admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-03-10 17:23:39 +00:00
parent 447924903a
commit bfdeea1ecd
No known key found for this signature in database
GPG Key ID: 08789936A25A004E
56 changed files with 1780 additions and 217 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

126
2020/36xxx/CVE-2020-36517.json
View File

@ -1,17 +1,131 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-36517",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-36517",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised 2022.03 allows a DNS operator to gain knowledge about internal network resources via the hardcoded DNS resolver configuration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/home-assistant/plugin-dns/issues/70",
"refsource": "MISC",
"name": "https://github.com/home-assistant/plugin-dns/issues/70"
},
{
"url": "https://github.com/home-assistant/plugin-dns/issues/64",
"refsource": "MISC",
"name": "https://github.com/home-assistant/plugin-dns/issues/64"
},
{
"url": "https://github.com/home-assistant/plugin-dns/pull/59",
"refsource": "MISC",
"name": "https://github.com/home-assistant/plugin-dns/pull/59"
},
{
"url": "https://github.com/home-assistant/plugin-dns/pull/58",
"refsource": "MISC",
"name": "https://github.com/home-assistant/plugin-dns/pull/58"
},
{
"url": "https://github.com/home-assistant/plugin-dns/pull/56",
"refsource": "MISC",
"name": "https://github.com/home-assistant/plugin-dns/pull/56"
},
{
"url": "https://github.com/home-assistant/plugin-dns/pull/55",
"refsource": "MISC",
"name": "https://github.com/home-assistant/plugin-dns/pull/55"
},
{
"url": "https://github.com/home-assistant/plugin-dns/issues/54",
"refsource": "MISC",
"name": "https://github.com/home-assistant/plugin-dns/issues/54"
},
{
"url": "https://github.com/home-assistant/plugin-dns/issues/53",
"refsource": "MISC",
"name": "https://github.com/home-assistant/plugin-dns/issues/53"
},
{
"url": "https://github.com/home-assistant/plugin-dns/issues/51",
"refsource": "MISC",
"name": "https://github.com/home-assistant/plugin-dns/issues/51"
},
{
"url": "https://github.com/home-assistant/plugin-dns/issues/50",
"refsource": "MISC",
"name": "https://github.com/home-assistant/plugin-dns/issues/50"
},
{
"url": "https://github.com/home-assistant/plugin-dns/issues/22",
"refsource": "MISC",
"name": "https://github.com/home-assistant/plugin-dns/issues/22"
},
{
"url": "https://github.com/home-assistant/plugin-dns/issues/20",
"refsource": "MISC",
"name": "https://github.com/home-assistant/plugin-dns/issues/20"
},
{
"url": "https://github.com/home-assistant/plugin-dns/issues/17",
"refsource": "MISC",
"name": "https://github.com/home-assistant/plugin-dns/issues/17"
},
{
"url": "https://github.com/home-assistant/plugin-dns/issues/6",
"refsource": "MISC",
"name": "https://github.com/home-assistant/plugin-dns/issues/6"
},
{
"url": "https://community.home-assistant.io/t/ha-os-dns-setting-configuration-not-respected/356572",
"refsource": "MISC",
"name": "https://community.home-assistant.io/t/ha-os-dns-setting-configuration-not-respected/356572"
}
]
}

