"-Synchronized-Data."

2025-06-21 05:40:25 +00:00 · 2022-09-01 13:00:33 +00:00 · 2022-09-01 13:00:33 +00:00 · c2029a6e04
commit c2029a6e04
parent e28f0c213e
9 changed files with 102 additions and 22 deletions
--- a/2007/20xxx/CVE-2007-20001.json
+++ b/2007/20xxx/CVE-2007-20001.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "StarWind iSCSI SAN before 3.5 build 2007-08-09 allows socket exhaustion."
+                "value": "A flaw was found in StarWind iSCSI target. An attacker could script standard iSCSI Initiator operation(s) to exhaust the StarWind service socket, which could lead to denial of service. This affects iSCSI SAN (Windows Native) Version 3.2.2 build 2007-02-20."
            }
        ]
    },
--- a/2013/20xxx/CVE-2013-20004.json
+++ b/2013/20xxx/CVE-2013-20004.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "StarWind iSCSI SAN before 6.0 build 2013-03-20 allows a memory leak."
+                "value": "A flaw was found in StarWind iSCSI target. StarWind service does not limit client connections and allocates memory on each connection attempt. An attacker could create a denial of service state by trying to connect a non-existent target multiple times. This affects iSCSI SAN (Windows Native) Version 6.0, build 2013-01-16."
            }
        ]
    },
--- a/2022/23xxx/CVE-2022-23858.json
+++ b/2022/23xxx/CVE-2022-23858.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "In StarWind Command Center before V2 build 6021, an authenticated read-only user can elevate privileges to administrator through the REST API."
+                "value": "A flaw was found in the REST API. An improperly handled REST API call could allow any logged user to elevate privileges up to the system account. This affects StarWind Command Center build 6003 v2."
            }
        ]
    },
--- a/2022/36xxx/CVE-2022-36052.json
+++ b/2022/36xxx/CVE-2022-36052.json
@ -35,7 +35,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The 6LoWPAN implementation in Contiki-NG may cast a UDP header structure at a certain offset in a packet buffer. The code does not check whether the packet buffer is large enough to fit a full UDP header structure from the offset where the casting is made. Hence, it is possible to cause an out-of-bounds read beyond the packet buffer. The problem affects anyone running devices with Contiki-NG versions previous to 4.8, and which may receive 6LoWPAN packets from external parties. The problem has been patched in Contiki-NG version 4.8.\n"
+                "value": "Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The 6LoWPAN implementation in Contiki-NG may cast a UDP header structure at a certain offset in a packet buffer. The code does not check whether the packet buffer is large enough to fit a full UDP header structure from the offset where the casting is made. Hence, it is possible to cause an out-of-bounds read beyond the packet buffer. The problem affects anyone running devices with Contiki-NG versions previous to 4.8, and which may receive 6LoWPAN packets from external parties. The problem has been patched in Contiki-NG version 4.8."
            }
        ]
    },
@ -69,15 +69,15 @@
    },
    "references": {
        "reference_data": [
            {
                "name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-vwr8-6mqv-x7f5",
                "refsource": "CONFIRM",
                "url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-vwr8-6mqv-x7f5"
            },
            {
                "name": "https://github.com/contiki-ng/contiki-ng/pull/1648",
                "refsource": "MISC",
                "url": "https://github.com/contiki-ng/contiki-ng/pull/1648"
            },
            {
                "name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-vwr8-6mqv-x7f5",
                "refsource": "CONFIRM",
                "url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-vwr8-6mqv-x7f5"
            }
        ]
    },
--- a/2022/36xxx/CVE-2022-36053.json
+++ b/2022/36xxx/CVE-2022-36053.json
@ -35,7 +35,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The low-power IPv6 network stack of Contiki-NG has a buffer module (os/net/ipv6/uipbuf.c) that processes IPv6 extension headers in incoming data packets. As part of this processing, the function uipbuf_get_next_header casts a pointer to a uip_ext_hdr structure into the packet buffer at different offsets where extension headers are expected to be found, and then reads from this structure. Because of a lack of bounds checking, the casting can be done so that the structure extends beyond the packet's end. Hence, with a carefully crafted packet, it is possible to cause the Contiki-NG system to read data outside the packet buffer. A patch that fixes the vulnerability is included in Contiki-NG 4.8.\n\n"
+                "value": "Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The low-power IPv6 network stack of Contiki-NG has a buffer module (os/net/ipv6/uipbuf.c) that processes IPv6 extension headers in incoming data packets. As part of this processing, the function uipbuf_get_next_header casts a pointer to a uip_ext_hdr structure into the packet buffer at different offsets where extension headers are expected to be found, and then reads from this structure. Because of a lack of bounds checking, the casting can be done so that the structure extends beyond the packet's end. Hence, with a carefully crafted packet, it is possible to cause the Contiki-NG system to read data outside the packet buffer. A patch that fixes the vulnerability is included in Contiki-NG 4.8."
