admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-02-12 22:01:36 +00:00
parent 3c3f47dfcf
commit b34545df30
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
8 changed files with 175 additions and 393 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
2022/1xxx/CVE-2022-1665.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1665",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A set of pre-production kernel packages of Red Hat Enterprise Linux for IBM Power architecture can be booted by the grub in Secure Boot mode even though it shouldn't. These kernel builds don't have the secure boot lockdown patches applied to it and can bypass the secure boot validations, allowing the attacker to load another non-trusted code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1291",
"cweId": "CWE-1291"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.6"
}
]
@ -30,32 +52,12 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1291"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089529",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2089529",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089529"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A set of pre-production kernel packages of Red Hat Enterprise Linux for IBM Power architecture can be booted by the grub in Secure Boot mode even though it shouldn't. These kernel builds don't have the secure boot lockdown patches applied to it and can bypass the secure boot validations, allowing the attacker to load another non-trusted code."
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2089529"
}
]
}

123
2022/1xxx/CVE-2022-1677.json
View File

@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "Improper Handling of Insufficient Permissions or Privileges ",
"cweId": "CWE-280"
"value": "CWE-400",
"cweId": "CWE-400"
}
]
}
@ -32,71 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat OpenShift Container Platform 3.11",
"product_name": "Openshift",
"version": {
"version_data": [
{
"version_value": "v3.11.705-1.g7a17a5d",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 4.10",
"version": {
"version_data": [
{
"version_value": "v4.10.0-202204291840.p0.g11109e4.assembly.stream",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 4.6",
"version": {
"version_data": [
{
"version_value": "v4.6.0-202205131546.p0.g7d2af02.assembly.stream",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 4.7",
"version": {
"version_data": [
{
"version_value": "v4.7.0-202205131637.p0.ge246a5f.assembly.stream",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 4.8",
"version": {
"version_data": [
{
"version_value": "v4.8.0-202205131628.p0.gd0d6380.assembly.stream",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 4.9",
"version": {
"version_data": [
{
"version_value": "v4.9.0-202205131707.p0.gfe7ea46.assembly.stream",
"version_affected": "!"
"version_affected": "=",
"version_value": "Openshift 3.11 and 4.6 onwards"
}
]
}
@ -109,63 +54,15 @@
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/cve/CVE-2022-1677",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-1677"
},
{
"url": "https://access.redhat.com/errata/RHBA-2022:1690",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2022:1690"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:2264",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:2264"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:2268",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:2268"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:2272",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:2272"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:2281",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:2281"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:2283",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:2283"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076211",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2076211"
}
]
},
"impact": {
"cvss": [
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
"url": "https://access.redhat.com/security/cve/CVE-2022-1677",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-1677"
}
]
}

60
2022/1xxx/CVE-2022-1786.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1786",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use-after-free flaw was found in the Linux kernel\u2019s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw allows a local user to crash or escalate their privileges on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-843",
"cweId": "CWE-843"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "kernel v5.10 and v5.11"
}
]
@ -30,42 +52,22 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-843"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087760",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2087760",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087760"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2087760"
},
{
"refsource": "DEBIAN",
"name": "DSA-5161",
"url": "https://www.debian.org/security/2022/dsa-5161"
"url": "https://security.netapp.com/advisory/ntap-20220722-0001/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20220722-0001/"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220722-0001/",
"url": "https://security.netapp.com/advisory/ntap-20220722-0001/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use-after-free flaw was found in the Linux kernel\u2019s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw allows a local user to crash or escalate their privileges on the system."
"url": "https://www.debian.org/security/2022/dsa-5161",
"refsource": "MISC",
"name": "https://www.debian.org/security/2022/dsa-5161"
}
]
}

48
2022/1xxx/CVE-2022-1833.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1833",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in AMQ Broker Operator 7.9.4 installed via UI using OperatorHub where a low-privilege user that has access to the namespace where the AMQ Operator is deployed has access to clusterwide edit rights by checking the secrets. The service account used for building the Operator gives more permission than expected and an attacker could benefit from it. This requires at least an already compromised low-privilege account or insider attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276",
"cweId": "CWE-276"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "AMQ Broker Operator 7.9.4 and prior"
}
]
@ -30,32 +52,12 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089406#c4",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2089406#c4",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089406#c4"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in AMQ Broker Operator 7.9.4 installed via UI using OperatorHub where a low-privilege user that has access to the namespace where the AMQ Operator is deployed has access to clusterwide edit rights by checking the secrets. The service account used for building the Operator gives more permission than expected and an attacker could benefit from it. This requires at least an already compromised low-privilege account or insider attack."
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2089406#c4"
}
]
}