170
2021/24xxx/CVE-2021-24961.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24961",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "WordPress File Upload < 4.16.3 - Contributor+ Stored Cross-Site Scripting via Shortcode"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "WordPress File Upload",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.16.3",
"version_value": "4.16.3"
"CVE_data_meta": {
"ID": "CVE-2021-24961",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "WordPress File Upload < 4.16.3 - Contributor+ Stored Cross-Site Scripting via Shortcode"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "WordPress File Upload",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.16.3",
"version_value": "4.16.3"
}
]
}
},
{
"product_name": "wordpress-file-upload-pro",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.16.3",
"version_value": "4.16.3"
}
]
}
}
]
}
]
}
},
{
"product_name": "wordpress-file-upload-pro",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.16.3",
"version_value": "4.16.3"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 does not escape some of its shortcode argument, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/c911bbbd-0196-4e3d-ada3-4efb8a339954",
"name": "https://wpscan.com/vulnerability/c911bbbd-0196-4e3d-ada3-4efb8a339954"
},
{
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2677722",
"name": "https://plugins.trac.wordpress.org/changeset/2677722"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 does not escape some of its shortcode argument, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2677722",
"name": "https://plugins.trac.wordpress.org/changeset/2677722"
},
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/c911bbbd-0196-4e3d-ada3-4efb8a339954",
"name": "https://wpscan.com/vulnerability/c911bbbd-0196-4e3d-ada3-4efb8a339954"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
}
],
"source": {
"discovery": "EXTERNAL"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}

55
2021/34xxx/CVE-2021-34338.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34338",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "patrick@puiterwijk.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "ming",
"version": {
"version_data": [
{
"version_value": "Ming 0.4.8"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "(CWE-125|CWE-787)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/libming/libming/issues/201",
"url": "https://github.com/libming/libming/issues/201"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1969616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1969616"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Ming 0.4.8 has an out-of-bounds buffer overwrite issue in the function getName() in decompiler.c file that causes a direct segmentation fault and leads to denial of service."
}
]
}

55
2021/34xxx/CVE-2021-34339.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34339",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "patrick@puiterwijk.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "ming",
"version": {
"version_data": [
{
"version_value": "Ming 0.4.8"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "(CWE-125|CWE-787)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/libming/libming/issues/202",
"url": "https://github.com/libming/libming/issues/202"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1969607",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1969607"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Ming 0.4.8 has an out-of-bounds buffer access issue in the function getString() in decompiler.c file that causes a direct segmentation fault and leads to denial of service."
}
]
}

55
2021/34xxx/CVE-2021-34340.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34340",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "patrick@puiterwijk.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "ming",
"version": {
"version_data": [
{
"version_value": "Ming 0.4.8"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "(CWE-125|CWE-787)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/libming/libming/issues/203",
"url": "https://github.com/libming/libming/issues/203"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1969612",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1969612"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Ming 0.4.8 has an out-of-bounds buffer access issue in the function decompileINCR_DECR() in decompiler.c file that causes a direct segmentation fault and leads to denial of service."
}
]
}

55
2021/34xxx/CVE-2021-34341.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34341",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "patrick@puiterwijk.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "ming",
"version": {
"version_data": [
{
"version_value": "Ming 0.4.8"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/libming/libming/issues/204",
"url": "https://github.com/libming/libming/issues/204"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1969628",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1969628"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Ming 0.4.8 has an out-of-bounds read vulnerability in the function decompileIF() in the decompile.c file that causes a direct segmentation fault and leads to denial of service."
}
]
}

55
2021/34xxx/CVE-2021-34342.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34342",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "patrick@puiterwijk.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "ming",
"version": {
"version_data": [
{
"version_value": "Ming 0.4.8"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/libming/libming/issues/205",
"url": "https://github.com/libming/libming/issues/205"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1969619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1969619"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Ming 0.4.8 has an out-of-bounds read vulnerability in the function newVar_N() in decompile.c which causes a huge information leak."
}
]
}

5
2021/3xxx/CVE-2021-3737.json
View File

@ -68,6 +68,11 @@
"refsource": "MISC",
"name": "https://ubuntu.com/security/CVE-2021-3737",
"url": "https://ubuntu.com/security/CVE-2021-3737"
},
{
"refsource": "MISC",
"name": "https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html",
"url": "https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html"
}
]
},

66
2021/41xxx/CVE-2021-41657.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-41657",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-41657",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SmartBear CodeCollaborator v6.1.6102 was discovered to contain a vulnerability in the web UI which would allow an attacker to conduct a clickjacking attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://codecollaborator.com",
"refsource": "MISC",
"name": "http://codecollaborator.com"
},
{
"url": "http://smartbear.com",
"refsource": "MISC",
"name": "http://smartbear.com"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/rvismit/2b1a10a48104e01f575cc948da69df19",
"url": "https://gist.github.com/rvismit/2b1a10a48104e01f575cc948da69df19"
}
]
}

