admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-08 03:27:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-01-20 20:00:39 +00:00
parent 5c2d197d84
commit b7c46cdd39
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
4 changed files with 165 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
2022/1xxx/CVE-2022-1109.json
View File

@ -1,17 +1,107 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1109",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@lenovo.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An incorrect default permissions vulnerability in Lenovo Leyun cloud music application could allow denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276: Incorrect Default Permissions",
"cweId": "CWE-276"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Lenovo",
"product": {
"product_data": [
{
"product_name": "Leyun",
"version": {
"version_data": [
{
"version_value": "Versions prior to 6.8.21.99",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://iknow.lenovo.com.cn/detail/dc_204380.html",
"refsource": "MISC",
"name": "https://iknow.lenovo.com.cn/detail/dc_204380.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "LEN-84075",
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Upgrade to </span><span style=\"background-color: rgb(255, 255, 255);\">V6.8.21.99 or later</span><br>"
}
],
"value": "\nUpgrade to V6.8.21.99 or later\n"
}
],
"credits": [
{
"lang": "en",
"value": "Thanks to Brother Wang for reporting this vulnerability to Lenovo."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

51
2022/3xxx/CVE-2022-3918.json
View File

@ -4,14 +4,59 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3918",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@forums.swift.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Swift Project",
"product": {
"product_data": [
{
"product_name": "Swift Foundation",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "5.7.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE 113: Improper Neutralization of CRLF Sequences in HTTP Headers"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/apple/swift-corelibs-foundation/security/advisories/GHSA-4pp3-mpf2-rj63",
"refsource": "MISC",
"name": "https://github.com/apple/swift-corelibs-foundation/security/advisories/GHSA-4pp3-mpf2-rj63"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A program using FoundationNetworking in swift-corelibs-foundation is potentially vulnerable to CRLF ( ) injection in URLRequest headers. In this vulnerability, a client can insert one or several CRLF sequences into a URLRequest header value. When that request is sent via URLSession to an HTTP server, the server may interpret the content after the CRLF as extra headers, or even a second request. For example, consider a URLRequest to http://example.com/ with the GET method. Suppose we set the URLRequest header \"Foo\" to the value \"Bar Extra-Header: Added GET /other HTTP/1.1\". When this request is sent, it will appear to the server as two requests: GET / HTTP/1.1 Foo: Bar Extra-Header: Added GET /other HTTP/1.1 In this manner, the client is able to inject extra headers and craft an entirely new request to a separate path, despite only making one API call in URLSession. If a developer has total control over the request and its headers, this vulnerability may not pose a threat. However, this vulnerability escalates if un-sanitized user input is placed in header values. If so, a malicious user could inject new headers or requests to an intermediary or backend server. Developers should be especially careful to sanitize user input in this case, or upgrade their version of swift-corelibs-foundation to include the patch below."
}
]
}

5
2022/42xxx/CVE-2022-42906.json
View File

@ -61,6 +61,11 @@
"url": "https://github.com/jaspernbrouwer/powerline-gitstatus/releases/tag/v1.3.2",
"refsource": "MISC",
"name": "https://github.com/jaspernbrouwer/powerline-gitstatus/releases/tag/v1.3.2"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230120 [SECURITY] [DLA 3277-1] powerline-gitstatus security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00017.html"
}
]
}

18
2023/24xxx/CVE-2023-24022.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-24022",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}