From c2029a6e04b0943b82f2d22bfb82ce57ca04fdf4 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 1 Sep 2022 13:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2007/20xxx/CVE-2007-20001.json | 2 +- 2013/20xxx/CVE-2013-20004.json | 2 +- 2022/23xxx/CVE-2022-23858.json | 2 +- 2022/36xxx/CVE-2022-36052.json | 12 +++--- 2022/36xxx/CVE-2022-36053.json | 2 +- 2022/36xxx/CVE-2022-36054.json | 10 ++--- 2022/38xxx/CVE-2022-38149.json | 2 +- 2022/38xxx/CVE-2022-38790.json | 74 +++++++++++++++++++++++++++++++--- 2022/3xxx/CVE-2022-3079.json | 18 +++++++++ 9 files changed, 102 insertions(+), 22 deletions(-) create mode 100644 2022/3xxx/CVE-2022-3079.json diff --git a/2007/20xxx/CVE-2007-20001.json b/2007/20xxx/CVE-2007-20001.json index fb2071a9e38..e2d9e7d01c5 100644 --- a/2007/20xxx/CVE-2007-20001.json +++ b/2007/20xxx/CVE-2007-20001.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "StarWind iSCSI SAN before 3.5 build 2007-08-09 allows socket exhaustion." + "value": "A flaw was found in StarWind iSCSI target. An attacker could script standard iSCSI Initiator operation(s) to exhaust the StarWind service socket, which could lead to denial of service. This affects iSCSI SAN (Windows Native) Version 3.2.2 build 2007-02-20." } ] }, diff --git a/2013/20xxx/CVE-2013-20004.json b/2013/20xxx/CVE-2013-20004.json index f6739f7bb52..89a95ed4746 100644 --- a/2013/20xxx/CVE-2013-20004.json +++ b/2013/20xxx/CVE-2013-20004.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "StarWind iSCSI SAN before 6.0 build 2013-03-20 allows a memory leak." + "value": "A flaw was found in StarWind iSCSI target. StarWind service does not limit client connections and allocates memory on each connection attempt. An attacker could create a denial of service state by trying to connect a non-existent target multiple times. This affects iSCSI SAN (Windows Native) Version 6.0, build 2013-01-16." } ] }, diff --git a/2022/23xxx/CVE-2022-23858.json b/2022/23xxx/CVE-2022-23858.json index fc598ce1e98..d3012dbb67e 100644 --- a/2022/23xxx/CVE-2022-23858.json +++ b/2022/23xxx/CVE-2022-23858.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "In StarWind Command Center before V2 build 6021, an authenticated read-only user can elevate privileges to administrator through the REST API." + "value": "A flaw was found in the REST API. An improperly handled REST API call could allow any logged user to elevate privileges up to the system account. This affects StarWind Command Center build 6003 v2." } ] }, diff --git a/2022/36xxx/CVE-2022-36052.json b/2022/36xxx/CVE-2022-36052.json index 951a010d8f2..4fd32eb7df4 100644 --- a/2022/36xxx/CVE-2022-36052.json +++ b/2022/36xxx/CVE-2022-36052.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The 6LoWPAN implementation in Contiki-NG may cast a UDP header structure at a certain offset in a packet buffer. The code does not check whether the packet buffer is large enough to fit a full UDP header structure from the offset where the casting is made. Hence, it is possible to cause an out-of-bounds read beyond the packet buffer. The problem affects anyone running devices with Contiki-NG versions previous to 4.8, and which may receive 6LoWPAN packets from external parties. The problem has been patched in Contiki-NG version 4.8.\n" + "value": "Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The 6LoWPAN implementation in Contiki-NG may cast a UDP header structure at a certain offset in a packet buffer. The code does not check whether the packet buffer is large enough to fit a full UDP header structure from the offset where the casting is made. Hence, it is possible to cause an out-of-bounds read beyond the packet buffer. The problem affects anyone running devices with Contiki-NG versions previous to 4.8, and which may receive 6LoWPAN packets from external parties. The problem has been patched in Contiki-NG version 4.8." } ] }, @@ -69,15 +69,15 @@ }, "references": { "reference_data": [ - { - "name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-vwr8-6mqv-x7f5", - "refsource": "CONFIRM", - "url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-vwr8-6mqv-x7f5" - }, { "name": "https://github.com/contiki-ng/contiki-ng/pull/1648", "refsource": "MISC", "url": "https://github.com/contiki-ng/contiki-ng/pull/1648" + }, + { + "name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-vwr8-6mqv-x7f5", + "refsource": "CONFIRM", + "url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-vwr8-6mqv-x7f5" } ] }, diff --git a/2022/36xxx/CVE-2022-36053.json b/2022/36xxx/CVE-2022-36053.json index 977bfa9ef87..08ceebce322 100644 --- a/2022/36xxx/CVE-2022-36053.json +++ b/2022/36xxx/CVE-2022-36053.