61
2021/43xxx/CVE-2021-43969.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-43969",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-43969",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The login.jsp page of Quicklert for Digium 10.0.0 (1043) is affected by both Blind SQL Injection with Out-of-Band Interaction (DNS) and Blind Time-Based SQL Injections. Exploitation can be used to disclose all data within the database (up to and including the administrative accounts' login IDs and passwords) via the login.jsp uname parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://quicklert.com",
"refsource": "MISC",
"name": "https://quicklert.com"
},
{
"refsource": "MISC",
"name": "https://www.assurainc.com/assura-announces-discovery-of-two-vulnerabilities-in-quicklert-for-digium-switchvox/amp-on/",
"url": "https://www.assurainc.com/assura-announces-discovery-of-two-vulnerabilities-in-quicklert-for-digium-switchvox/amp-on/"
}
]
}

61
2021/43xxx/CVE-2021-43970.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-43970",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-43970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An arbitrary file upload vulnerability exists in albumimages.jsp in Quicklert for Digium 10.0.0 (1043) via a .mp3;.jsp filename for a file that begins with audio data bytes. It allows an authenticated (low privileged) attacker to execute remote code on the target server within the context of application's permissions (SYSTEM)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://quicklert.com",
"refsource": "MISC",
"name": "https://quicklert.com"
},
{
"refsource": "MISC",
"name": "https://www.assurainc.com/assura-announces-discovery-of-two-vulnerabilities-in-quicklert-for-digium-switchvox/amp-on/",
"url": "https://www.assurainc.com/assura-announces-discovery-of-two-vulnerabilities-in-quicklert-for-digium-switchvox/amp-on/"
}
]
}

5
2021/43xxx/CVE-2021-43976.json
View File

@ -71,6 +71,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20211210-0001/",
"url": "https://security.netapp.com/advisory/ntap-20211210-0001/"
},
{
"refsource": "DEBIAN",
"name": "DSA-5092",
"url": "https://www.debian.org/security/2022/dsa-5092"
}
]
}

71
2021/44xxx/CVE-2021-44421.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-44421",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-44421",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The pointer-validation logic in util/mem_util.rs in Occlum before 0.26.0 for Intel SGX acts as a confused deputy that allows a local attacker to access unauthorized information via side-channel analysis."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/occlum/occlum/blob/821ea843ae21037e6cff5268306d2da1fb131552/src/libos/src/util/mem_util.rs#L130",
"refsource": "MISC",
"name": "https://github.com/occlum/occlum/blob/821ea843ae21037e6cff5268306d2da1fb131552/src/libos/src/util/mem_util.rs#L130"
},
{
"url": "https://github.com/occlum/occlum/blob/821ea843ae21037e6cff5268306d2da1fb131552/src/libos/src/util/mem_util.rs#L51",
"refsource": "MISC",
"name": "https://github.com/occlum/occlum/blob/821ea843ae21037e6cff5268306d2da1fb131552/src/libos/src/util/mem_util.rs#L51"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/occlum/occlum/commit/36918e42bf6732c4d3996bc99eb013eb6b90b249",
"url": "https://github.com/occlum/occlum/commit/36918e42bf6732c4d3996bc99eb013eb6b90b249"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/occlum/occlum/compare/0.25.0...v0.26.0",
"url": "https://github.com/occlum/occlum/compare/0.25.0...v0.26.0"
}
]
}

5
2021/45xxx/CVE-2021-45909.json
View File

@ -56,6 +56,11 @@
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002668",
"refsource": "MISC",
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002668"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220307 [SECURITY] [DLA 2937-1] gif2apng security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00008.html"
}
]
}

