",
"version_name": "multilingual latest version",
"version_value": "multilingual latest version"
}
]
}
}
]
},
"vendor_name": "Gabia Co., Ltd"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "This issues due to insufficient verification of the various input values from user\u2019s input. The vulnerability allows remote attackers to execute malicious code in Firstmall via navercheckout_add function."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36469",
"name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36469"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

109
2021/37xxx/CVE-2021-37027.json
View File

@ -1,17 +1,114 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-37027",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMUI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.0.0"
},
{
"version_affected": "=",
"version_value": "10.1.1"
},
{
"version_affected": "=",
"version_value": "10.1.0"
},
{
"version_affected": "=",
"version_value": "10.0.0"
},
{
"version_affected": "=",
"version_value": "9.1.1"
},
{
"version_affected": "=",
"version_value": "9.1.0"
}
]
}
},
{
"product_name": "Magic UI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.0.0"
},
{
"version_affected": "=",
"version_value": "3.1.1"
},
{
"version_affected": "=",
"version_value": "3.1.0"
},
{
"version_affected": "=",
"version_value": "3.0.0"
},
{
"version_affected": "=",
"version_value": "2.1.1"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is a DoS vulnerability in smartphones. Successful exploitation of this vulnerability may affect service integrity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2021/7/",
"refsource": "MISC",
"name": "https://consumer.huawei.com/en/support/bulletin/2021/7/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletin/2021/9/",
"refsource": "MISC",
"name": "https://consumer.huawei.com/en/support/bulletin/2021/9/"
}
]
}

104
2021/37xxx/CVE-2021-37103.json
View File

@ -1,17 +1,109 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-37103",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMUI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.0.0"
},
{
"version_affected": "=",
"version_value": "10.1.1"
},
{
"version_affected": "=",
"version_value": "10.1.0"
},
{
"version_affected": "=",
"version_value": "10.0.0"
},
{
"version_affected": "=",
"version_value": "9.1.1"
},
{
"version_affected": "=",
"version_value": "9.1.0"
}
]
}
},
{
"product_name": "Magic UI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.0.0"
},
{
"version_affected": "=",
"version_value": "3.1.1"
},
{
"version_affected": "=",
"version_value": "3.1.0"
},
{
"version_affected": "=",
"version_value": "3.0.0"
},
{
"version_affected": "=",
"version_value": "2.1.1"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is an improper permission management vulnerability in the Wallet apps. Successful exploitation of this vulnerability may affect service confidentiality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper permission management vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2021/10/",
"refsource": "MISC",
"name": "https://consumer.huawei.com/en/support/bulletin/2021/10/"
}
]
}

86
2021/37xxx/CVE-2021-37504.json
View File

@ -1,17 +1,91 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-37504",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-37504",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cross-site scripting (XSS) vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js",
"refsource": "MISC",
"name": "http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js"
},
{
"url": "http://hayageek.github.io/jQuery-Upload-File/4.0.11/jquery.uploadfile.min.js",
"refsource": "MISC",
"name": "http://hayageek.github.io/jQuery-Upload-File/4.0.11/jquery.uploadfile.min.js"
},
{
"url": "http://hayageek.github.io/jQuery-Upload-File/4.0.11/uploadfile.css",
"refsource": "MISC",
"name": "http://hayageek.github.io/jQuery-Upload-File/4.0.11/uploadfile.css"
},
{
"url": "http://haygeek.com",
"refsource": "MISC",
"name": "http://haygeek.com"
},
{
"url": "http://jquery-upload-file.com",
"refsource": "MISC",
"name": "http://jquery-upload-file.com"
},
{
"url": "https://github.com/hayageek/jquery-upload-file/blob/master/js/jquery.uploadfile.js#L469",
"refsource": "MISC",
"name": "https://github.com/hayageek/jquery-upload-file/blob/master/js/jquery.uploadfile.js#L469"
},
{
"url": "https://raw.githubusercontent.com/hayageek/jquery-upload-file/master/js/jquery.uploadfile.js",
"refsource": "MISC",
"name": "https://raw.githubusercontent.com/hayageek/jquery-upload-file/master/js/jquery.uploadfile.js"
}
]
}

