diff --git a/2018/13xxx/CVE-2018-13405.json b/2018/13xxx/CVE-2018-13405.json index 09a2d9df321..068b9dd85a5 100644 --- a/2018/13xxx/CVE-2018-13405.json +++ b/2018/13xxx/CVE-2018-13405.json @@ -186,6 +186,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-3a60c34473", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTKKIAUMR5FAYLZ7HLEPOXMKAAE3BYBQ/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-5d0676b098", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HRBNBX73SAFKQWBOX76SLMWPTKJPVGEJ/" } ] } diff --git a/2021/0xxx/CVE-2021-0561.json b/2021/0xxx/CVE-2021-0561.json index 690de4b2b4e..ebbf00b6e65 100644 --- a/2021/0xxx/CVE-2021-0561.json +++ b/2021/0xxx/CVE-2021-0561.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://source.android.com/security/bulletin/pixel/2021-06-01", "url": "https://source.android.com/security/bulletin/pixel/2021-06-01" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-db30f1bd42", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWXBVMPPSL377I7YM55ZYXVKVMYOKES2/" } ] }, diff --git a/2021/22xxx/CVE-2021-22319.json b/2021/22xxx/CVE-2021-22319.json index 6918f5ad80d..c21e92e2a68 100644 --- a/2021/22xxx/CVE-2021-22319.json +++ b/2021/22xxx/CVE-2021-22319.json @@ -1,17 +1,109 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-22319", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.0.1" + }, + { + "version_affected": "=", + "version_value": "11.0.0" + }, + { + "version_affected": "=", + "version_value": "10.1.1" + }, + { + "version_affected": "=", + "version_value": "10.1.0" + } + ] + } + }, + { + "product_name": "Magic UI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.0" + }, + { + "version_affected": "=", + "version_value": "3.1.1" + }, + { + "version_affected": "=", + "version_value": "3.1.0" + } + ] + } + }, + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is an improper verification vulnerability in smartphones. Successful exploitation of this vulnerability may cause integer overflows." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper verification vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2021/10/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2021/10/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202109-0000001150310956", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202109-0000001150310956" } ] } diff --git a/2021/22xxx/CVE-2021-22394.json b/2021/22xxx/CVE-2021-22394.json index 3816bcd8f99..57ecfb2403a 100644 --- a/2021/22xxx/CVE-2021-22394.json +++ b/2021/22xxx/CVE-2021-22394.json @@ -1,17 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-22394", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.0.0" + }, + { + "version_affected": "=", + "version_value": "10.1.1" + }, + { + "version_affected": "=", + "version_value": "10.1.0" + } + ] + } + }, + { + "product_name": "Magic UI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.0" + }, + { + "version_affected": "=", + "version_value": "3.1.1" + }, + { + "version_affected": "=", + "version_value": "3.1.0" + } + ] + } + }, + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a buffer overflow vulnerability in smartphones. Successful exploitation of this vulnerability may cause DoS of the apps during Multi-Screen Collaboration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer overflow vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2021/7/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2021/7/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202108-0000001181125881", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202108-0000001181125881" } ] } diff --git a/2021/22xxx/CVE-2021-22395.json b/2021/22xxx/CVE-2021-22395.json index afd965137ba..a40107816ee 100644 --- a/2021/22xxx/CVE-2021-22395.json +++ b/2021/22xxx/CVE-2021-22395.json @@ -1,17 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-22395", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.0.0" + }, + { + "version_affected": "=", + "version_value": "10.1.1" + }, + { + "version_affected": "=", + "version_value": "10.1.0" + } + ] + } + }, + { + "product_name": "Magic UI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.0" + }, + { + "version_affected": "=", + "version_value": "3.1.1" + }, + { + "version_affected": "=", + "version_value": "3.1.0" + } + ] + } + }, + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a code injection vulnerability in smartphones. Successful exploitation of this vulnerability may affect service confidentiality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Code injection vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2021/7/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2021/7/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202108-0000001181125881", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202108-0000001181125881" } ] } diff --git a/2021/22xxx/CVE-2021-22426.json b/2021/22xxx/CVE-2021-22426.json index 76d886f2051..6b2ac7296d0 100644 --- a/2021/22xxx/CVE-2021-22426.json +++ b/2021/22xxx/CVE-2021-22426.json @@ -1,17 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-22426", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.0.0" + }, + { + "version_affected": "=", + "version_value": "10.1.1" + }, + { + "version_affected": "=", + "version_value": "10.1.0" + } + ] + } + }, + { + "product_name": "Magic UI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.0" + }, + { + "version_affected": "=", + "version_value": "3.1.1" + }, + { + "version_affected": "=", + "version_value": "3.1.0" + } + ] + } + }, + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory address out of bounds" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2021/6/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2021/6/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202107-0000001170634565", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202107-0000001170634565" } ] } diff --git a/2021/22xxx/CVE-2021-22429.json b/2021/22xxx/CVE-2021-22429.json index ff25ab93db9..b9c8bd1da1d 100644 --- a/2021/22xxx/CVE-2021-22429.json +++ b/2021/22xxx/CVE-2021-22429.json @@ -1,17 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-22429", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.0.0" + }, + { + "version_affected": "=", + "version_value": "10.1.1" + }, + { + "version_affected": "=", + "version_value": "10.1.0" + } + ] + } + }, + { + "product_name": "Magic UI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.0" + }, + { + "version_affected": "=", + "version_value": "3.1.1" + }, + { + "version_affected": "=", + "version_value": "3.1.0" + } + ] + } + }, + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory address out of bounds" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2021/6/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2021/6/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202107-0000001170634565", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202107-0000001170634565" } ] } diff --git a/2021/22xxx/CVE-2021-22430.json b/2021/22xxx/CVE-2021-22430.json index fff6e9880a8..aac96a622ec 100644 --- a/2021/22xxx/CVE-2021-22430.json +++ b/2021/22xxx/CVE-2021-22430.json @@ -1,17 +1,125 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-22430", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.0.0" + }, + { + "version_affected": "=", + "version_value": "10.1.1" + }, + { + "version_affected": "=", + "version_value": "10.1.0" + }, + { + "version_affected": "=", + "version_value": "10.0.0" + }, + { + "version_affected": "=", + "version_value": "9.1.1" + }, + { + "version_affected": "=", + "version_value": "9.1.0" + } + ] + } + }, + { + "product_name": "Magic UI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.0" + }, + { + "version_affected": "=", + "version_value": "3.1.1" + }, + { + "version_affected": "=", + "version_value": "3.1.0" + }, + { + "version_affected": "=", + "version_value": "3.0.0" + }, + { + "version_affected": "=", + "version_value": "2.1.1" + } + ] + } + }, + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a