5
2021/45xxx/CVE-2021-45910.json
View File

@ -56,6 +56,11 @@
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002667",
"refsource": "MISC",
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002667"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220307 [SECURITY] [DLA 2937-1] gif2apng security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00008.html"
}
]
}

5
2021/45xxx/CVE-2021-45911.json
View File

@ -56,6 +56,11 @@
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002687",
"refsource": "MISC",
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002687"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220307 [SECURITY] [DLA 2937-1] gif2apng security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00008.html"
}
]
}

97
2021/4xxx/CVE-2021-4045.json
View File

@ -1,18 +1,103 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-coordination@incibe.es",
"DATE_PUBLIC": "2022-02-11T11:00:00.000Z",
"ID": "CVE-2021-4045",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "TP-LINK Tapo C200 remote code execution vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tapo C200",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.15",
"version_value": "1.15"
}
]
}
}
]
},
"vendor_name": "TP-Link"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "V\u00edctor Fresco Perales"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.incibe-cert.es/en/early-warning/security-advisories/tp-link-tapo-c200-remote-code-execution-vulnerability",
"refsource": "CONFIRM",
"url": "https://www.incibe-cert.es/en/early-warning/security-advisories/tp-link-tapo-c200-remote-code-execution-vulnerability"
}
]
},
"solution": [
{
"lang": "eng",
"value": "This vulnerability has already been solved by TP-Link in Tapo C200 1.1.16 version."
}
],
"source": {
"defect": [
"INCIBE-2021-0601"
],
"discovery": "EXTERNAL"
}
}

60
2022/0xxx/CVE-2022-0847.json
View File

@ -4,14 +4,68 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-0847",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "kernel 5.17-rc6"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-665->CWE-281"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2060795",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060795"
},
{
"refsource": "MISC",
"name": "https://dirtypipe.cm4all.com/",
"url": "https://dirtypipe.cm4all.com/"
},
{
"refsource": "DEBIAN",
"name": "DSA-5092",
"url": "https://www.debian.org/security/2022/dsa-5092"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in the way the \"flags\" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.17-rc6."
}
]
}

18
2022/0xxx/CVE-2022-0872.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-0872",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

7
2022/21xxx/CVE-2022-21124.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-21124",
"ASSIGNER": "vultures@jpcert.or.jp"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -44,7 +45,9 @@
"references": {
"reference_data": [
{
"url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
"url": "https://jvn.jp/en/vu/JVNVU90121984/index.html",
"refsource": "MISC",
"name": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
}
]
},

11
2022/21xxx/CVE-2022-21132.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-21132",
"ASSIGNER": "vultures@jpcert.or.jp"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -44,10 +45,14 @@
"references": {
"reference_data": [
{
"url": "https://github.com/pfsense/FreeBSD-ports/commits/devel/net/pfSense-pkg-WireGuard"
"url": "https://github.com/pfsense/FreeBSD-ports/commits/devel/net/pfSense-pkg-WireGuard",
"refsource": "MISC",
"name": "https://github.com/pfsense/FreeBSD-ports/commits/devel/net/pfSense-pkg-WireGuard"
},
{
"url": "https://jvn.jp/en/jp/JVN85572374/index.html"
"url": "https://jvn.jp/en/jp/JVN85572374/index.html",
"refsource": "MISC",
"name": "https://jvn.jp/en/jp/JVN85572374/index.html"
}
]
},

11
2022/21xxx/CVE-2022-21158.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-21158",
"ASSIGNER": "vultures@jpcert.or.jp"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -44,10 +45,14 @@
"references": {
"reference_data": [
{
"url": "https://github.com/marktext/marktext/releases/tag/v0.17.0"
"url": "https://github.com/marktext/marktext/releases/tag/v0.17.0",
"refsource": "MISC",
"name": "https://github.com/marktext/marktext/releases/tag/v0.17.0"
},
{
"url": "https://jvn.jp/en/jp/JVN89524240/index.html"
"url": "https://jvn.jp/en/jp/JVN89524240/index.html",
"refsource": "MISC",
"name": "https://jvn.jp/en/jp/JVN89524240/index.html"
}
]
},