75
2022/1xxx/CVE-2022-1902.json
View File

@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"value": "CWE-497",
"cweId": "CWE-497"
}
]
@ -32,38 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "RHACS-3.68-RHEL-8",
"product_name": "Red Hat Advanced Cluster Security for Kubernetes",
"version": {
"version_data": [
{
"version_value": "3.68.2-8",
"version_affected": "!"
}
]
}
},
{
"product_name": "RHACS-3.69-RHEL-8",
"version": {
"version_data": [
{
"version_value": "3.69.2-5",
"version_affected": "!"
}
]
}
},
{
"product_name": "RHACS-3.70-RHEL-8",
"version": {
"version_data": [
{
"version_value": "3.70.1-5",
"version_affected": "!"
"version_affected": "=",
"version_value": "Red Hat Advanced Cluster Security for Kubernetes 3"
}
]
}
@ -76,6 +54,11 @@
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090957",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2090957"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-1902",
"refsource": "MISC",
@ -85,44 +68,6 @@
"url": "https://github.com/stackrox/stackrox/pull/1803",
"refsource": "MISC",
"name": "https://github.com/stackrox/stackrox/pull/1803"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:5132",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:5132"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:5188",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:5188"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:5189",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:5189"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090957",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2090957"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

67
2022/1xxx/CVE-2022-1949.json
View File

@ -1,34 +1,19 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1949",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "389-ds-base",
"version": {
"version_data": [
{
"version_value": "389-ds-base-2.0"
}
]
}
}
]
}
}
]
}
"description": {
"description_data": [
{
"lang": "eng",
"value": "An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows searching for database items they do not have access to, including but not limited to potentially userPassword hashes and other sensitive data."
}
]
},
"problemtype": {
"problemtype_data": [
@ -42,20 +27,36 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "389-ds-base",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "389-ds-base-2.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091781",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2091781",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091781"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows searching for database items they do not have access to, including but not limited to potentially userPassword hashes and other sensitive data."
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2091781"
}
]
}

68
2022/2xxx/CVE-2022-2085.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2085",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory. When allocating a buffer device, it relies on an init_device_procs defined for the device that uses it as a prototype that depends upon the number of bits per pixel. For bpp > 64, mem_x_device is used and does not have an init_device_procs defined. This flaw allows an attacker to parse a large number of bits (more than 64 bits per pixel), which triggers a NULL pointer dereference flaw, causing an application to crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 - NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Affects in Ghostscript v9.55.0"
}
]
@ -30,52 +52,32 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 - NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=704945",
"refsource": "MISC",
"name": "https://bugs.ghostscript.com/show_bug.cgi?id=704945",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=704945"
"name": "https://bugs.ghostscript.com/show_bug.cgi?id=704945"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095261",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2095261",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095261"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2095261"
},
{
"url": "http://git.ghostscript.com/?p=ghostpdl.git%3Bh=ae1061d948d88667bdf51d47d918c4684d0f67df",
"refsource": "MISC",
"name": "http://git.ghostscript.com/?p=ghostpdl.git;h=ae1061d948d88667bdf51d47d918c4684d0f67df",
"url": "http://git.ghostscript.com/?p=ghostpdl.git;h=ae1061d948d88667bdf51d47d918c4684d0f67df"
"name": "http://git.ghostscript.com/?p=ghostpdl.git%3Bh=ae1061d948d88667bdf51d47d918c4684d0f67df"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-d287230630",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERSZX5LKDWAHZWJYBMP2E2UHOPUCDEGV/"
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERSZX5LKDWAHZWJYBMP2E2UHOPUCDEGV/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERSZX5LKDWAHZWJYBMP2E2UHOPUCDEGV/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202211-11",
"url": "https://security.gentoo.org/glsa/202211-11"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory. When allocating a buffer device, it relies on an init_device_procs defined for the device that uses it as a prototype that depends upon the number of bits per pixel. For bpp > 64, mem_x_device is used and does not have an init_device_procs defined. This flaw allows an attacker to parse a large number of bits (more than 64 bits per pixel), which triggers a NULL pointer dereference flaw, causing an application to crash."
"url": "https://security.gentoo.org/glsa/202211-11",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202211-11"
}
]
}

79
2022/2xxx/CVE-2022-2211.json
View File

@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"cweId": "CWE-119"
"value": "Buffer Overflow"
}
]
}
@ -32,35 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 8",
"product_name": "libguestfs",
"version": {
"version_data": [
{
"version_value": "8070020220921004438.3b9f49c4",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "1:1.48.4-2.el9",
"version_affected": "!"
},
{
"version_value": "0:1.48.2-5.el9",
"version_affected": "!"
},
{
"version_value": "1:2.0.7-6.el9",
"version_affected": "!"
"version_affected": "=",
"version_value": "none"
}
]
}
@ -77,55 +57,6 @@
"url": "https://access.redhat.com/security/cve/CVE-2022-2211",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-2211"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:7472",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:7472"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:7958",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:7958"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:7959",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:7959"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:7968",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:7968"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100862",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2100862"
}
]
},
"credits": [
{
"lang": "en",
"value": " Upstream acknowledges Laszlo Ersek as the original reporter."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}