logic bypass vulnerability in smartphones. Successful exploitation of this vulnerability may cause code injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Logic bypass vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2021/6/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2021/6/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202107-0000001170634565", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202107-0000001170634565" } ] } diff --git a/2021/22xxx/CVE-2021-22431.json b/2021/22xxx/CVE-2021-22431.json index 66086ec647f..042d13462b7 100644 --- a/2021/22xxx/CVE-2021-22431.json +++ b/2021/22xxx/CVE-2021-22431.json @@ -1,17 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-22431", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.0.0" + }, + { + "version_affected": "=", + "version_value": "10.1.1" + }, + { + "version_affected": "=", + "version_value": "10.1.0" + } + ] + } + }, + { + "product_name": "Magic UI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.0" + }, + { + "version_affected": "=", + "version_value": "3.1.1" + }, + { + "version_affected": "=", + "version_value": "3.1.0" + } + ] + } + }, + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a vulnerability when configuring permission isolation in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Configuring permission isolation vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2021/6/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2021/6/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202107-0000001170634565", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202107-0000001170634565" } ] } diff --git a/2021/22xxx/CVE-2021-22432.json b/2021/22xxx/CVE-2021-22432.json index e54c04550d1..2ecb4226da1 100644 --- a/2021/22xxx/CVE-2021-22432.json +++ b/2021/22xxx/CVE-2021-22432.json @@ -1,17 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-22432", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.0.0" + }, + { + "version_affected": "=", + "version_value": "10.1.1" + }, + { + "version_affected": "=", + "version_value": "10.1.0" + } + ] + } + }, + { + "product_name": "Magic UI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.0" + }, + { + "version_affected": "=", + "version_value": "3.1.1" + }, + { + "version_affected": "=", + "version_value": "3.1.0" + } + ] + } + }, + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a vulnerability when configuring permission isolation in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Configuring permission isolation vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2021/6/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2021/6/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202107-0000001170634565", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202107-0000001170634565" } ] } diff --git a/2021/22xxx/CVE-2021-22433.json b/2021/22xxx/CVE-2021-22433.json index 3912b02c657..ef7077452c8 100644 --- a/2021/22xxx/CVE-2021-22433.json +++ b/2021/22xxx/CVE-2021-22433.json @@ -1,17 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-22433", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.0.0" + }, + { + "version_affected": "=", + "version_value": "10.1.1" + }, + { + "version_affected": "=", + "version_value": "10.1.0" + } + ] + } + }, + { + "product_name": "Magic UI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.0" + }, + { + "version_affected": "=", + "version_value": "3.1.1" + }, + { + "version_affected": "=", + "version_value": "3.1.0" + } + ] + } + }, + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory address out of bounds" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2021/6/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2021/6/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202107-0000001170634565", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202107-0000001170634565" } ] } diff --git a/2021/22xxx/CVE-2021-22434.json b/2021/22xxx/CVE-2021-22434.json index e7d00a970e5..f491f5976b3 100644 --- a/2021/22xxx/CVE-2021-22434.json +++ b/2021/22xxx/CVE-2021-22434.json @@ -1,17 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-22434", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.0.0" + }, + { + "version_affected": "=", + "version_value": "10.1.1" + }, + { + "version_affected": "=", + "version_value": "10.1.0" + } + ] + } + }, + { + "product_name": "Magic UI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.0" + }, + { + "version_affected": "=", + "version_value": "3.1.1" + }, + { + "version_affected": "=", + "version_value": "3.1.0" + } + ] + } + }, + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a memory address out of bounds vulnerability in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory address out of bounds" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2021/6/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2021/6/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202107-0000001170634565", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202107-0000001170634565" } ] } diff --git a/2021/22xxx/CVE-2021-22437.json b/2021/22xxx/CVE-2021-22437.json index 0d43f24ab22..55847982feb 100644 --- a/2021/22xxx/CVE-2021-22437.json +++ b/2021/22xxx/CVE-2021-22437.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-22437", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "10.1.1" + }, + { + "version_affected": "=", + "version_value": "10.1.0" + } + ] + } + }, + { + "product_name": "Magic UI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.1.1" + }, + { + "version_affected": "=", + "version_value": "3.1.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a software integer overflow leading to a TOCTOU condition in smartphones. Successful exploitation of this vulnerability may cause random address access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "TOCTOU condition vulnerability caused by software integer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2021/9/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2021/9/" } ] } diff --git a/2021/22xxx/CVE-2021-22441.json b/2021/22xxx/CVE-2021-22441.json index f8bcab38153..99e0d04d41e 100644 --- a/2021/22xxx/CVE-2021-22441.json +++ b/2021/22xxx/CVE-2021-22441.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-22441", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Some Huawei products have an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to kernel crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer overflow vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202108-0000001180965965", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202108-0000001180965965" } ] } diff --git a/2021/22xxx/CVE-2021-22448.json b/2021/22xxx/CVE-2021-22448.json index 4b5a50bc17b..716616a17e6 100644 --- a/2021/22xxx/CVE-2021-22448.json +++ b/2021/22xxx/CVE-2021-22448.json @@ -1,17 +1,109 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-22448", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.0.0" + }, + { + "version_affected": "=", + "version_value": "10.1.1" + }, + { + "version_affected": "=", + "version_value": "10.1.0" + }, + { + "version_affected": "=", + "version_value": "10.0.0" + }, + { + "version_affected": "=", + "version_value": "9.1.1" + }, + { + "version_affected": "=", + "version_value": "9.1.0" + } + ] + } + }, + { + "product_name": "Magic UI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.0" + }, + { + "version_affected": "=", + "version_value": "3.1.1" + }, + { + "version_affected": "=", + "version_value": "3.1.0" + }, + { + "version_affected": "=", + "version_value": "3.0.0" + }, + { + "version_affected": "=", + "version_value": "2.