27
2022/21xxx/CVE-2022-21170.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-21170",
"ASSIGNER": "vultures@jpcert.or.jp"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -44,22 +45,34 @@
"references": {
"reference_data": [
{
"url": "https://download.daj.co.jp/user/ifilter/V10/"
"url": "https://download.daj.co.jp/user/ifilter/V10/",
"refsource": "MISC",
"name": "https://download.daj.co.jp/user/ifilter/V10/"
},
{
"url": "https://download.daj.co.jp/user/ifilter/V9/"
"url": "https://download.daj.co.jp/user/ifilter/V9/",
"refsource": "MISC",
"name": "https://download.daj.co.jp/user/ifilter/V9/"
},
{
"url": "https://download.daj.co.jp/user/ifb/"
"url": "https://download.daj.co.jp/user/ifb/",
"refsource": "MISC",
"name": "https://download.daj.co.jp/user/ifb/"
},
{
"url": "https://download.daj.co.jp/user/dspa/V4/"
"url": "https://download.daj.co.jp/user/dspa/V4/",
"refsource": "MISC",
"name": "https://download.daj.co.jp/user/dspa/V4/"
},
{
"url": "https://download.daj.co.jp/user/dspa/V3/"
"url": "https://download.daj.co.jp/user/dspa/V3/",
"refsource": "MISC",
"name": "https://download.daj.co.jp/user/dspa/V3/"
},
{
"url": "https://jvn.jp/en/jp/JVN33214411/index.html"
"url": "https://jvn.jp/en/jp/JVN33214411/index.html",
"refsource": "MISC",
"name": "https://jvn.jp/en/jp/JVN33214411/index.html"
}
]
},

7
2022/21xxx/CVE-2022-21219.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-21219",
"ASSIGNER": "vultures@jpcert.or.jp"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -44,7 +45,9 @@
"references": {
"reference_data": [
{
"url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
"url": "https://jvn.jp/en/vu/JVNVU90121984/index.html",
"refsource": "MISC",
"name": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
}
]
},

61
2022/22xxx/CVE-2022-22834.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-22834",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-22834",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in OverIT Geocall before 8.0. An authenticated user who has the Test Trasformazione XSL functionality enabled can exploit a XSLT Injection vulnerability. Attackers could exploit this issue to achieve remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://overit.us/products/geocall/",
"refsource": "MISC",
"name": "https://overit.us/products/geocall/"
},
{
"refsource": "MISC",
"name": "https://labs.yarix.com/advisories/cve-2022-22834/",
"url": "https://labs.yarix.com/advisories/cve-2022-22834/"
}
]
}

61
2022/22xxx/CVE-2022-22835.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-22835",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-22835",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in OverIT Geocall before version 8.0. An authenticated user who has the Test Trasformazione XSL functionality enabled can exploit a XXE vulnerability to read arbitrary files from the filesystem."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://overit.us/products/geocall/",
"refsource": "MISC",
"name": "https://overit.us/products/geocall/"
},
{
"refsource": "MISC",
"name": "https://labs.yarix.com/advisories/cve-2022-22835/",
"url": "https://labs.yarix.com/advisories/cve-2022-22835/"
}
]
}

5
2022/23xxx/CVE-2022-23648.json
View File

@ -99,6 +99,11 @@
"name": "https://github.com/containerd/containerd/releases/tag/v1.6.1",
"refsource": "MISC",
"url": "https://github.com/containerd/containerd/releases/tag/v1.6.1"
},
{
"refsource": "DEBIAN",
"name": "DSA-5091",
"url": "https://www.debian.org/security/2022/dsa-5091"
}
]
},