206
2021/38xxx/CVE-2021-38993.json
View File

@ -1,106 +1,106 @@
{
"data_format" : "MITRE",
"data_type" : "CVE",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2022-02-24T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2021-38993",
"STATE" : "PUBLIC"
},
"description" : {
"description_data" : [
{
"value" : "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the smbcd daemon to cause a denial of service. IBM X-Force ID: 212962.",
"lang" : "eng"
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6559320",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6559320 (AIX)",
"name" : "https://www.ibm.com/support/pages/node/6559320"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/212962",
"refsource" : "XF",
"name" : "ibm-aix-cve202138993-dos (212962)",
"title" : "X-Force Vulnerability Report"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"AV" : "L",
"S" : "U",
"C" : "N",
"SCORE" : "6.200",
"PR" : "N",
"A" : "H",
"AC" : "L",
"I" : "N",
"UI" : "N"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"CVE_data_meta": {
"DATE_PUBLIC": "2022-02-24T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2021-38993",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "VIOS ",
"version" : {
"version_data" : [
{
"version_value" : "3.1"
}
]
}
},
{
"product_name" : "AIX",
"version" : {
"version_data" : [
{
"version_value" : "7.1"
},
{
"version_value" : "7.2"
},
{
"version_value" : "7.3"
}
]
}
}
]
}
"value": "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the smbcd daemon to cause a denial of service. IBM X-Force ID: 212962.",
"lang": "eng"
}
]
}
},
"data_version" : "4.0"
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6559320",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6559320 (AIX)",
"name": "https://www.ibm.com/support/pages/node/6559320"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212962",
"refsource": "XF",
"name": "ibm-aix-cve202138993-dos (212962)",
"title": "X-Force Vulnerability Report"
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
},
"BM": {
"AV": "L",
"S": "U",
"C": "N",
"SCORE": "6.200",
"PR": "N",
"A": "H",
"AC": "L",
"I": "N",
"UI": "N"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "VIOS ",
"version": {
"version_data": [
{
"version_value": "3.1"
}
]
}
},
{
"product_name": "AIX",
"version": {
"version_data": [
{
"version_value": "7.1"
},
{
"version_value": "7.2"
},
{
"version_value": "7.3"
}
]
}
}
]
}
}
]
}
},
"data_version": "4.0"
}

50
2021/40xxx/CVE-2021-40043.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-40043",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@huawei.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "AIS-BW80H-00",
"version": {
"version_data": [
{
"version_value": "versions earlier than AIS-BW80H-00 9.0.3.4(H100SP13C00)"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Laser Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220126-01-df75863e-en",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220126-01-df75863e-en"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The laser command injection vulnerability exists on AIS-BW80H-00 versions earlier than AIS-BW80H-00 9.0.3.4(H100SP13C00). The devices cannot effectively defend against external malicious interference. Attackers need the device to be visually exploitable and successful triggering of this vulnerability could execute voice commands on the device."
}
]
}

50
2021/40xxx/CVE-2021-40046.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-40046",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@huawei.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "PCManager",
"version": {
"version_data": [
{
"version_value": "11.1.1.95"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220216-01-priesc-en",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220216-01-priesc-en"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "PCManager versions 11.1.1.95 has a privilege escalation vulnerability. Successful exploit could allow the attacker to access certain resource beyond its privilege."
}
]
}

56
2021/42xxx/CVE-2021-42244.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-42244",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-42244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cross-site scripting (XSS) vulnerability in PaquitoSoftware Notimoo v1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted title or message in a notification."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/PaquitoSoft/Notimoo/issues/3",
"refsource": "MISC",
"name": "https://github.com/PaquitoSoft/Notimoo/issues/3"
}
]
}

5
2021/43xxx/CVE-2021-43399.json
View File

@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "https://www.yubico.com/support/security-advisories/ysa-2021-04/",
"url": "https://www.yubico.com/support/security-advisories/ysa-2021-04/"
},
{
"refsource": "MISC",
"name": "https://blog.inhq.net/posts/yubico-yubihsm-shell-vuln3/",
"url": "https://blog.inhq.net/posts/yubico-yubihsm-shell-vuln3/"
}
]
}