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is an improper verification vulnerability in smartphones. Successful exploitation of this vulnerability may cause unauthorized read and write of some files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper verification vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2021/6/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2021/6/" } ] } diff --git a/2021/22xxx/CVE-2021-22478.json b/2021/22xxx/CVE-2021-22478.json index 33f91590460..de32106cca4 100644 --- a/2021/22xxx/CVE-2021-22478.json +++ b/2021/22xxx/CVE-2021-22478.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-22478", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The interface of a certain HarmonyOS module has a UAF vulnerability. Successful exploitation of this vulnerability may lead to information leakage." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Resource Management Errors" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727" } ] } diff --git a/2021/22xxx/CVE-2021-22479.json b/2021/22xxx/CVE-2021-22479.json index 5c1e04b30c6..b90c9d966f0 100644 --- a/2021/22xxx/CVE-2021-22479.json +++ b/2021/22xxx/CVE-2021-22479.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-22479", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The interface of a certain HarmonyOS module has an invalid address access vulnerability. Successful exploitation of this vulnerability may lead to kernel crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Invalid address access vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727" } ] } diff --git a/2021/22xxx/CVE-2021-22480.json b/2021/22xxx/CVE-2021-22480.json index 6479bc1bccf..e7ce7e0973b 100644 --- a/2021/22xxx/CVE-2021-22480.json +++ b/2021/22xxx/CVE-2021-22480.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-22480", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The interface of a certain HarmonyOS module has an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to heap memory overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer overflow vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727" } ] } diff --git a/2021/22xxx/CVE-2021-22489.json b/2021/22xxx/CVE-2021-22489.json index 77dd7c96130..1be0361aea7 100644 --- a/2021/22xxx/CVE-2021-22489.json +++ b/2021/22xxx/CVE-2021-22489.json @@ -1,17 +1,109 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-22489", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "10.1.0" + }, + { + "version_affected": "=", + "version_value": "10.0.0" + }, + { + "version_affected": "=", + "version_value": "9.1.1" + }, + { + "version_affected": "=", + "version_value": "9.1.0" + } + ] + } + }, + { + "product_name": "Magic UI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.1.0" + }, + { + "version_affected": "=", + "version_value": "3.0.0" + }, + { + "version_affected": "=", + "version_value": "2.1.1" + } + ] + } + }, + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a DoS vulnerability in smartphones. Successful exploitation of this vulnerability may affect service availability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2021/10/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2021/10/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202108-0000001181125881", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202108-0000001181125881" } ] } diff --git a/2021/26xxx/CVE-2021-26617.json b/2021/26xxx/CVE-2021-26617.json index c877db5f09e..57ee7288f06 100644 --- a/2021/26xxx/CVE-2021-26617.json +++ b/2021/26xxx/CVE-2021-26617.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "vuln@krcert.or.kr", "ID": "CVE-2021-26617", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Gabia Firstmall remote code execution vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firstmall", + "version": { + "version_data": [ + { + "platform": "Windows", + "version_affected": "=", + "version_name": "multilingual latest version", + "version_value": "multilingual latest version" + } + ] + } + } + ] + }, + "vendor_name": "Gabia Co., Ltd" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This issues due to insufficient verification of the various input values from user\u2019s input. The vulnerability allows remote attackers to execute malicious code in Firstmall via navercheckout_add function." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36469", + "name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36469" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/37xxx/CVE-2021-37027.json b/2021/37xxx/CVE-2021-37027.json index 6baf118d1ea..c642da00039 100644 --- a/2021/37xxx/CVE-2021-37027.json +++ b/2021/37xxx/CVE-2021-37027.json @@ -1,17 +1,114 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-37027", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.0.0" + }, + { + "version_affected": "=", + "version_value": "10.1.1" + }, + { + "version_affected": "=", + "version_value": "10.1.0" + }, + { + "version_affected": "=", + "version_value": "10.0.0" + }, + { + "version_affected": "=", + "version_value": "9.1.1" + }, + { + "version_affected": "=", + "version_value": "9.1.0" + } + ] + } + }, + { + "product_name": "Magic UI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.0" + }, + { + "version_affected": "=", + "version_value": "3.1.1" + }, + { + "version_affected": "=", + "version_value": "3.1.0" + }, + { + "version_affected": "=", + "version_value": "3.0.0" + }, + { + "version_affected": "=", + "version_value": "2.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a DoS vulnerability in smartphones. Successful exploitation of this vulnerability may affect service integrity." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2021/7/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2021/7/" + }, + { + "url": "https://consumer.huawei.com/en/support/bulletin/2021/9/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2021/9/" } ] } diff --git a/2021/37xxx/CVE-2021-37103.json b/2021/37xxx/CVE-2021-37103.json index bf781b31a98..10d5638c3d7 100644 --- a/2021/37xxx/CVE-2021-37103.json +++ b/2021/37xxx/CVE-2021-37103.json @@ -1,17 +1,109 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-37103", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.0.0" + }, + { + "version_affected": "=", + "version_value": "10.1.1" + }, + { + "version_affected": "=", + "version_value": "10.1.0" + }, + { + "version_affected": "=", + "version_value": "10.0.0" + }, + { + "version_affected": "=", + "version_value": "9.1.1" + }, + { + "version_affected": "=", + "version_value": "9.1.0" + } + ] + } + }, + { + "product_name": "Magic UI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.0" + }, + { + "version_affected": "=", + "version_value": "3.1.1" + }, + { + "version_affected": "=", + "version_value": "3.1.0" + }, + { + "version_affected": "=", + "version_value": "3.0.0" + }, + { + "version_affected": "=", + "version_value": "2.