From aacce4b22c01a1b19a34ec76ae48c287d2bdaec6 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 22 Apr 2022 18:01:37 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/1xxx/CVE-2021-1385.json | 5 + 2021/42xxx/CVE-2021-42370.json | 5 + 2021/42xxx/CVE-2021-42770.json | 5 + 2022/1xxx/CVE-2022-1440.json | 166 ++++++++++++++++----------------- 2022/29xxx/CVE-2022-29582.json | 5 + 5 files changed, 103 insertions(+), 83 deletions(-) diff --git a/2021/1xxx/CVE-2021-1385.json b/2021/1xxx/CVE-2021-1385.json index eb1e8c81c13..75fd3dd7a67 100644 --- a/2021/1xxx/CVE-2021-1385.json +++ b/2021/1xxx/CVE-2021-1385.json @@ -71,6 +71,11 @@ "name": "20210324 Cisco IOx Application Environment Path Traversal Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-pt-hWGcPf7g" + }, + { + "refsource": "MISC", + "name": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-hhfw-6cm2-v3w5", + "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-hhfw-6cm2-v3w5" } ] }, diff --git a/2021/42xxx/CVE-2021-42370.json b/2021/42xxx/CVE-2021-42370.json index 496fe50fdc5..c8370de3ade 100644 --- a/2021/42xxx/CVE-2021-42370.json +++ b/2021/42xxx/CVE-2021-42370.json @@ -61,6 +61,11 @@ "refsource": "CONFIRM", "name": "https://lpar2rrd.com/note730.php", "url": "https://lpar2rrd.com/note730.php" + }, + { + "refsource": "MISC", + "name": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-f3qp-4xqq-2wjx", + "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-f3qp-4xqq-2wjx" } ] } diff --git a/2021/42xxx/CVE-2021-42770.json b/2021/42xxx/CVE-2021-42770.json index 9fa1b4e7ebe..3aa7f7236ba 100644 --- a/2021/42xxx/CVE-2021-42770.json +++ b/2021/42xxx/CVE-2021-42770.json @@ -61,6 +61,11 @@ "refsource": "CONFIRM", "name": "https://opnsense.org/opnsense-21-7-4-released/", "url": "https://opnsense.org/opnsense-21-7-4-released/" + }, + { + "refsource": "MISC", + "name": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-r32j-xgg3-w2rw", + "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-r32j-xgg3-w2rw" } ] } diff --git a/2022/1xxx/CVE-2022-1440.json b/2022/1xxx/CVE-2022-1440.json index 7e4075ac1cf..b1a8d82f542 100644 --- a/2022/1xxx/CVE-2022-1440.json +++ b/2022/1xxx/CVE-2022-1440.json @@ -1,89 +1,89 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2022-1440", - "STATE": "PUBLIC", - "TITLE": "Command Injection vulnerability in git-interface@2.1.1 in yarkeev/git-interface" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "yarkeev/git-interface", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "2.1.2" - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2022-1440", + "STATE": "PUBLIC", + "TITLE": "Command Injection vulnerability in git-interface@2.1.1 in yarkeev/git-interface" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "yarkeev/git-interface", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2.1.2" + } + ] + } + } + ] + }, + "vendor_name": "yarkeev" } - } ] - }, - "vendor_name": "yarkeev" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Command Injection vulnerability in git-interface@2.1.1 in GitHub repository yarkeev/git-interface prior to 2.1.2. If both are provided by user input, then the use of a `--upload-pack` command-line argument feature of git is also supported for `git clone`, which would then allow for any operating system command to be spawned by the attacker." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Command Injection vulnerability in git-interface@2.1.1 in GitHub repository yarkeev/git-interface prior to 2.1.2. If both are provided by user input, then the use of a `--upload-pack` command-line argument feature of git is also supported for `git clone`, which would then allow for any operating system command to be spawned by the attacker." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/cdc25408-d3c1-4a9d-bb45-33b12a715ca1", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/cdc25408-d3c1-4a9d-bb45-33b12a715ca1" - }, - { - "name": "https://github.com/yarkeev/git-interface/commit/f828aa790016fee3aa667f7b44cf94bf0aa8c60d", - "refsource": "MISC", - "url": "https://github.com/yarkeev/git-interface/commit/f828aa790016fee3aa667f7b44cf94bf0aa8c60d" - } - ] - }, - "source": { - "advisory": "cdc25408-d3c1-4a9d-bb45-33b12a715ca1", - "discovery": "EXTERNAL" - } + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/cdc25408-d3c1-4a9d-bb45-33b12a715ca1", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/cdc25408-d3c1-4a9d-bb45-33b12a715ca1" + }, + { + "name": "https://github.com/yarkeev/git-interface/commit/f828aa790016fee3aa667f7b44cf94bf0aa8c60d", + "refsource": "MISC", + "url": "https://github.com/yarkeev/git-interface/commit/f828aa790016fee3aa667f7b44cf94bf0aa8c60d" + } + ] + }, + "source": { + "advisory": "cdc25408-d3c1-4a9d-bb45-33b12a715ca1", + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/29xxx/CVE-2022-29582.json b/2022/29xxx/CVE-2022-29582.json index 71f57d66fdd..fc5cf337834 100644 --- a/2022/29xxx/CVE-2022-29582.json +++ b/2022/29xxx/CVE-2022-29582.json @@ -71,6 +71,11 @@ "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.3", "refsource": "MISC", "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.3" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20220422 Re: Linux: UaF due to concurrency issue in io_uring timeouts", + "url": "http://www.openwall.com/lists/oss-security/2022/04/22/4" } ] }