5
2021/46xxx/CVE-2021-46366.json
View File

@ -56,6 +56,11 @@
"url": "https://docs.magnolia-cms.com/product-docs/6.2/Releases/Release-notes-for-Magnolia-CMS-6.2.4.html#_security_advisory",
"refsource": "MISC",
"name": "https://docs.magnolia-cms.com/product-docs/6.2/Releases/Release-notes-for-Magnolia-CMS-6.2.4.html#_security_advisory"
},
{
"refsource": "MISC",
"name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2021-46366-CSRF%2BOpen%20Redirect-Magnolia%20CMS",
"url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2021-46366-CSRF%2BOpen%20Redirect-Magnolia%20CMS"
}
]
}

149
2022/0xxx/CVE-2022-0393.json
View File

@ -1,94 +1,99 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0393",
"STATE": "PUBLIC",
"TITLE": "Out-of-bounds Read in vim/vim"
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0393",
"STATE": "PUBLIC",
"TITLE": "Out-of-bounds Read in vim/vim"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
"vendor": {
"vendor_data": [
{
"product_name": "vim/vim",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "8.2"
}
]
}
"product": {
"product_data": [
{
"product_name": "vim/vim",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "8.2"
}
]
}
}
]
},
"vendor_name": "vim"
}
]
},
"vendor_name": "vim"
}
]
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2."
}
]
"description_data": [
{
"lang": "eng",
"value": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
"problemtype_data": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
}
]
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/ecc8f488-01a0-477f-848f-e30b8e524bba",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/ecc8f488-01a0-477f-848f-e30b8e524bba"
},
{
"name": "https://github.com/vim/vim/commit/a4bc2dd7cccf5a4a9f78b58b6f35a45d17164323",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/a4bc2dd7cccf5a4a9f78b58b6f35a45d17164323"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-da2fb07efb",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/"
}
]
"reference_data": [
{
"name": "https://huntr.dev/bounties/ecc8f488-01a0-477f-848f-e30b8e524bba",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/ecc8f488-01a0-477f-848f-e30b8e524bba"
},
{
"name": "https://github.com/vim/vim/commit/a4bc2dd7cccf5a4a9f78b58b6f35a45d17164323",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/a4bc2dd7cccf5a4a9f78b58b6f35a45d17164323"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-da2fb07efb",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-48bf3cb1c4",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/"
}
]
},
"source": {
"advisory": "ecc8f488-01a0-477f-848f-e30b8e524bba",
"discovery": "EXTERNAL"
"advisory": "ecc8f488-01a0-477f-848f-e30b8e524bba",
"discovery": "EXTERNAL"
}
}
}

147
2022/0xxx/CVE-2022-0408.json
View File

@ -1,94 +1,99 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0408",
"STATE": "PUBLIC",
"TITLE": "Stack-based Buffer Overflow in vim/vim"
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0408",
"STATE": "PUBLIC",
"TITLE": "Stack-based Buffer Overflow in vim/vim"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
"vendor": {
"vendor_data": [
{
"product_name": "vim/vim",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "8.2"
}
]
}
"product": {
"product_data": [
{
"product_name": "vim/vim",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "8.2"
}
]
}
}
]
},
"vendor_name": "vim"
}
]
},
"vendor_name": "vim"
}
]
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2."
}
]
"description_data": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
"problemtype_data": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
}
]
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/5e635bad-5cf6-46cd-aeac-34ef224e179d",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/5e635bad-5cf6-46cd-aeac-34ef224e179d"
},
{
"name": "https://github.com/vim/vim/commit/06f15416bb8d5636200a10776f1752c4d6e49f31",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/06f15416bb8d5636200a10776f1752c4d6e49f31"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-da2fb07efb",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/"
}
]
"reference_data": [
{
"name": "https://huntr.dev/bounties/5e635bad-5cf6-46cd-aeac-34ef224e179d",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/5e635bad-5cf6-46cd-aeac-34ef224e179d"
},
{
"name": "https://github.com/vim/vim/commit/06f15416bb8d5636200a10776f1752c4d6e49f31",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/06f15416bb8d5636200a10776f1752c4d6e49f31"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-da2fb07efb",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-48bf3cb1c4",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/"
}
]
},
"source": {
"advisory": "5e635bad-5cf6-46cd-aeac-34ef224e179d",
"discovery": "EXTERNAL"
"advisory": "5e635bad-5cf6-46cd-aeac-34ef224e179d",
"discovery": "EXTERNAL"
}
}