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The low-power IPv6 network stack of Contiki-NG has a buffer module (os/net/ipv6/uipbuf.c) that processes IPv6 extension headers in incoming data packets. As part of this processing, the function uipbuf_get_next_header casts a pointer to a uip_ext_hdr structure into the packet buffer at different offsets where extension headers are expected to be found, and then reads from this structure. Because of a lack of bounds checking, the casting can be done so that the structure extends beyond the packet's end. Hence, with a carefully crafted packet, it is possible to cause the Contiki-NG system to read data outside the packet buffer. A patch that fixes the vulnerability is included in Contiki-NG 4.8.\n\n" + "value": "Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The low-power IPv6 network stack of Contiki-NG has a buffer module (os/net/ipv6/uipbuf.c) that processes IPv6 extension headers in incoming data packets. As part of this processing, the function uipbuf_get_next_header casts a pointer to a uip_ext_hdr structure into the packet buffer at different offsets where extension headers are expected to be found, and then reads from this structure. Because of a lack of bounds checking, the casting can be done so that the structure extends beyond the packet's end. Hence, with a carefully crafted packet, it is possible to cause the Contiki-NG system to read data outside the packet buffer. A patch that fixes the vulnerability is included in Contiki-NG 4.8." } ] }, diff --git a/2022/36xxx/CVE-2022-36054.json b/2022/36xxx/CVE-2022-36054.json index 4b453f58569..70c29a4e52a 100644 --- a/2022/36xxx/CVE-2022-36054.json +++ b/2022/36xxx/CVE-2022-36054.json @@ -69,15 +69,15 @@ }, "references": { "reference_data": [ - { - "name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-c36p-vhwg-244c", - "refsource": "CONFIRM", - "url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-c36p-vhwg-244c" - }, { "name": "https://github.com/contiki-ng/contiki-ng/pull/1648", "refsource": "MISC", "url": "https://github.com/contiki-ng/contiki-ng/pull/1648" + }, + { + "name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-c36p-vhwg-244c", + "refsource": "CONFIRM", + "url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-c36p-vhwg-244c" } ] }, diff --git a/2022/38xxx/CVE-2022-38149.json b/2022/38xxx/CVE-2022-38149.json index 8007f50f1d5..a2cc2dde9fc 100644 --- a/2022/38xxx/CVE-2022-38149.json +++ b/2022/38xxx/CVE-2022-38149.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "HashiCorp Consul Template through 0.29.1 inserts Sensitive Information into a Log File." + "value": "HashiCorp Consul Template up to 0.27.2, 0.28.2, and 0.29.1 may expose the contents of Vault secrets in the error returned by the *template.Template.Execute method, when given a template using Vault secret contents incorrectly. Fixed in 0.27.3, 0.28.3, and 0.29.2." } ] }, diff --git a/2022/38xxx/CVE-2022-38790.json b/2022/38xxx/CVE-2022-38790.json index c7ecece7e31..eff2c78d827 100644 --- a/2022/38xxx/CVE-2022-38790.json +++ b/2022/38xxx/CVE-2022-38790.json @@ -1,18 +1,80 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-38790", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-38790", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Weave GitOps Enterprise before 0.9.0-rc.5 has a cross-site scripting (XSS) bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the victim's permission. The exposure appears in Weave GitOps Enterprise UI via a GitopsCluster dashboard link. An annotation can be added to a GitopsCluster custom resource." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.weave.works/product/gitops-enterprise/", + "refsource": "MISC", + "name": "https://www.weave.works/product/gitops-enterprise/" + }, + { + "url": "https://docs.gitops.weave.works/docs/intro", + "refsource": "MISC", + "name": "https://docs.gitops.weave.works/docs/intro" + }, + { + "url": "https://docs.gitops.weave.works/docs/cluster-management/getting-started/#profiles-and-clusters", + "refsource": "MISC", + "name": "https://docs.gitops.weave.works/docs/cluster-management/getting-started/#profiles-and-clusters" + }, + { + "refsource": "MISC", + "name": "https://docs.gitops.weave.works/security/cve/enterprise/CVE-2022-38790/index.html", + "url": "https://docs.gitops.weave.works/security/cve/enterprise/CVE-2022-38790/index.html" + } + ] + }, + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3079.json b/2022/3xxx/CVE-2022-3079.json new file mode 100644 index 00000000000..c5e5d5a6bd4 --- /dev/null +++ b/2022/3xxx/CVE-2022-3079.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3079", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file