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is an improper permission management vulnerability in the Wallet apps. Successful exploitation of this vulnerability may affect service confidentiality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper permission management vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2021/10/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2021/10/" } ] } diff --git a/2021/37xxx/CVE-2021-37504.json b/2021/37xxx/CVE-2021-37504.json index 4146790a662..d078cffc386 100644 --- a/2021/37xxx/CVE-2021-37504.json +++ b/2021/37xxx/CVE-2021-37504.json @@ -1,17 +1,91 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37504", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37504", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js", + "refsource": "MISC", + "name": "http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js" + }, + { + "url": "http://hayageek.github.io/jQuery-Upload-File/4.0.11/jquery.uploadfile.min.js", + "refsource": "MISC", + "name": "http://hayageek.github.io/jQuery-Upload-File/4.0.11/jquery.uploadfile.min.js" + }, + { + "url": "http://hayageek.github.io/jQuery-Upload-File/4.0.11/uploadfile.css", + "refsource": "MISC", + "name": "http://hayageek.github.io/jQuery-Upload-File/4.0.11/uploadfile.css" + }, + { + "url": "http://haygeek.com", + "refsource": "MISC", + "name": "http://haygeek.com" + }, + { + "url": "http://jquery-upload-file.com", + "refsource": "MISC", + "name": "http://jquery-upload-file.com" + }, + { + "url": "https://github.com/hayageek/jquery-upload-file/blob/master/js/jquery.uploadfile.js#L469", + "refsource": "MISC", + "name": "https://github.com/hayageek/jquery-upload-file/blob/master/js/jquery.uploadfile.js#L469" + }, + { + "url": "https://raw.githubusercontent.com/hayageek/jquery-upload-file/master/js/jquery.uploadfile.js", + "refsource": "MISC", + "name": "https://raw.githubusercontent.com/hayageek/jquery-upload-file/master/js/jquery.uploadfile.js" } ] } diff --git a/2021/38xxx/CVE-2021-38993.json b/2021/38xxx/CVE-2021-38993.json index d2f47cd94ab..972c7d587a7 100644 --- a/2021/38xxx/CVE-2021-38993.json +++ b/2021/38xxx/CVE-2021-38993.json @@ -1,106 +1,106 @@ { - "data_format" : "MITRE", - "data_type" : "CVE", - "CVE_data_meta" : { - "DATE_PUBLIC" : "2022-02-24T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2021-38993", - "STATE" : "PUBLIC" - }, - "description" : { - "description_data" : [ - { - "value" : "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the smbcd daemon to cause a denial of service. IBM X-Force ID: 212962.", - "lang" : "eng" - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6559320", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6559320 (AIX)", - "name" : "https://www.ibm.com/support/pages/node/6559320" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/212962", - "refsource" : "XF", - "name" : "ibm-aix-cve202138993-dos (212962)", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "E" : "U", - "RC" : "C" - }, - "BM" : { - "AV" : "L", - "S" : "U", - "C" : "N", - "SCORE" : "6.200", - "PR" : "N", - "A" : "H", - "AC" : "L", - "I" : "N", - "UI" : "N" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } - ] - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_format": "MITRE", + "data_type": "CVE", + "CVE_data_meta": { + "DATE_PUBLIC": "2022-02-24T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2021-38993", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "VIOS ", - "version" : { - "version_data" : [ - { - "version_value" : "3.1" - } - ] - } - }, - { - "product_name" : "AIX", - "version" : { - "version_data" : [ - { - "version_value" : "7.1" - }, - { - "version_value" : "7.2" - }, - { - "version_value" : "7.3" - } - ] - } - } - ] - } + "value": "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the smbcd daemon to cause a denial of service. IBM X-Force ID: 212962.", + "lang": "eng" } - ] - } - }, - "data_version" : "4.0" -} + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6559320", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6559320 (AIX)", + "name": "https://www.ibm.com/support/pages/node/6559320" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212962", + "refsource": "XF", + "name": "ibm-aix-cve202138993-dos (212962)", + "title": "X-Force Vulnerability Report" + } + ] + }, + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "E": "U", + "RC": "C" + }, + "BM": { + "AV": "L", + "S": "U", + "C": "N", + "SCORE": "6.200", + "PR": "N", + "A": "H", + "AC": "L", + "I": "N", + "UI": "N" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "VIOS ", + "version": { + "version_data": [ + { + "version_value": "3.1" + } + ] + } + }, + { + "product_name": "AIX", + "version": { + "version_data": [ + { + "version_value": "7.1" + }, + { + "version_value": "7.2" + }, + { + "version_value": "7.3" + } + ] + } + } + ] + } + } + ] + } + }, + "data_version": "4.0" +} \ No newline at end of file diff --git a/2021/40xxx/CVE-2021-40043.json b/2021/40xxx/CVE-2021-40043.json index 3b57da009b8..3e792c7af7b 100644 --- a/2021/40xxx/CVE-2021-40043.json +++ b/2021/40xxx/CVE-2021-40043.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-40043", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "AIS-BW80H-00", + "version": { + "version_data": [ + { + "version_value": "versions earlier than AIS-BW80H-00 9.0.3.4(H100SP13C00)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Laser Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220126-01-df75863e-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220126-01-df75863e-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The laser command injection vulnerability exists on AIS-BW80H-00 versions earlier than AIS-BW80H-00 9.0.3.4(H100SP13C00). The devices cannot effectively defend against external malicious interference. Attackers need the device to be visually exploitable and successful triggering of this vulnerability could execute voice commands on the device." } ] } diff --git a/2021/40xxx/CVE-2021-40046.json b/2021/40xxx/CVE-2021-40046.json index 933d3638e52..2094819d896 100644 --- a/2021/40xxx/CVE-2021-40046.json +++ b/2021/40xxx/CVE-2021-40046.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-40046", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "PCManager", + "version": { + "version_data": [ + { + "version_value": "11.1.1.95" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220216-01-priesc-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220216-01-priesc-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PCManager versions 11.1.1.95 has a privilege escalation vulnerability. Successful exploit could allow the attacker to access certain resource beyond its privilege." } ] } diff --git a/2021/42xxx/CVE-2021-42244.json b/2021/42xxx/CVE-2021-42244.json index 1010b64b0a7..318b1846fee 100644 --- a/2021/42xxx/CVE-2021-42244.json +++ b/2021/42xxx/CVE-2021-42244.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-42244", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-42244", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability in PaquitoSoftware Notimoo v1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted title or message in a notification." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/PaquitoSoft/Notimoo/issues/3", + "refsource": "MISC", + "name": "https://github.com/PaquitoSoft/Notimoo/issues/3" } ] } diff --git a/2021/43xxx/CVE-2021-43399.json b/2021/43xxx/CVE-2021-43399.json index a965dd2f6cc..8fc7dd401a5 100644 --- a/2021/43xxx/CVE-2021-43399.json +++ b/2021/43xxx/CVE-2021-43399.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://www.yubico.com/support/security-advisories/ysa-2021-04/", "url": "https://www.yubico.com/support/security-advisories/ysa-2021-04/" + }, + { + "refsource": "MISC", + "name": "https://blog.inhq.net/posts/yubico-yubihsm-shell-vuln3/", + "url": "https://blog.inhq.net/posts/yubico-yubihsm-shell-vuln3/" } ] } diff --git a/2021/46xxx/CVE-2021-46366.json b/2021/46xxx/CVE-2021-46366.json index 6573a3a1a66..2c7f29c0a11 100644 --- a/2021/46xxx/CVE-2021-46366.json +++ b/2021/46xxx/CVE-2021-46366.json @@ -56,6 +56,11 @@ "url": "https://docs.magnolia-cms.com/product-docs/6.2/Releases/Release-notes-for-Magnolia-CMS-6.2.4.html#_security_advisory", "refsource": "MISC", "name": "https://docs.magnolia-cms.com/product-docs/6.2/Releases/Release-notes-for-Magnolia-CMS-6.2.4.html#_security_advisory" + }, + { + "refsource": "MISC", + "name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2021-46366-CSRF%2BOpen%20Redirect-Magnolia%20CMS", + "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2021-46366-CSRF%2BOpen%20Redirect-Magnolia%20CMS" } ] } diff --git a/2022/0xxx/CVE-2022-0393.json b/2022/0xxx/CVE-2022-0393.json index 681abace275..f2fff019707 100644 --- a/2022/0xxx/CVE-2022-0393.json +++ b/2022/0xxx/CVE-2022-0393.json @@ -1,94 +1,99 @@ { "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2022-0393", - "STATE": "PUBLIC", - "TITLE": "Out-of-bounds Read in