147
2022/0xxx/CVE-2022-0413.json
View File

@ -1,94 +1,99 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0413",
"STATE": "PUBLIC",
"TITLE": "Use After Free in vim/vim"
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0413",
"STATE": "PUBLIC",
"TITLE": "Use After Free in vim/vim"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
"vendor": {
"vendor_data": [
{
"product_name": "vim/vim",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "8.2"
}
]
}
"product": {
"product_data": [
{
"product_name": "vim/vim",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "8.2"
}
]
}
}
]
},
"vendor_name": "vim"
}
]
},
"vendor_name": "vim"
}
]
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use After Free in GitHub repository vim/vim prior to 8.2."
}
]
"description_data": [
{
"lang": "eng",
"value": "Use After Free in GitHub repository vim/vim prior to 8.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
"problemtype_data": [
{
"lang": "eng",
"value": "CWE-416 Use After Free"
"description": [
{
"lang": "eng",
"value": "CWE-416 Use After Free"
}
]
}
]
}
]
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/563d1e8f-5c3d-4669-941c-3216f4a87c38",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/563d1e8f-5c3d-4669-941c-3216f4a87c38"
},
{
"name": "https://github.com/vim/vim/commit/37f47958b8a2a44abc60614271d9537e7f14e51a",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/37f47958b8a2a44abc60614271d9537e7f14e51a"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-da2fb07efb",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/"
}
]
"reference_data": [
{
"name": "https://huntr.dev/bounties/563d1e8f-5c3d-4669-941c-3216f4a87c38",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/563d1e8f-5c3d-4669-941c-3216f4a87c38"
},
{
"name": "https://github.com/vim/vim/commit/37f47958b8a2a44abc60614271d9537e7f14e51a",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/37f47958b8a2a44abc60614271d9537e7f14e51a"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-da2fb07efb",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-48bf3cb1c4",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/"
}
]
},
"source": {
"advisory": "563d1e8f-5c3d-4669-941c-3216f4a87c38",
"discovery": "EXTERNAL"
"advisory": "563d1e8f-5c3d-4669-941c-3216f4a87c38",
"discovery": "EXTERNAL"
}
}

5
2022/0xxx/CVE-2022-0417.json
View File

@ -84,6 +84,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2022-da2fb07efb",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-48bf3cb1c4",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/"
}
]
},

5
2022/0xxx/CVE-2022-0443.json
View File

@ -84,6 +84,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2022-da2fb07efb",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-48bf3cb1c4",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/"
}
]
},

171
2022/0xxx/CVE-2022-0554.json
View File

@ -1,89 +1,94 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0554",
"STATE": "PUBLIC",
"TITLE": "Use of Out-of-range Pointer Offset in vim/vim"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vim/vim",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "8.2"
}
]
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0554",
"STATE": "PUBLIC",
"TITLE": "Use of Out-of-range Pointer Offset in vim/vim"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vim/vim",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "8.2"
}
]
}
}
]
},
"vendor_name": "vim"
}
}
]
},
"vendor_name": "vim"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-823 Use of Out-of-range Pointer Offset"
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/7e8f6cd0-b5ee-48a2-8255-6a86f4c46c71",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/7e8f6cd0-b5ee-48a2-8255-6a86f4c46c71"
},
{
"name": "https://github.com/vim/vim/commit/e3537aec2f8d6470010547af28dcbd83d41461b8",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/e3537aec2f8d6470010547af28dcbd83d41461b8"
}
]
},
"source": {
"advisory": "7e8f6cd0-b5ee-48a2-8255-6a86f4c46c71",
"discovery": "EXTERNAL"
}
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-823 Use of Out-of-range Pointer Offset"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/7e8f6cd0-b5ee-48a2-8255-6a86f4c46c71",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/7e8f6cd0-b5ee-48a2-8255-6a86f4c46c71"
},
{
"name": "https://github.com/vim/vim/commit/e3537aec2f8d6470010547af28dcbd83d41461b8",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/e3537aec2f8d6470010547af28dcbd83d41461b8"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-48bf3cb1c4",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/"
}
]
},
"source": {
"advisory": "7e8f6cd0-b5ee-48a2-8255-6a86f4c46c71",
"discovery": "EXTERNAL"
}
}

5
2022/0xxx/CVE-2022-0572.json
View File

@ -84,6 +84,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2022-9cef12c14c",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GOY5YWTP5QUY2EFLCL7AUWA2CV57C37/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-48bf3cb1c4",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/"
}
]
},

