From bbab20f8043d21df34663dd8358d0f1bcd364c7a Mon Sep 17 00:00:00 2001 From: zdi-team Date: Mon, 25 Jul 2022 11:41:44 -0500 Subject: [PATCH 1/2] ZDI assigns the following CVEs: M 2022/28xxx/CVE-2022-28668.json M 2022/28xxx/CVE-2022-28684.json M 2022/2xxx/CVE-2022-2272.json M 2022/34xxx/CVE-2022-34871.json M 2022/34xxx/CVE-2022-34872.json M 2022/35xxx/CVE-2022-35864.json M 2022/35xxx/CVE-2022-35865.json M 2022/35xxx/CVE-2022-35866.json M 2022/35xxx/CVE-2022-35867.json --- 2022/28xxx/CVE-2022-28668.json | 81 +++++++++++++++++++++++++------- 2022/28xxx/CVE-2022-28684.json | 81 +++++++++++++++++++++++++------- 2022/2xxx/CVE-2022-2272.json | 81 +++++++++++++++++++++++++------- 2022/34xxx/CVE-2022-34871.json | 84 +++++++++++++++++++++++++++------- 2022/34xxx/CVE-2022-34872.json | 84 +++++++++++++++++++++++++++------- 2022/35xxx/CVE-2022-35864.json | 84 +++++++++++++++++++++++++++------- 2022/35xxx/CVE-2022-35865.json | 84 +++++++++++++++++++++++++++------- 2022/35xxx/CVE-2022-35866.json | 81 +++++++++++++++++++++++++------- 2022/35xxx/CVE-2022-35867.json | 81 +++++++++++++++++++++++++------- 9 files changed, 597 insertions(+), 144 deletions(-) diff --git a/2022/28xxx/CVE-2022-28668.json b/2022/28xxx/CVE-2022-28668.json index e906ceb8559..4767686d79f 100644 --- a/2022/28xxx/CVE-2022-28668.json +++ b/2022/28xxx/CVE-2022-28668.json @@ -1,18 +1,67 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-28668", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2022-28668", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DICOM Viewer Pro", + "version": { + "version_data": [ + { + "version_value": "11.9.2" + } + ] + } + } + ] + }, + "vendor_name": "Sante" + } + ] } -} \ No newline at end of file + }, + "credit": "Eunice", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.9.2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of J2K files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16679." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-622/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + } +} diff --git a/2022/28xxx/CVE-2022-28684.json b/2022/28xxx/CVE-2022-28684.json index ea9313ce926..049b014011f 100644 --- a/2022/28xxx/CVE-2022-28684.json +++ b/2022/28xxx/CVE-2022-28684.json @@ -1,18 +1,67 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-28684", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2022-28684", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DevExpress", + "version": { + "version_data": [ + { + "version_value": "20.21.01.102" + } + ] + } + } + ] + }, + "vendor_name": "DevExpress" + } + ] } -} \ No newline at end of file + }, + "credit": "Markus Wulftange (@mwulftange)", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of DevExpress. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the SafeBinaryFormatter library. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-16710." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502: Deserialization of Untrusted Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-872/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + } +} diff --git a/2022/2xxx/CVE-2022-2272.json b/2022/2xxx/CVE-2022-2272.json index c1c9c6ab907..70040aeacba 100644 --- a/2022/2xxx/CVE-2022-2272.json +++ b/2022/2xxx/CVE-2022-2272.json @@ -1,18 +1,67 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-2272", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2022-2272", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PACS Server", + "version": { + "version_data": [ + { + "version_value": "3.0.4" + } + ] + } + } + ] + }, + "vendor_name": "Sante" + } + ] } -} \ No newline at end of file + }, + "credit": "Florent Saudel", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to bypass authentication on affected installations of Sante PACS Server 3.0.4. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the processing of calls to the login endpoint. When parsing the username element, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17331." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-955/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + } +} diff --git a/2022/34xxx/CVE-2022-34871.json b/2022/34xxx/CVE-2022-34871.json index 9f06a8eee9c..eba688e8b53 100644 --- a/2022/34xxx/CVE-2022-34871.json +++ b/2022/34xxx/CVE-2022-34871.json @@ -1,18 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-34871", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2022-34871", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Centreon", + "version": { + "version_data": [ + { + "version_value": "21.10-2" + } + ] + } + } + ] + }, + "vendor_name": "Centreon" + } + ] } -} \ No newline at end of file + }, + "credit": "Anonymous", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the configuration of poller resources. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-16335." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-953/" + }, + { + "url": "https://docs.centreon.com/docs/21.10/releases/centreon-core/\r\n\r\nhttps://github.com/centreon/centreon/blob/master/SECURITY_ACK.md#-2022-" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + } +} diff --git a/2022/34xxx/CVE-2022-34872.json b/2022/34xxx/CVE-2022-34872.json index 02ab246d217..bd85aed0ba1 100644 --- a/2022/34xxx/CVE-2022-34872.json +++ b/2022/34xxx/CVE-2022-34872.json @@ -1,18 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-34872", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2022-34872", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Centreon", + "version": { + "version_data": [ + { + "version_value": "21.10-2" + } + ] + } + } + ] + }, + "vendor_name": "Centreon" + } + ] } -} \ No newline at end of file + }, + "credit": "Anonymous", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Centreon. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the processing of Virtual Metrics. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-16336." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-954/" + }, + { + "url": "https://docs.centreon.com/docs/21.10/releases/centreon-core/\r\n\r\nhttps://github.com/centreon/centreon/blob/master/SECURITY_ACK.md#-2022-" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" + } + } +} diff --git a/2022/35xxx/CVE-2022-35864.json b/2022/35xxx/CVE-2022-35864.json index 6a0a7d6017a..afe6625ba77 100644 --- a/2022/35xxx/CVE-2022-35864.json +++ b/2022/35xxx/CVE-2022-35864.json @@ -1,18 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-35864", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2022-35864", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Track-It!", + "version": { + "version_data": [ + { + "version_value": "20.21.02.109" + } + ] + } + } + ] + }, + "vendor_name": "BMC" + } + ] } -} \ No newline at end of file + }, + "credit": "Y4er", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It! 20.21.02.109. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the GetPopupSubQueryDetails endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-16690." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-967/" + }, + { + "url": "https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It-Version-2" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" + } + } +} diff --git a/2022/35xxx/CVE-2022-35865.json b/2022/35xxx/CVE-2022-35865.json index 84be4dfcc0a..5d85310a3f8 100644 --- a/2022/35xxx/CVE-2022-35865.json +++ b/2022/35xxx/CVE-2022-35865.json @@ -1,18 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-35865", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2022-35865", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Track-It!", + "version": { + "version_data": [ + { + "version_value": "20.21.2.109" + } + ] + } + } + ] + }, + "vendor_name": "BMC" + } + ] } -} \ No newline at end of file + }, + "credit": "Markus Wulftange (@mwulftange)", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It! 20.21.2.109. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the authorization of HTTP requests. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-16709." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306: Missing Authentication for Critical Function" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-968/" + }, + { + "url": "https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It-Version-2" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "version": "3.0" + } + } +} diff --git a/2022/35xxx/CVE-2022-35866.json b/2022/35xxx/CVE-2022-35866.json index ac8e7e16c2e..f1e9083d26a 100644 --- a/2022/35xxx/CVE-2022-35866.json +++ b/2022/35xxx/CVE-2022-35866.json @@ -1,18 +1,67 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-35866", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2022-35866", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Backup and Recovery", + "version": { + "version_data": [ + { + "version_value": "6.5.0.17561" + } + ] + } + } + ] + }, + "vendor_name": "Vinchin" + } + ] } -} \ No newline at end of file + }, + "credit": "Esjay", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery 6.5.0.17561. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the configuration of the MySQL server. The server uses a hard-coded password for the administrator user. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17139." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-798: Use of Hard-coded Credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-959/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + } +} diff --git a/2022/35xxx/CVE-2022-35867.json b/2022/35xxx/CVE-2022-35867.json index 08115787994..eb9b3440bb7 100644 --- a/2022/35xxx/CVE-2022-35867.json +++ b/2022/35xxx/CVE-2022-35867.json @@ -1,18 +1,67 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-35867", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2022-35867", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "xhyve", + "version": { + "version_data": [ + { + "version_value": "0.2.0-145-g83516a" + } + ] + } + } + ] + }, + "vendor_name": "xhyve" + } + ] } -} \ No newline at end of file + }, + "credit": "Alisa Esage of Zero Day Engineering (zerodayengineering.com)", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows local attackers to escalate privileges on affected installations of xhyve. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability.\n\nThe specific flaw exists within the e1000 virtual device. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-15056." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-949/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.0" + } + } +} From 44abb9e4029e2f280a3dd42c249cb83e367c7a99 Mon Sep 17 00:00:00 2001 From: zdi-team Date: Wed, 3 Aug 2022 10:17:54 -0500 Subject: [PATCH 2/2] fixes 2022-3487[1,2] ref urls --- 2022/34xxx/CVE-2022-34871.json | 2 +- 2022/34xxx/CVE-2022-34872.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/2022/34xxx/CVE-2022-34871.json b/2022/34xxx/CVE-2022-34871.json index eba688e8b53..2109ed38b5f 100644 --- a/2022/34xxx/CVE-2022-34871.json +++ b/2022/34xxx/CVE-2022-34871.json @@ -57,7 +57,7 @@ "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-953/" }, { - "url": "https://docs.centreon.com/docs/21.10/releases/centreon-core/\r\n\r\nhttps://github.com/centreon/centreon/blob/master/SECURITY_ACK.md#-2022-" + "url": "https://docs.centreon.com/docs/21.10/releases/centreon-core/" } ] }, diff --git a/2022/34xxx/CVE-2022-34872.json b/2022/34xxx/CVE-2022-34872.json index bd85aed0ba1..69dffd53022 100644 --- a/2022/34xxx/CVE-2022-34872.json +++ b/2022/34xxx/CVE-2022-34872.json @@ -57,7 +57,7 @@ "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-954/" }, { - "url": "https://docs.centreon.com/docs/21.10/releases/centreon-core/\r\n\r\nhttps://github.com/centreon/centreon/blob/master/SECURITY_ACK.md#-2022-" + "url": "https://docs.centreon.com/docs/21.10/releases/centreon-core/" } ] },