vim/vim" + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2022-0393", + "STATE": "PUBLIC", + "TITLE": "Out-of-bounds Read in vim/vim" }, "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ + "vendor": { + "vendor_data": [ { - "product_name": "vim/vim", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "8.2" - } - ] - } + "product": { + "product_data": [ + { + "product_name": "vim/vim", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.2" + } + ] + } + } + ] + }, + "vendor_name": "vim" } - ] - }, - "vendor_name": "vim" - } - ] - } + ] + } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { - "description_data": [ - { - "lang": "eng", - "value": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2." - } - ] + "description_data": [ + { + "lang": "eng", + "value": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2." + } + ] }, "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 8.4, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version": "3.0" - } + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } }, "problemtype": { - "problemtype_data": [ - { - "description": [ + "problemtype_data": [ { - "lang": "eng", - "value": "CWE-125 Out-of-bounds Read" + "description": [ + { + "lang": "eng", + "value": "CWE-125 Out-of-bounds Read" + } + ] } - ] - } - ] + ] }, "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/ecc8f488-01a0-477f-848f-e30b8e524bba", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/ecc8f488-01a0-477f-848f-e30b8e524bba" - }, - { - "name": "https://github.com/vim/vim/commit/a4bc2dd7cccf5a4a9f78b58b6f35a45d17164323", - "refsource": "MISC", - "url": "https://github.com/vim/vim/commit/a4bc2dd7cccf5a4a9f78b58b6f35a45d17164323" - }, - { - "refsource": "FEDORA", - "name": "FEDORA-2022-da2fb07efb", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/" - } - ] + "reference_data": [ + { + "name": "https://huntr.dev/bounties/ecc8f488-01a0-477f-848f-e30b8e524bba", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/ecc8f488-01a0-477f-848f-e30b8e524bba" + }, + { + "name": "https://github.com/vim/vim/commit/a4bc2dd7cccf5a4a9f78b58b6f35a45d17164323", + "refsource": "MISC", + "url": "https://github.com/vim/vim/commit/a4bc2dd7cccf5a4a9f78b58b6f35a45d17164323" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-da2fb07efb", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-48bf3cb1c4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/" + } + ] }, "source": { - "advisory": "ecc8f488-01a0-477f-848f-e30b8e524bba", - "discovery": "EXTERNAL" + "advisory": "ecc8f488-01a0-477f-848f-e30b8e524bba", + "discovery": "EXTERNAL" } - } \ No newline at end of file +} \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0408.json b/2022/0xxx/CVE-2022-0408.json index d336ce2afd9..9086570ac1d 100644 --- a/2022/0xxx/CVE-2022-0408.json +++ b/2022/0xxx/CVE-2022-0408.json @@ -1,94 +1,99 @@ { "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2022-0408", - "STATE": "PUBLIC", - "TITLE": "Stack-based Buffer Overflow in vim/vim" + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2022-0408", + "STATE": "PUBLIC", + "TITLE": "Stack-based Buffer Overflow in vim/vim" }, "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ + "vendor": { + "vendor_data": [ { - "product_name": "vim/vim", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "8.2" - } - ] - } + "product": { + "product_data": [ + { + "product_name": "vim/vim", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.2" + } + ] + } + } + ] + }, + "vendor_name": "vim" } - ] - }, - "vendor_name": "vim" - } - ] - } + ] + } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { - "description_data": [ - { - "lang": "eng", - "value": "Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2." - } - ] + "description_data": [ + { + "lang": "eng", + "value": "Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2." + } + ] }, "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 8.4, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version": "3.0" - } + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } }, "problemtype": { - "problemtype_data": [ - { - "description": [ + "problemtype_data": [ { - "lang": "eng", - "value": "CWE-121 Stack-based Buffer Overflow" + "description": [ + { + "lang": "eng", + "value": "CWE-121 Stack-based Buffer Overflow" + } + ] } - ] - } - ] + ] }, "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/5e635bad-5cf6-46cd-aeac-34ef224e179d", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/5e635bad-5cf6-46cd-aeac-34ef224e179d" - }, - { - "name": "https://github.com/vim/vim/commit/06f15416bb8d5636200a10776f1752c4d6e49f31", - "refsource": "MISC", - "url": "https://github.com/vim/vim/commit/06f15416bb8d5636200a10776f1752c4d6e49f31" - }, - { - "refsource": "FEDORA", - "name": "FEDORA-2022-da2fb07efb", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/" - } - ] + "reference_data": [ + { + "name": "https://huntr.dev/bounties/5e635bad-5cf6-46cd-aeac-34ef224e179d", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/5e635bad-5cf6-46cd-aeac-34ef224e179d" + }, + { + "name": "https://github.com/vim/vim/commit/06f15416bb8d5636200a10776f1752c4d6e49f31", + "refsource": "MISC", + "url": "https://github.com/vim/vim/commit/06f15416bb8d5636200a10776f1752c4d6e49f31" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-da2fb07efb", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-48bf3cb1c4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/" + } + ] }, "source": { - "advisory": "5e635bad-5cf6-46cd-aeac-34ef224e179d", - "discovery": "EXTERNAL" + "advisory": "5e635bad-5cf6-46cd-aeac-34ef224e179d", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0413.json b/2022/0xxx/CVE-2022-0413.json index b15fb6d58cf..7702ac5f2a1 100644 --- a/2022/0xxx/CVE-2022-0413.json +++ b/2022/0xxx/CVE-2022-0413.json @@ -1,94 +1,99 @@ { "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2022-0413", - "STATE": "PUBLIC", - "TITLE": "Use After Free in vim/vim" + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2022-0413", + "STATE": "PUBLIC", + "TITLE": "Use After Free in vim/vim" }, "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ + "vendor": { + "vendor_data": [ { - "product_name": "vim/vim", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "8.2" - } - ] - } + "product": { + "product_data": [ + { + "product_name": "vim/vim", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.2" + } + ] + } + } + ] + }, + "vendor_name": "vim" } - ] - }, - "vendor_name": "vim" - } - ] - } + ] + } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { - "description_data": [ - { - "lang": "eng", - "value": "Use After Free in GitHub repository vim/vim prior to 8.2." - } - ] + "description_data": [ + { + "lang": "eng", + "value": "Use After Free in GitHub repository vim/vim prior to 8.2." + } + ] }, "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 8.4, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version": "3.0" - } + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } }, "problemtype": { - "problemtype_data": [ - { - "description": [ + "problemtype_data": [ { - "lang": "eng", - "value": "CWE-416 Use After Free" + "description": [ + { + "lang": "eng", + "value": "CWE-416 Use After Free" + } + ] } - ] - } - ] + ] }, "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/563d1e8f-5c3d-4669-941c-3216f4a87c38", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/563d1e8f-5c3d-4669-941c-3216f4a87c38" - }, - { - "name": "https://github.com/vim/vim/commit/37f47958b8a2a44abc60614271d9537e7f14e51a", - "refsource": "MISC", - "url": "https://github.com/vim/vim/commit/37f47958b8a2a44abc60614271d9537e7f14e51a" - }, - { - "refsource": "FEDORA", - "name": "FEDORA-2022-da2fb07efb", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/" - } - ] + "reference_data": [ + { + "name": "https://huntr.dev/bounties/563d1e8f-5c3d-4669-941c-3216f4a87c38", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/563d1e8f-5c3d-4669-941c-3216f4a87c38" + }, + { + "name": "https://github.com/vim/vim/commit/37f47958b8a2a44abc60614271d9537e7f14e51a", + "refsource": "MISC", + "url": "https://github.com/vim/vim/commit/37f47958b8a2a44abc60614271d9537e7f14e51a" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-da2fb07efb", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-48bf3cb1c4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/" + } + ] }, "source": { - "advisory": "563d1e8f-5c3d-4669-941c-3216f4a87c38", - "discovery": "EXTERNAL" + "advisory": "563d1e8f-5c3d-4669-941c-3216f4a87c38", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0417.json b/2022/0xxx/CVE-2022-0417.json index 5d7d5f4b8ca..939ba36f292 100644 --- a/2022/0xxx/CVE-2022-0417.json +++ b/2022/0xxx/CVE-2022-0417.json @@ -84,6 +84,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-da2fb07efb", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-48bf3cb1c4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/" } ] }, diff --git a/2022/0xxx/CVE-2022-0443.json b/2022/0xxx/CVE-2022-0443.json index cfeb67af76e..5264e2f161b 100644 --- a/2022/0xxx/CVE-2022-0443.json +++ b/2022/0xxx/CVE-2022-0443.json @@ -84,6 +84,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-da2fb07efb", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-48bf3cb1c4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/" } ] }, diff --git a/2022/0xxx/CVE-2022-0554.json b/2022/0xxx/CVE-2022-0554.json index 61e131a6dde..944616cb5e2 100644 --- a/2022/0xxx/CVE-2022-0554.json +++ b/2022/0xxx/CVE-2022-0554.json @@ -1,89 +1,94 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2022-0554", - "STATE": "PUBLIC", - "TITLE": "Use of Out-of-range Pointer Offset in vim/vim" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "vim/vim", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "8.2" - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2022-0554", + "STATE": "PUBLIC", + "TITLE": "Use of Out-of-range Pointer Offset in vim/vim" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "vim/vim", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.2" + } + ] + } + } + ] + }, + "vendor_name": "vim" } - } ] - }, - "vendor_name": "vim" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 8.4, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-823 Use of Out-of-range Pointer Offset" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/7e8f6cd0-b5ee-48a2-8255-6a86f4c46c71", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/7e8f6cd0-b5ee-48a2-8255-6a86f4c46c71" - }, - { - "name": "https://github.com/vim/vim/commit/e3537aec2f8d6470010547af28dcbd83d41461b8", - "refsource": "MISC", - "url": "https://github.com/vim/vim/commit/e3537aec2f8d6470010547af28dcbd83d41461b8" - } - ] - }, - "source": { - "advisory": "7e8f6cd0-b5ee-48a2-8255-6a86f4c46c71", - "discovery": "EXTERNAL" - } + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-823 Use of Out-of-range Pointer Offset" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/7e8f6cd0-b5ee-48a2-8255-6a86f4c46c71", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/7e8f6cd0-b5ee-48a2-8255-6a86f4c46c71" + }, + { + "name": "https://github.com/vim/vim/commit/e3537aec2f8d6470010547af28dcbd83d41461b8", + "refsource": "MISC", + "url": "https://github.com/vim/vim/commit/e3537aec2f8d6470010547af28dcbd83d41461b8" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-48bf3cb1c4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/" + } + ] + }, + "source": { + "advisory": "7e8f6cd0-b5ee-48a2-8255-6a86f4c46c71", + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0572.json b/2022/0xxx/CVE-2022-0572.json index 82124c96a56..5c450e0c1a9 100644 --- a/2022/0xxx/CVE-2022-0572.json +++ b/2022/0xxx/CVE-2022-0572.json @@ -84,6 +84,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-9cef12c14c", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GOY5YWTP5QUY2EFLCL7AUWA2CV57C37/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-48bf3cb1c4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/" } ] }, diff --git a/2022/0xxx/CVE-2022-0613.json b/2022/0xxx/CVE-2022-0613.json index e8a8052e560..bd9cfcb51cf 100644 --- a/2022/0xxx/CVE-2022-0613.json +++ b/2022/0xxx/CVE-2022-0613.json @@ -79,6 +79,11 @@ "name": "https://github.com/medialize/uri.js/commit/6ea641cc8648b025ed5f30b090c2abd4d1a5249f", "refsource": "MISC", "url": "https://github.com/medialize/uri.js/commit/6ea641cc8648b025ed5f30b090c2abd4d1a5249f" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-7cca5b6d38", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MXSSATHALUSXXD2KT6UFZAX7EG4GR332/" } ] }, diff --git a/2022/0xxx/CVE-2022-0615.json b/2022/0xxx/CVE-2022-0615.json index a97b4479a77..b5f1d661e64 100644 --- a/2022/0xxx/CVE-2022-0615.json +++ b/2022/0xxx/CVE-2022-0615.json @@ -1,18 +1,111 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@eset.com", + "DATE_PUBLIC": "2022-02-24T14:00:00.000Z", "ID": "CVE-2022-0615", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Use-after-free vulnerability in ESET products for Linux" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Endpoint Antivirus for Linux ", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.1.6.0", + "version_value": "7.1.9.0" + }, + { + "version_affected": "<=", + "version_name": "8.0.3.0", + "version_value": "8.1.5.0" + } + ] + } + }, + { + "product_name": "ESET Server Security for Linux", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.2.463.0", + "version_value": "7.2.574.0" + }, + { + "version_affected": "<=", + "version_name": "8.0.375.0", + "version_value": "8.1.813.0" + } + ] + } + } + ] + }, + "vendor_name": "ESET, spol. s r.o." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use-after-free in eset_rtp kernel module used in ESET products for Linux allows potential attacker to trigger denial-of-service condition on the system." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416 Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.eset.com/en/ca8230", + "name": "https://support.eset.com/en/ca8230" + } + ] + }, + "source": { + "advisory": "ca8230", + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0629.json b/2022/0xxx/CVE-2022-0629.json index 24c1344b4ef..d3e3366b1ba 100644 --- a/2022/0xxx/CVE-2022-0629.json +++ b/2022/0xxx/CVE-2022-0629.json @@ -84,6 +84,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-8622ebdebb", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UURGABNDL77YR5FRQKTFBYNBDQX2KO7Q/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-48bf3cb1c4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/" } ] }, diff --git a/2022/0xxx/CVE-2022-0655.json b/2022/0xxx/CVE-2022-0655.json index 1a5d51e1972..349f0442d86 100644 --- a/2022/0xxx/CVE-2022-0655.json +++ b/2022/0xxx/CVE-2022-0655.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-0655", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2022/0xxx/CVE-2022-0685.json b/2022/0xxx/CVE-2022-0685.json index f790c8ffdff..921ef450be2 100644 --- a/2022/0xxx/CVE-2022-0685.json +++ b/2022/0xxx/CVE-2022-0685.json @@ -1,89 +1,94 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2022-0685", - "STATE": "PUBLIC", - "TITLE": "Use of Out-of-range Pointer Offset in vim/vim" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "vim/vim", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "8.2.4418" - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2022-0685", + "STATE": "PUBLIC", + "TITLE": "Use of Out-of-range Pointer Offset in vim/vim" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "vim/vim", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.2.4418" + } + ] + } + } + ] + }, + "vendor_name": "vim" } - } ] - }, - "vendor_name": "vim" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 8.4, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-823 Use of Out-of-range Pointer