5
2022/0xxx/CVE-2022-0613.json
View File

@ -79,6 +79,11 @@
"name": "https://github.com/medialize/uri.js/commit/6ea641cc8648b025ed5f30b090c2abd4d1a5249f",
"refsource": "MISC",
"url": "https://github.com/medialize/uri.js/commit/6ea641cc8648b025ed5f30b090c2abd4d1a5249f"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-7cca5b6d38",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MXSSATHALUSXXD2KT6UFZAX7EG4GR332/"
}
]
},

105
2022/0xxx/CVE-2022-0615.json
View File

@ -1,18 +1,111 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@eset.com",
"DATE_PUBLIC": "2022-02-24T14:00:00.000Z",
"ID": "CVE-2022-0615",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Use-after-free vulnerability in ESET products for Linux"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Endpoint Antivirus for Linux ",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.1.6.0",
"version_value": "7.1.9.0"
},
{
"version_affected": "<=",
"version_name": "8.0.3.0",
"version_value": "8.1.5.0"
}
]
}
},
{
"product_name": "ESET Server Security for Linux",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.2.463.0",
"version_value": "7.2.574.0"
},
{
"version_affected": "<=",
"version_name": "8.0.375.0",
"version_value": "8.1.813.0"
}
]
}
}
]
},
"vendor_name": "ESET, spol. s r.o."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Use-after-free in eset_rtp kernel module used in ESET products for Linux allows potential attacker to trigger denial-of-service condition on the system."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416 Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.eset.com/en/ca8230",
"name": "https://support.eset.com/en/ca8230"
}
]
},
"source": {
"advisory": "ca8230",
"discovery": "INTERNAL"
}
}

5
2022/0xxx/CVE-2022-0629.json
View File

@ -84,6 +84,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2022-8622ebdebb",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UURGABNDL77YR5FRQKTFBYNBDQX2KO7Q/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-48bf3cb1c4",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/"
}
]
},

4
2022/0xxx/CVE-2022-0655.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2022-0655",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}

173
2022/0xxx/CVE-2022-0685.json
View File

@ -1,89 +1,94 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0685",
"STATE": "PUBLIC",
"TITLE": "Use of Out-of-range Pointer Offset in vim/vim"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vim/vim",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "8.2.4418"
}
]
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0685",
"STATE": "PUBLIC",
"TITLE": "Use of Out-of-range Pointer Offset in vim/vim"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vim/vim",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "8.2.4418"
}
]
}
}
]
},
"vendor_name": "vim"
}
}
]
},
"vendor_name": "vim"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-823 Use of Out-of-range Pointer Offset"
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/27230da3-9b1a-4d5d-8cdf-4b1e62fcd782",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/27230da3-9b1a-4d5d-8cdf-4b1e62fcd782"
},
{
"name": "https://github.com/vim/vim/commit/5921aeb5741fc6e84c870d68c7c35b93ad0c9f87",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/5921aeb5741fc6e84c870d68c7c35b93ad0c9f87"
}
]
},
"source": {
"advisory": "27230da3-9b1a-4d5d-8cdf-4b1e62fcd782",
"discovery": "EXTERNAL"
}
}
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-823 Use of Out-of-range Pointer Offset"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/27230da3-9b1a-4d5d-8cdf-4b1e62fcd782",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/27230da3-9b1a-4d5d-8cdf-4b1e62fcd782"
},
{
"name": "https://github.com/vim/vim/commit/5921aeb5741fc6e84c870d68c7c35b93ad0c9f87",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/5921aeb5741fc6e84c870d68c7c35b93ad0c9f87"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-48bf3cb1c4",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/"
}
]
},
"source": {
"advisory": "27230da3-9b1a-4d5d-8cdf-4b1e62fcd782",
"discovery": "EXTERNAL"
}
}