            }
        ]
    },
--- a/2022/36xxx/CVE-2022-36054.json
+++ b/2022/36xxx/CVE-2022-36054.json
@ -69,15 +69,15 @@
    },
    "references": {
        "reference_data": [
            {
                "name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-c36p-vhwg-244c",
                "refsource": "CONFIRM",
                "url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-c36p-vhwg-244c"
            },
            {
                "name": "https://github.com/contiki-ng/contiki-ng/pull/1648",
                "refsource": "MISC",
                "url": "https://github.com/contiki-ng/contiki-ng/pull/1648"
            },
            {
                "name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-c36p-vhwg-244c",
                "refsource": "CONFIRM",
                "url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-c36p-vhwg-244c"
            }
        ]
    },
--- a/2022/38xxx/CVE-2022-38149.json
+++ b/2022/38xxx/CVE-2022-38149.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "HashiCorp Consul Template through 0.29.1 inserts Sensitive Information into a Log File."
+                "value": "HashiCorp Consul Template up to 0.27.2, 0.28.2, and 0.29.1 may expose the contents of Vault secrets in the error returned by the *template.Template.Execute method, when given a template using Vault secret contents incorrectly. Fixed in 0.27.3, 0.28.3, and 0.29.2."
            }
        ]
    },
--- a/2022/38xxx/CVE-2022-38790.json
+++ b/2022/38xxx/CVE-2022-38790.json
@ -1,18 +1,80 @@
 {
    "data_type": "CVE",
    "data_format": "MITRE",
    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2022-38790",
        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ID": "CVE-2022-38790",
        "STATE": "PUBLIC"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "n/a",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "n/a"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "n/a"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Weave GitOps Enterprise before 0.9.0-rc.5 has a cross-site scripting (XSS) bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the victim's permission. The exposure appears in Weave GitOps Enterprise UI via a GitopsCluster dashboard link. An annotation can be added to a GitopsCluster custom resource."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "n/a"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "url": "https://www.weave.works/product/gitops-enterprise/",
                "refsource": "MISC",
                "name": "https://www.weave.works/product/gitops-enterprise/"
            },
            {
                "url": "https://docs.gitops.weave.works/docs/intro",
                "refsource": "MISC",
                "name": "https://docs.gitops.weave.works/docs/intro"
            },
            {
                "url": "https://docs.gitops.weave.works/docs/cluster-management/getting-started/#profiles-and-clusters",
                "refsource": "MISC",
                "name": "https://docs.gitops.weave.works/docs/cluster-management/getting-started/#profiles-and-clusters"
            },
            {
                "refsource": "MISC",
                "name": "https://docs.gitops.weave.works/security/cve/enterprise/CVE-2022-38790/index.html",
                "url": "https://docs.gitops.weave.works/security/cve/enterprise/CVE-2022-38790/index.html"
            }
        ]
    },
    "source": {
        "discovery": "INTERNAL"
    }
 }
--- a/2022/3xxx/CVE-2022-3079.json
+++ b/2022/3xxx/CVE-2022-3079.json
@ -0,0 +1,18 @@
 {
    "data_type": "CVE",
    "data_format": "MITRE",
    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2022-3079",
        "ASSIGNER": "cve@mitre.org",
        "STATE": "RESERVED"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
            }
        ]
    }
 }