Offset" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/27230da3-9b1a-4d5d-8cdf-4b1e62fcd782", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/27230da3-9b1a-4d5d-8cdf-4b1e62fcd782" - }, - { - "name": "https://github.com/vim/vim/commit/5921aeb5741fc6e84c870d68c7c35b93ad0c9f87", - "refsource": "MISC", - "url": "https://github.com/vim/vim/commit/5921aeb5741fc6e84c870d68c7c35b93ad0c9f87" - } - ] - }, - "source": { - "advisory": "27230da3-9b1a-4d5d-8cdf-4b1e62fcd782", - "discovery": "EXTERNAL" - } -} + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-823 Use of Out-of-range Pointer Offset" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/27230da3-9b1a-4d5d-8cdf-4b1e62fcd782", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/27230da3-9b1a-4d5d-8cdf-4b1e62fcd782" + }, + { + "name": "https://github.com/vim/vim/commit/5921aeb5741fc6e84c870d68c7c35b93ad0c9f87", + "refsource": "MISC", + "url": "https://github.com/vim/vim/commit/5921aeb5741fc6e84c870d68c7c35b93ad0c9f87" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-48bf3cb1c4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/" + } + ] + }, + "source": { + "advisory": "27230da3-9b1a-4d5d-8cdf-4b1e62fcd782", + "discovery": "EXTERNAL" + } +} \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0696.json b/2022/0xxx/CVE-2022-0696.json index 8a29bbb6c4a..991c40c8ffb 100644 --- a/2022/0xxx/CVE-2022-0696.json +++ b/2022/0xxx/CVE-2022-0696.json @@ -1,89 +1,94 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2022-0696", - "STATE": "PUBLIC", - "TITLE": "NULL Pointer Dereference in vim/vim" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "vim/vim", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "8.2.4428" - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2022-0696", + "STATE": "PUBLIC", + "TITLE": "NULL Pointer Dereference in vim/vim" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "vim/vim", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.2.4428" + } + ] + } + } + ] + }, + "vendor_name": "vim" } - } ] - }, - "vendor_name": "vim" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 6.2, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-476 NULL Pointer Dereference" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/7416c2cb-1809-4834-8989-e84ff033f15f", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/7416c2cb-1809-4834-8989-e84ff033f15f" - }, - { - "name": "https://github.com/vim/vim/commit/0f6e28f686dbb59ab3b562408ab9b2234797b9b1", - "refsource": "MISC", - "url": "https://github.com/vim/vim/commit/0f6e28f686dbb59ab3b562408ab9b2234797b9b1" - } - ] - }, - "source": { - "advisory": "7416c2cb-1809-4834-8989-e84ff033f15f", - "discovery": "EXTERNAL" - } -} + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476 NULL Pointer Dereference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/7416c2cb-1809-4834-8989-e84ff033f15f", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/7416c2cb-1809-4834-8989-e84ff033f15f" + }, + { + "name": "https://github.com/vim/vim/commit/0f6e28f686dbb59ab3b562408ab9b2234797b9b1", + "refsource": "MISC", + "url": "https://github.com/vim/vim/commit/0f6e28f686dbb59ab3b562408ab9b2234797b9b1" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-48bf3cb1c4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/" + } + ] + }, + "source": { + "advisory": "7416c2cb-1809-4834-8989-e84ff033f15f", + "discovery": "EXTERNAL" + } +} \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0714.json b/2022/0xxx/CVE-2022-0714.json index 687797e3c26..90f07e0d322 100644 --- a/2022/0xxx/CVE-2022-0714.json +++ b/2022/0xxx/CVE-2022-0714.json @@ -17,7 +17,7 @@ "version_data": [ { "version_affected": "<", - "version_value": "8.2" + "version_value": "8.2.4436" } ] } @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2." + "value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436." } ] }, @@ -79,6 +79,16 @@ "name": "https://github.com/vim/vim/commit/4e889f98e95ac05d7c8bd3ee933ab4d47820fdfa", "refsource": "MISC", "url": "https://github.com/vim/vim/commit/4e889f98e95ac05d7c8bd3ee933ab4d47820fdfa" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-48bf3cb1c4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-63ca9a1129", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HBUYQBZ6GWAWJRWP7AODJ4KHW5BCKDVP/" } ] }, diff --git a/2022/0xxx/CVE-2022-0729.json b/2022/0xxx/CVE-2022-0729.json index 466a43564ab..026d58b9573 100644 --- a/2022/0xxx/CVE-2022-0729.json +++ b/2022/0xxx/CVE-2022-0729.json @@ -79,6 +79,16 @@ "name": "https://github.com/vim/vim/commit/6456fae9ba8e72c74b2c0c499eaf09974604ff30", "refsource": "MISC", "url": "https://github.com/vim/vim/commit/6456fae9ba8e72c74b2c0c499eaf09974604ff30" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-48bf3cb1c4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-63ca9a1129", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HBUYQBZ6GWAWJRWP7AODJ4KHW5BCKDVP/" } ] }, diff --git a/2022/21xxx/CVE-2022-21209.json b/2022/21xxx/CVE-2022-21209.json index fbbedfb0b73..3fa22031686 100644 --- a/2022/21xxx/CVE-2022-21209.json +++ b/2022/21xxx/CVE-2022-21209.json @@ -1,18 +1,100 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2022-02-22T23:08:00.000Z", "ID": "CVE-2022-21209", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "ICSA-22-055-01 FATEK Automation FvDesigner" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FvDesigner", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "all", + "version_value": "1.5.100" + } + ] + } + } + ] + }, + "vendor_name": "FATEK Automation" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Khangkito of VinCSS and xina1i, working with Trend Micro\u2019s Zero Day initiative, reported these vulnerabilities to CISA." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The affected product is vulnerable to an out-of-bounds read while processing project files, which allows an attacker to craft a project file that would allow arbitrary code execution." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125 Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-055-01", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-055-01" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "FATEK has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of these affected products are invited to contact FATEK customer support for additional information." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21248.json b/2022/21xxx/CVE-2022-21248.json index ddda4c1e3d3..618a1dbdebe 100644 --- a/2022/21xxx/CVE-2022-21248.json +++ b/2022/21xxx/CVE-2022-21248.json @@ -114,6 +114,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-416be040a8", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4J2N4FNXW6JKJBWUZH6SNI2UHCZXQXCY/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-477401b0f7", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/" } ] } diff --git a/2022/21xxx/CVE-2022-21283.json b/2022/21xxx/CVE-2022-21283.json index b52215ea420..9340473c1a3 100644 --- a/2022/21xxx/CVE-2022-21283.json +++ b/2022/21xxx/CVE-2022-21283.json @@ -96,6 +96,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update", "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-477401b0f7", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/" } ] } diff --git a/2022/21xxx/CVE-2022-21291.json b/2022/21xxx/CVE-2022-21291.json index d089c045750..f86bb9c5021 100644 --- a/2022/21xxx/CVE-2022-21291.json +++ b/2022/21xxx/CVE-2022-21291.json @@ -99,6 +99,11 @@ "refsource": "DEBIAN", "name": "DSA-5058", "url": "https://www.debian.org/security/2022/dsa-5058" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-477401b0f7", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/" } ] } diff --git a/2022/21xxx/CVE-2022-21293.json b/2022/21xxx/CVE-2022-21293.json index 7e09d4f2032..c44fc30b012 100644 --- a/2022/21xxx/CVE-2022-21293.json +++ b/2022/21xxx/CVE-2022-21293.json @@ -104,6 +104,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update", "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-477401b0f7", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/" } ] } diff --git a/2022/21xxx/CVE-2022-21798.json b/2022/21xxx/CVE-2022-21798.json index 17dec77a6c0..46aa61682f7 100644 --- a/2022/21xxx/CVE-2022-21798.json +++ b/2022/21xxx/CVE-2022-21798.json @@ -1,18 +1,100 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2022-02-22T23:08:00.000Z", "ID": "CVE-2022-21798", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "ICSA-22-053-02 GE Proficy CIMPLICITY-Cleartext" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Proficy CIMPLICITY", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_name": "all", + "version_value": "all" + } + ] + } + } + ] + }, + "vendor_name": "General Electric" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Yuval Ardon and Roman Dvorkin of OTORIO reported this vulnerability to CISA" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The affected product is vulnerable due to cleartext transmission of credentials seen in the CIMPLICITY network, which can be easily spoofed and used to log in to make operational changes to the system." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-319 Cleartext Transmission of Sensitive Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-053-02", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-053-02" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Users are advised to refer to the Secure Deployment Guide on how to configure communication encryption.\n\nUsers are encouraged to review the CIMPLICITY Windows Hardening Guide and Recommendations for further IPSEC configuration guidance found in the section titled \u201cAppendix A IPSEC Configuration.\u201d\n\nUsers are encouraged to contact a GE representative to obtain the latest versions of CIMPLICITY." + } + ], + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/23xxx/CVE-2022-23222.json b/2022/23xxx/CVE-2022-23222.json index af8528bae15..8252f9ecf44 100644 --- a/2022/23xxx/CVE-2022-23222.json +++ b/2022/23xxx/CVE-2022-23222.json @@ -76,6 +76,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20220217-0002/", "url": "https://security.netapp.com/advisory/ntap-20220217-0002/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-952bb7b856", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FCR3LIRUEXR7CA63W5M2HT3K63MZGKBR/" } ] } diff --git a/2022/23xxx/CVE-2022-23921.json b/2022/23xxx/CVE-2022-23921.json index 961e07be652..01d8d9ddfd5 100644 --- a/2022/23xxx/CVE-2022-23921.json +++ b/2022/23xxx/CVE-2022-23921.json @@ -1,18 +1,100 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2022-02-22T23:08:00.000Z", "ID": "CVE-2022-23921", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "ICSA-22-053-01 GE Proficy CIMPLICITY-IPM" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Proficy CIMPLICITY", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "all", + "version_value": "11.1" + } + ] + } + } + ] + }, + "vendor_name": "General Electric" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Yuval Ardon and Roman Dvorkin of OTORIO reported this vulnerability to CISA" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exploitation of this vulnerability may result in local privilege escalation and code execution. GE maintains exploitation of this vulnerability is only possible if the attacker has login access to a machine actively running CIMPLICITY, the CIMPLICITY server is not already running a project, and the server is licensed for multiple projects." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269 Improper Privilege Management" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-053-01", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-053-01" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "GE Digital recommends users upgrade all instances of the affected software to GE Digital\u2019s Proficy CIMPLICITY, released January 2022 (Upgrade) and follow the instructions in the Secure Deployment Guide to restrict which CIMPLICITY projects are allowed to run. \n\nThe upgrade contains what GE believes are mitigation measures to help ensure the vulnerability cannot be exploited.\n\nUsers are encouraged to contact a GE Digital representative for the latest versions of the update.\n\nFor users who choose to not implement the upgrade, GE Digital recommends applying the instructions in CIMPLICITY\u2019s Secure Deployment Guide to ensure access to the CIMPLICITY machines and directories are properly controlled via access control limits." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/23xxx/CVE-2022-23985.json b/2022/23xxx/CVE-2022-23985.json index 75b68b8e0ec..00080e4e9b5 100644 --- a/2022/23xxx/CVE-2022-23985.json +++ b/2022/23xxx/CVE-2022-23985.json @@ -1,18 +1,100 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2022-02-22T23:08:00.000Z", "ID": "CVE-2022-23985", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "ICSA-22-055-01 FATEK Automation FvDesigner" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FvDesigner", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "all", + "version_value": "1.5.100" + } + ] + } + } + ] + }, + "vendor_name": "FATEK Automation" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Khangkito of VinCSS and xina1i, working with Trend Micro\u2019s Zero Day initiative, reported these vulnerabilities to CISA." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The affected product is vulnerable to an out-of-bounds write while processing project files, which allows an attacker to craft a project file that would allow arbitrary code execution." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787 Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-055-01", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-055-01" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "FATEK has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of these affected products are invited to contact FATEK customer support for additional information." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/25xxx/CVE-2022-25019.json b/2022/25xxx/CVE-2022-25019.json index c1b156ab9a0..02689a0a2de 100644 --- a/2022/25xxx/CVE-2022-25019.json +++ b/2022/25xxx/CVE-2022-25019.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-25019", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-38602. Reason: This candidate is a reservation duplicate of CVE-2021-38602. Notes: All CVE users should reference CVE-2021-38602 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2022/25xxx/CVE-2022-25170.json b/2022/25xxx/CVE-2022-25170.json index d894c602368..fbf2fbd669f 100644 --- a/2022/25xxx/CVE-2022-25170.json +++ b/2022/25xxx/CVE-2022-25170.json @@ -1,18 +1,100 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2022-02-22T23:08:00.000Z", "ID": "CVE-2022-25170", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "ICSA-22-055-01 FATEK Automation FvDesigner" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FvDesigner", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "all", + "version_value": "1.5.100" + } + ] + } + } + ] + }, + "vendor_name": "FATEK Automation" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Khangkito of VinCSS and xina1i, working with Trend Micro\u2019s Zero Day initiative, reported these vulnerabilities to CISA." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The affected product is vulnerable to a stack-based buffer overflow while processing project files, which may allow an attacker to execute arbitrary code" } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121 Stack-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-055-01", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-055-01" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "FATEK has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of these affected products are invited to contact FATEK customer support for additional information." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file