173
2022/0xxx/CVE-2022-0696.json
View File

@ -1,89 +1,94 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0696",
"STATE": "PUBLIC",
"TITLE": "NULL Pointer Dereference in vim/vim"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vim/vim",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "8.2.4428"
}
]
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0696",
"STATE": "PUBLIC",
"TITLE": "NULL Pointer Dereference in vim/vim"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vim/vim",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "8.2.4428"
}
]
}
}
]
},
"vendor_name": "vim"
}
}
]
},
"vendor_name": "vim"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference"
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/7416c2cb-1809-4834-8989-e84ff033f15f",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/7416c2cb-1809-4834-8989-e84ff033f15f"
},
{
"name": "https://github.com/vim/vim/commit/0f6e28f686dbb59ab3b562408ab9b2234797b9b1",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/0f6e28f686dbb59ab3b562408ab9b2234797b9b1"
}
]
},
"source": {
"advisory": "7416c2cb-1809-4834-8989-e84ff033f15f",
"discovery": "EXTERNAL"
}
}
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/7416c2cb-1809-4834-8989-e84ff033f15f",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/7416c2cb-1809-4834-8989-e84ff033f15f"
},
{
"name": "https://github.com/vim/vim/commit/0f6e28f686dbb59ab3b562408ab9b2234797b9b1",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/0f6e28f686dbb59ab3b562408ab9b2234797b9b1"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-48bf3cb1c4",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/"
}
]
},
"source": {
"advisory": "7416c2cb-1809-4834-8989-e84ff033f15f",
"discovery": "EXTERNAL"
}
}

14
2022/0xxx/CVE-2022-0714.json
View File

@ -17,7 +17,7 @@
"version_data": [
{
"version_affected": "<",
"version_value": "8.2"
"version_value": "8.2.4436"
}
]
}
@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2."
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436."
}
]
},
@ -79,6 +79,16 @@
"name": "https://github.com/vim/vim/commit/4e889f98e95ac05d7c8bd3ee933ab4d47820fdfa",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/4e889f98e95ac05d7c8bd3ee933ab4d47820fdfa"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-48bf3cb1c4",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-63ca9a1129",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HBUYQBZ6GWAWJRWP7AODJ4KHW5BCKDVP/"
}
]
},

10
2022/0xxx/CVE-2022-0729.json
View File

@ -79,6 +79,16 @@
"name": "https://github.com/vim/vim/commit/6456fae9ba8e72c74b2c0c499eaf09974604ff30",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/6456fae9ba8e72c74b2c0c499eaf09974604ff30"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-48bf3cb1c4",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-63ca9a1129",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HBUYQBZ6GWAWJRWP7AODJ4KHW5BCKDVP/"
}
]
},

94
2022/21xxx/CVE-2022-21209.json
View File

@ -1,18 +1,100 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-02-22T23:08:00.000Z",
"ID": "CVE-2022-21209",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "ICSA-22-055-01 FATEK Automation FvDesigner"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FvDesigner",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "all",
"version_value": "1.5.100"
}
]
}
}
]
},
"vendor_name": "FATEK Automation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Khangkito of VinCSS and xina1i, working with Trend Micro\u2019s Zero Day initiative, reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The affected product is vulnerable to an out-of-bounds read while processing project files, which allows an attacker to craft a project file that would allow arbitrary code execution."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-055-01",
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-055-01"
}
]
},
"solution": [
{
"lang": "eng",
"value": "FATEK has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of these affected products are invited to contact FATEK customer support for additional information."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

5
2022/21xxx/CVE-2022-21248.json
View File

@ -114,6 +114,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2022-416be040a8",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4J2N4FNXW6JKJBWUZH6SNI2UHCZXQXCY/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-477401b0f7",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/"
}
]
}

5
2022/21xxx/CVE-2022-21283.json
View File

@ -96,6 +96,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-477401b0f7",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/"
}
]
}

5
2022/21xxx/CVE-2022-21291.json
View File

@ -99,6 +99,11 @@
"refsource": "DEBIAN",
"name": "DSA-5058",
"url": "https://www.debian.org/security/2022/dsa-5058"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-477401b0f7",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/"
}
]
}

5
2022/21xxx/CVE-2022-21293.json
View File

@ -104,6 +104,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-477401b0f7",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/"
}
]
}

