admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-10-07 21:00:31 +00:00
parent d5846443b5
commit c0a8933af7
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
9 changed files with 343 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2021/21xxx/CVE-2021-21772.json
View File

@ -73,6 +73,11 @@
"refsource": "GENTOO",
"name": "GLSA-202208-01",
"url": "https://security.gentoo.org/glsa/202208-01"
},
{
"refsource": "MISC",
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1226",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1226"
}
]
},

50
2022/31xxx/CVE-2022-31680.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-31680",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@vmware.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "VMware vCenter Server",
"version": {
"version_data": [
{
"version_value": "VMware vCenter Server 6.5 prior to U3u"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unsafe deserialization vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0025.html",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0025.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server."
}
]
}

50
2022/31xxx/CVE-2022-31681.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-31681",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@vmware.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "VMware ESXi",
"version": {
"version_data": [
{
"version_value": "VMware ESXi (7.0 prior to ESXi70U3sf-20036586, 6.7 prior to ESXi670-202210101-SG & 6.5 prior to ESXi650-202210101-SG)"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Null-pointer dereference vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0025.html",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0025.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host."
}
]
}

10
2022/39xxx/CVE-2022-39289.json
View File

@ -80,15 +80,15 @@
},
"references": {
"reference_data": [
{
"name": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-mpcx-3gvh-9488",
"refsource": "CONFIRM",
"url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-mpcx-3gvh-9488"
},
{
"name": "https://github.com/ZoneMinder/zoneminder/commit/34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4",
"refsource": "MISC",
"url": "https://github.com/ZoneMinder/zoneminder/commit/34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4"
},
{
"name": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-mpcx-3gvh-9488",
"refsource": "CONFIRM",
"url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-mpcx-3gvh-9488"
}
]
},

12
2022/39xxx/CVE-2022-39290.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET and removing the CSRF key from the request. An attacker can take advantage of this by using an HTTP GET request to perform actions with no CSRF protection. This could allow an attacker to cause an authenticated user to perform unexpected actions on the web application. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.\n"
"value": "ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET and removing the CSRF key from the request. An attacker can take advantage of this by using an HTTP GET request to perform actions with no CSRF protection. This could allow an attacker to cause an authenticated user to perform unexpected actions on the web application. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue."
}
]
},
@ -72,15 +72,15 @@
},
"references": {
"reference_data": [
{
"name": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-xgv6-qv6c-399q",
"refsource": "CONFIRM",
"url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-xgv6-qv6c-399q"
},
{
"name": "https://github.com/ZoneMinder/zoneminder/commit/c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d",
"refsource": "MISC",
"url": "https://github.com/ZoneMinder/zoneminder/commit/c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d"
},
{
"name": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-xgv6-qv6c-399q",
"refsource": "CONFIRM",
"url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-xgv6-qv6c-399q"
}
]
},

86
2022/3xxx/CVE-2022-3275.json
View File

@ -1,18 +1,92 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@puppet.com",
"ID": "CVE-2022-3275",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Puppetlabs-apt Command Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "puppetlabs-apt",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "9.0.0"
}
]
}
}
]
},
"vendor_name": "Puppet"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tam\u00e1s Koczka and the Google Security Team"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://puppet.com/security/cve/CVE-2022-3275",
"name": "https://puppet.com/security/cve/CVE-2022-3275"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

86
2022/3xxx/CVE-2022-3276.json
View File

@ -1,18 +1,92 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@puppet.com",
"ID": "CVE-2022-3276",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Puppetlabs-mysql Command Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "puppetlabs-mysql",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "13.0.0"
}
]
}
}
]
},
"vendor_name": "Puppet"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tam\u00e1s Koczka and the Google Security Team"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://puppet.com/security/cve/CVE-2022-3276",
"name": "https://puppet.com/security/cve/CVE-2022-3276"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

18
2022/3xxx/CVE-2022-3433.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3433",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

61
2022/41xxx/CVE-2022-41574.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-41574",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-41574",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occurring, and send emails with arbitrary text content to the configured installation-administrator contact address, via HTTP access to an accidentally exposed internal endpoint. This is fixed in 2022.3.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security.gradle.com",
"refsource": "MISC",
"name": "https://security.gradle.com"
},
{
"refsource": "MISC",
"name": "https://security.gradle.com/advisory/2022-12",
"url": "https://security.gradle.com/advisory/2022-12"
}
]
}