2
2022/23xxx/CVE-2022-23993.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "/usr/local/www/pkg.php in pfSense through 2.5.2 uses $_REQUEST['pkg_filter'] in a PHP echo call."
"value": "/usr/local/www/pkg.php in pfSense CE before 2.6.0 and pfSense Plus before 22.01 uses $_REQUEST['pkg_filter'] in a PHP echo call, causing XSS."
}
]
},

5
2022/24xxx/CVE-2022-24448.json
View File

@ -71,6 +71,11 @@
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac795161c93699d600db16c1a8cc23a65a1eceaf",
"refsource": "MISC",
"name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac795161c93699d600db16c1a8cc23a65a1eceaf"
},
{
"refsource": "DEBIAN",
"name": "DSA-5092",
"url": "https://www.debian.org/security/2022/dsa-5092"
}
]
}

61
2022/24xxx/CVE-2022-24644.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-24644",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-24644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ZZ Inc. KeyMouse Windows 3.08 and prior is affected by a remote code execution vulnerability during an unauthenticated update. To exploit this vulnerability, a user must trigger an update of an affected installation of KeyMouse."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://keymouse.com",
"refsource": "MISC",
"name": "http://keymouse.com"
},
{
"refsource": "MISC",
"name": "https://github.com/gerr-re/cve-2022-24644/blob/main/cve-2022-24644_public-advisory.pdf",
"url": "https://github.com/gerr-re/cve-2022-24644/blob/main/cve-2022-24644_public-advisory.pdf"
}
]
}

5
2022/24xxx/CVE-2022-24959.json
View File

@ -61,6 +61,11 @@
"url": "https://github.com/torvalds/linux/commit/29eb31542787e1019208a2e1047bb7c76c069536",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/29eb31542787e1019208a2e1047bb7c76c069536"
},
{
"refsource": "DEBIAN",
"name": "DSA-5092",
"url": "https://www.debian.org/security/2022/dsa-5092"
}
]
}

10
2022/25xxx/CVE-2022-25003.json
View File

@ -56,6 +56,16 @@
"url": "https://github.com/09-by-ly/HPRMS-SQL_injection/blob/gh-pages/SQL%20injection.md",
"refsource": "MISC",
"name": "https://github.com/09-by-ly/HPRMS-SQL_injection/blob/gh-pages/SQL%20injection.md"
},
{
"refsource": "MISC",
"name": "https://www.nu11secur1ty.com/2022/03/cve-2022-25003.html",
"url": "https://www.nu11secur1ty.com/2022/03/cve-2022-25003.html"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/2022/CVE-2022-25003",
"url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/2022/CVE-2022-25003"
}
]
}

50
2022/25xxx/CVE-2022-25213.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-25213",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Phicomm Routers",
"version": {
"version_data": [
{
"version_value": "K3C"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper physical access control"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2022-01",
"url": "https://www.tenable.com/security/research/tra-2022-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. The same port exposes an unauthenticated Das U-Boot BIOS shell."
}
]
}

50
2022/25xxx/CVE-2022-25214.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-25214",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Phicomm Routers",
"version": {
"version_data": [
{
"version_value": "K2G A1 >= 22.6.3.20, K2 A7 >= 22.6.506.28, K2G A1 >= 22.6.3.20"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper access control leading to information leaks"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2022-01",
"url": "https://www.tenable.com/security/research/tra-2022-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper access control on the LocalClientList.asp interface allows an unauthenticated remote attacker to obtain sensitive information concerning devices on the local area network, including IP and MAC addresses. Improper access control on the wirelesssetup.asp interface allows an unauthenticated remote attacker to obtain the WPA passphrases for the 2.4GHz and 5.0GHz wireless networks. This is particularly dangerous given that the K2G setup wizard presents the user with the option of using the same password for the 2.4Ghz network and the administrative interface, by clicking a checkbox. When Remote Managment is enabled, these endpoints are exposed to the WAN."
}
]
}