94
2022/21xxx/CVE-2022-21798.json
View File

@ -1,18 +1,100 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-02-22T23:08:00.000Z",
"ID": "CVE-2022-21798",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "ICSA-22-053-02 GE Proficy CIMPLICITY-Cleartext"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Proficy CIMPLICITY",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "all",
"version_value": "all"
}
]
}
}
]
},
"vendor_name": "General Electric"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Yuval Ardon and Roman Dvorkin of OTORIO reported this vulnerability to CISA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The affected product is vulnerable due to cleartext transmission of credentials seen in the CIMPLICITY network, which can be easily spoofed and used to log in to make operational changes to the system."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319 Cleartext Transmission of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-053-02",
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-053-02"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Users are advised to refer to the Secure Deployment Guide on how to configure communication encryption.\n\nUsers are encouraged to review the CIMPLICITY Windows Hardening Guide and Recommendations for further IPSEC configuration guidance found in the section titled \u201cAppendix A IPSEC Configuration.\u201d\n\nUsers are encouraged to contact a GE representative to obtain the latest versions of CIMPLICITY."
}
],
"source": {
"discovery": "UNKNOWN"
}
}

5
2022/23xxx/CVE-2022-23222.json
View File

@ -76,6 +76,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220217-0002/",
"url": "https://security.netapp.com/advisory/ntap-20220217-0002/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-952bb7b856",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FCR3LIRUEXR7CA63W5M2HT3K63MZGKBR/"
}
]
}

94
2022/23xxx/CVE-2022-23921.json
View File

@ -1,18 +1,100 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-02-22T23:08:00.000Z",
"ID": "CVE-2022-23921",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "ICSA-22-053-01 GE Proficy CIMPLICITY-IPM"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Proficy CIMPLICITY",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "all",
"version_value": "11.1"
}
]
}
}
]
},
"vendor_name": "General Electric"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Yuval Ardon and Roman Dvorkin of OTORIO reported this vulnerability to CISA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Exploitation of this vulnerability may result in local privilege escalation and code execution. GE maintains exploitation of this vulnerability is only possible if the attacker has login access to a machine actively running CIMPLICITY, the CIMPLICITY server is not already running a project, and the server is licensed for multiple projects."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-053-01",
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-053-01"
}
]
},
"solution": [
{
"lang": "eng",
"value": "GE Digital recommends users upgrade all instances of the affected software to GE Digital\u2019s Proficy CIMPLICITY, released January 2022 (Upgrade) and follow the instructions in the Secure Deployment Guide to restrict which CIMPLICITY projects are allowed to run. \n\nThe upgrade contains what GE believes are mitigation measures to help ensure the vulnerability cannot be exploited.\n\nUsers are encouraged to contact a GE Digital representative for the latest versions of the update.\n\nFor users who choose to not implement the upgrade, GE Digital recommends applying the instructions in CIMPLICITY\u2019s Secure Deployment Guide to ensure access to the CIMPLICITY machines and directories are properly controlled via access control limits."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

94
2022/23xxx/CVE-2022-23985.json
View File

@ -1,18 +1,100 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-02-22T23:08:00.000Z",
"ID": "CVE-2022-23985",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "ICSA-22-055-01 FATEK Automation FvDesigner"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FvDesigner",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "all",
"version_value": "1.5.100"
}
]
}
}
]
},
"vendor_name": "FATEK Automation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Khangkito of VinCSS and xina1i, working with Trend Micro\u2019s Zero Day initiative, reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The affected product is vulnerable to an out-of-bounds write while processing project files, which allows an attacker to craft a project file that would allow arbitrary code execution."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-055-01",
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-055-01"
}
]
},
"solution": [
{
"lang": "eng",
"value": "FATEK has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of these affected products are invited to contact FATEK customer support for additional information."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

4
2022/25xxx/CVE-2022-25019.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2022-25019",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-38602. Reason: This candidate is a reservation duplicate of CVE-2021-38602. Notes: All CVE users should reference CVE-2021-38602 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}

94
2022/25xxx/CVE-2022-25170.json
View File

@ -1,18 +1,100 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-02-22T23:08:00.000Z",
"ID": "CVE-2022-25170",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "ICSA-22-055-01 FATEK Automation FvDesigner"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FvDesigner",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "all",
"version_value": "1.5.100"
}
]
}
}
]
},
"vendor_name": "FATEK Automation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Khangkito of VinCSS and xina1i, working with Trend Micro\u2019s Zero Day initiative, reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The affected product is vulnerable to a stack-based buffer overflow while processing project files, which may allow an attacker to execute arbitrary code"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-055-01",
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-055-01"
}
]
},
"solution": [
{
"lang": "eng",
"value": "FATEK has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of these affected products are invited to contact FATEK customer support for additional information."
}
],
"source": {
"discovery": "EXTERNAL"
}
}