admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-02-12 22:01:57 +00:00
parent ba4024aa98
commit b9ec250551
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
8 changed files with 115 additions and 334 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
2022/25xxx/CVE-2022-25308.json
View File

@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow",
"value": "CWE-121 - Stack-based Buffer Overflow.",
"cweId": "CWE-121"
}
]
@ -32,27 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 8",
"product_name": "fribidi",
"version": {
"version_data": [
{
"version_value": "0:1.0.4-9.el8",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "0:1.0.10-6.el9.2",
"version_affected": "!"
"version_affected": "=",
"version_value": "Fixed in v1.0.12"
}
]
}
@ -70,6 +59,11 @@
"refsource": "MISC",
"name": "https://github.com/fribidi/fribidi/issues/181"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047890",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2047890"
},
{
"url": "https://github.com/fribidi/fribidi/pull/184",
"refsource": "MISC",
@ -79,39 +73,6 @@
"url": "https://access.redhat.com/security/cve/CVE-2022-25308",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-25308"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:7514",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:7514"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:8011",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:8011"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047890",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2047890"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

59
2022/25xxx/CVE-2022-25309.json
View File

@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow",
"value": "CWE-122 - Heap-based Buffer Overflow.",
"cweId": "CWE-122"
}
]
@ -32,27 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 8",
"product_name": "fribidi",
"version": {
"version_data": [
{
"version_value": "0:1.0.4-9.el8",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "0:1.0.10-6.el9.2",
"version_affected": "!"
"version_affected": "=",
"version_value": "Fixed in v1.0.12"
}
]
}
@ -70,6 +59,11 @@
"refsource": "MISC",
"name": "https://github.com/fribidi/fribidi/issues/182"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047896",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2047896"
},
{
"url": "https://github.com/fribidi/fribidi/commit/f22593b82b5d1668d1997dbccd10a9c31ffea3b3",
"refsource": "MISC",
@ -79,39 +73,6 @@
"url": "https://access.redhat.com/security/cve/CVE-2022-25309",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-25309"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:7514",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:7514"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:8011",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:8011"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047896",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2047896"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
}
]
}

52
2022/2xxx/CVE-2022-2447.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2447",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-324",
"cweId": "CWE-324"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "openstack-keystone as shipped in Red Hat OpenStack 16.1 and 16.2"
}
]
@ -30,37 +52,17 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-324"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105419",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2105419",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105419"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2105419"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-2447",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-2447",
"url": "https://access.redhat.com/security/cve/CVE-2022-2447"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected."
"name": "https://access.redhat.com/security/cve/CVE-2022-2447"
}
]
}

48
2022/2xxx/CVE-2022-2457.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2457",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Red Hat Process Automation Manager 7 where an attacker can benefit from a brute force attack against Administration Console as the application does not limit the number of unsuccessful login attempts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-307",
"cweId": "CWE-307"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Fixed in 7.13.2"
}
]
@ -30,32 +52,12 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-307"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107990#c0",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2107990#c0",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107990#c0"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Red Hat Process Automation Manager 7 where an attacker can benefit from a brute force attack against Administration Console as the application does not limit the number of unsuccessful login attempts."
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2107990#c0"
}
]
}

48
2022/2xxx/CVE-2022-2458.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2458",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "XML external entity injection(XXE) is a vulnerability that allows an attacker to interfere with an application's processing of XML data. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. Here, XML external entity injection lead to External Service interaction & Internal file read in Business Central and also Kie-Server APIs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-91",
"cweId": "CWE-91"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Fixed in 7.13.1"
}
]
@ -30,32 +52,12 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-91"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107994#c0",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2107994#c0",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107994#c0"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "XML external entity injection(XXE) is a vulnerability that allows an attacker to interfere with an application's processing of XML data. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. Here, XML external entity injection lead to External Service interaction & Internal file read in Business Central and also Kie-Server APIs."
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2107994#c0"
}
]
}

61
2022/2xxx/CVE-2022-2519.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A double-free flaw was found in the tiffcrop tool distributed with the libtiff tools package. The double-free issue leads to a denial of service, impacting the availability."
"value": "There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1"
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Double Free",
"value": "CWE-415",
"cweId": "CWE-415"
}
]
@ -32,27 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 8",
"product_name": "libtiff",
"version": {
"version_data": [
{
"version_value": "0:4.0.9-26.el8_7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "0:4.4.0-5.el9_1",
"version_affected": "!"
"version_affected": "=",
"version_value": "libtiff 4.4.0rc1"
}
]
}
@ -79,44 +68,6 @@
"url": "https://www.debian.org/security/2023/dsa-5333",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5333"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:0095",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:0095"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:0302",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:0302"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-2519",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-2519"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122789",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2122789"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

61
2022/2xxx/CVE-2022-2520.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "CVE-2022-2520 libtiff: Assertion fail in rotateImage() function at tiffcrop.c"
"value": "A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Incorrect Calculation of Buffer Size",
"value": "CWE-131",
"cweId": "CWE-131"
}
]
@ -32,27 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 8",
"product_name": "libtiff",
"version": {
"version_data": [
{
"version_value": "0:4.0.9-26.el8_7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "0:4.4.0-5.el9_1",
"version_affected": "!"
"version_affected": "=",
"version_value": "libtiff 4.4.0rc1"
}
]
}
@ -79,44 +68,6 @@
"url": "https://www.debian.org/security/2023/dsa-5333",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5333"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:0095",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:0095"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:0302",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:0302"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-2520",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-2520"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122792",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2122792"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

61
2022/2xxx/CVE-2022-2521.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "CVE-2022-2521 libtiff: Invalid pointer free operation in TIFFClose() at tif_close.c"
"value": "It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Release of Invalid Pointer or Reference",
"value": "CWE-763",
"cweId": "CWE-763"
}
]
@ -32,27 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 8",
"product_name": "libtiff",
"version": {
"version_data": [
{
"version_value": "0:4.0.9-26.el8_7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "0:4.4.0-5.el9_1",
"version_affected": "!"
"version_affected": "=",
"version_value": "libtiff 4.4.0rc1"
}
]
}
@ -79,44 +68,6 @@
"url": "https://www.debian.org/security/2023/dsa-5333",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5333"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:0095",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:0095"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:0302",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:0302"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-2521",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-2521"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122799",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2122799"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}