50
2022/25xxx/CVE-2022-25215.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-25215",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Phicomm Routers",
"version": {
"version_data": [
{
"version_value": "K2G A1 >= 22.6.3.20, K2 A7 >= 22.6.506.28, K2G A1 >= 22.6.3.20"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper access control leading to denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2022-01",
"url": "https://www.tenable.com/security/research/tra-2022-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper access control on the LocalMACConfig.asp interface allows an unauthenticated remote attacker to add (or remove) client MAC addresses to (or from) a list of banned hosts. Clients with those MAC addresses are then prevented from accessing either the WAN or the router itself."
}
]
}

50
2022/25xxx/CVE-2022-25217.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-25217",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Phicomm Routers",
"version": {
"version_data": [
{
"version_value": "K2 22.5.9.163, K3 21.5.37.246, K3C 32.1.15.93 -- 32.1.26.175, K3C 33.1.25.177, K2P 20.4.1.7, K2 A7 22.6.506.28"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of a hard-coded cryptographic key"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2022-01",
"url": "https://www.tenable.com/security/research/tra-2022-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Use of a hard-coded cryptographic key pair by the telnetd_startup service allows an attacker on the local area network to obtain a root shell on the device over telnet. The builds of telnetd_startup included in the version 22.5.9.163 of the K2 firmware, and version 32.1.15.93 of the K3C firmware (possibly amongst many other releases) included both the private and public RSA keys. The remaining versions cited here redacted the private key, but left the public key unchanged. An attacker in possession of the leaked private key may, through a scripted exchange of UDP packets, instruct telnetd_startup to spawn an unauthenticated telnet shell as root, by means of which they can then obtain complete control of the device. A consequence of the limited availablility of firmware images for testing is that models and versions not listed here may share this vulnerability."
}
]
}

50
2022/25xxx/CVE-2022-25218.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-25218",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Phicomm Routers",
"version": {
"version_data": [
{
"version_value": "K2 >= 22.5.9.163, K3 >= 21.5.37.246, K3C >= 32.1.15.93, K2P >= 20.4.1.7, K2 A7 >= 22.6.506.28"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of RSA Algorithm without OAEP"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2022-01",
"url": "https://www.tenable.com/security/research/tra-2022-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The use of the RSA algorithm without OAEP, or any other padding scheme, in telnetd_startup, allows an unauthenticated attacker on the local area network to achieve a significant degree of control over the \"plaintext\" to which an arbitrary blob of ciphertext will be decrypted by OpenSSL's RSA_public_decrypt() function. This weakness allows the attacker to manipulate the various iterations of the telnetd startup state machine and eventually obtain a root shell on the device, by means of an exchange of crafted UDP packets. In all versions but K2 22.5.9.163 and K3C 32.1.15.93 a successful attack also requires the exploitation of a null-byte interaction error (CVE-2022-25219)."
}
]
}

50
2022/25xxx/CVE-2022-25219.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-25219",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Phicomm Routers",
"version": {
"version_data": [
{
"version_value": "K3 >= 21.5.37.246, K3C >= 32.1.22.113, K2P >= 20.4.1.7, K2 A7 >= 22.6.506.28, K2G A1 >= 22.6.3.20"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Null Byte Interaction Error"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2022-01",
"url": "https://www.tenable.com/security/research/tra-2022-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A null byte interaction error has been discovered in the code that the telnetd_startup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a telnet service on the router, and to ensure that the telnet service persists upon reboot. By means of a crafted exchange of UDP packets, an unauthenticated attacker on the local network can leverage this null byte interaction error in such a way as to make those ephemeral passwords predictable (with 1-in-94 odds). Since the attacker must manipulate data processed by the OpenSSL function RSA_public_decrypt(), successful exploitation of this vulnerability depends on the use of an unpadded RSA cipher (CVE-2022-25218)."
}
]
}

7
2022/25xxx/CVE-2022-25230.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-25230",
"ASSIGNER": "vultures@jpcert.or.jp"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -44,7 +45,9 @@
"references": {
"reference_data": [
{
"url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
"url": "https://jvn.jp/en/vu/JVNVU90121984/index.html",
"refsource": "MISC",
"name": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
}
]
},

7
2022/25xxx/CVE-2022-25234.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-25234",
"ASSIGNER": "vultures@jpcert.or.jp"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -44,7 +45,9 @@
"references": {
"reference_data": [
{
"url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
"url": "https://jvn.jp/en/vu/JVNVU90121984/index.html",
"refsource": "MISC",
"name": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
}
]
},

61
2022/25xxx/CVE-2022-25243.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-25243",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-25243",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allow_subdomains is set to false. Fixed in Vault Enterprise 1.8.9 and 1.9.4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://discuss.hashicorp.com",
"refsource": "MISC",
"name": "https://discuss.hashicorp.com"
},
{
"refsource": "MISC",
"name": "https://discuss.hashicorp.com/t/hcsec-2022-09-vault-pki-secrets-engine-policy-results-in-incorrect-wildcard-certificate-issuance/36600",
"url": "https://discuss.hashicorp.com/t/hcsec-2022-09-vault-pki-secrets-engine-policy-results-in-incorrect-wildcard-certificate-issuance/36600"
}
]
}

61
2022/25xxx/CVE-2022-25244.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-25244",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-25244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with `read` permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://discuss.hashicorp.com",
"refsource": "MISC",
"name": "https://discuss.hashicorp.com"
},
{
"refsource": "MISC",
"name": "https://discuss.hashicorp.com/t/hcsec-2022-08-vault-enterprise-s-tokenization-transform-configuration-endpoint-may-expose-transform-key/36599",
"url": "https://discuss.hashicorp.com/t/hcsec-2022-08-vault-enterprise-s-tokenization-transform-configuration-endpoint-may-expose-transform-key/36599"
}
]
}

5
2022/25xxx/CVE-2022-25258.json
View File

@ -71,6 +71,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2022-9d4e48836d",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TCW2KZYJ2H6BKZE3CVLHRIXYDGNYYC5P/"
},
{
"refsource": "DEBIAN",
"name": "DSA-5092",
"url": "https://www.debian.org/security/2022/dsa-5092"
}
]
}

7
2022/25xxx/CVE-2022-25325.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-25325",
"ASSIGNER": "vultures@jpcert.or.jp"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -44,7 +45,9 @@
"references": {
"reference_data": [
{
"url": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
"url": "https://jvn.jp/en/vu/JVNVU90121984/index.html",
"refsource": "MISC",
"name": "https://jvn.jp/en/vu/JVNVU90121984/index.html"
}
]
},

5
2022/25xxx/CVE-2022-25375.json
View File

@ -71,6 +71,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20220221 CVE-2022-25375 : Linux RNDIS USB Gadget memory extraction via packet filter",
"url": "http://www.openwall.com/lists/oss-security/2022/02/21/1"
},
{
"refsource": "DEBIAN",
"name": "DSA-5092",
"url": "https://www.debian.org/security/2022/dsa-5092"
}
]
}

61
2022/26xxx/CVE-2022-26311.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26311",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-26311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Couchbase Operator 2.2.x before 2.2.3 exposes Sensitive Information to an Unauthorized Actor. Secrets are not redacted in logs collected from Kubernetes environments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.couchbase.com/alerts",
"url": "https://www.couchbase.com/alerts"
},
{
"url": "https://docs.couchbase.com/operator/current/overview.html",
"refsource": "MISC",
"name": "https://docs.couchbase.com/operator/current/overview.html"
}
]
}

18
2022/26xxx/CVE-2022-26520.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26520",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/26xxx/CVE-2022-26654.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26654",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/26xxx/CVE-2022-26655.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26655",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/26xxx/CVE-2022-26656.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26656",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/26xxx/CVE-2022-26657.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26657",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/26xxx/CVE-2022-26658.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26658",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/26xxx/CVE-2022-26659.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26659",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/26xxx/CVE-2022-26660.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26660",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/26xxx/CVE-2022-26661.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26661",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/26xxx/CVE-2022-26662.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26662",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}