From c74d15d72d02eddd6d64d4e563295f19ffe47237 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 16 Dec 2022 18:00:43 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/41xxx/CVE-2022-41964.json | 81 ++++++++++++++++++++++++++++++++-- 2022/41xxx/CVE-2022-41972.json | 81 ++++++++++++++++++++++++++++++++-- 2022/4xxx/CVE-2022-4563.json | 16 ++++--- 2022/4xxx/CVE-2022-4564.json | 20 ++++++--- 2022/4xxx/CVE-2022-4565.json | 18 ++++++++ 2022/4xxx/CVE-2022-4566.json | 18 ++++++++ 6 files changed, 215 insertions(+), 19 deletions(-) create mode 100644 2022/4xxx/CVE-2022-4565.json create mode 100644 2022/4xxx/CVE-2022-4566.json diff --git a/2022/41xxx/CVE-2022-41964.json b/2022/41xxx/CVE-2022-41964.json index 0ec8abc63bf..4927f8db80d 100644 --- a/2022/41xxx/CVE-2022-41964.json +++ b/2022/41xxx/CVE-2022-41964.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41964", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "BigBlueButton is an open source web conferencing system. This vulnerability only affects release candidates of BigBlueButton 2.4. The attacker can start a subscription for poll results before starting an anonymous poll, and use this subscription to see individual responses in the anonymous poll. The attacker had to be a meeting presenter. This issue is patched in version 2.4.0. There are no workarounds." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "bigbluebutton", + "product": { + "product_data": [ + { + "product_name": "bigbluebutton", + "version": { + "version_data": [ + { + "version_value": ">= 2.4-alpha-1, < 2.4.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-fgmj-rx7j-fqr4", + "refsource": "MISC", + "name": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-fgmj-rx7j-fqr4" + }, + { + "url": "https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.4.0", + "refsource": "MISC", + "name": "https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.4.0" + } + ] + }, + "source": { + "advisory": "GHSA-fgmj-rx7j-fqr4", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2022/41xxx/CVE-2022-41972.json b/2022/41xxx/CVE-2022-41972.json index 5466960e5e0..457bcf5bb8b 100644 --- a/2022/41xxx/CVE-2022-41972.json +++ b/2022/41xxx/CVE-2022-41972.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41972", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to 4.9 contain a NULL Pointer Dereference in BLE L2CAP module. The Contiki-NG operating system for IoT devices contains a Bluetooth Low Energy stack. An attacker can inject a packet in this stack, which causes the implementation to dereference a NULL pointer and triggers undefined behavior. More specifically, while processing the L2CAP protocol, the implementation maps an incoming channel ID to its metadata structure. In this structure, state information regarding credits is managed through calls to the function input_l2cap_credit in the module os/net/mac/ble/ble-l2cap.c. Unfortunately, the input_l2cap_credit function does not check that the metadata corresponding to the user-supplied channel ID actually exists, which can lead to the channel variable being set to NULL before a pointer dereferencing operation is performed. The vulnerability has been patched in the \"develop\" branch of Contiki-NG, and will be included in release 4.9. Users can apply the patch in Contiki-NG pull request #2253 as a workaround until the new package is released." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476: NULL Pointer Dereference", + "cweId": "CWE-476" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "contiki-ng", + "product": { + "product_data": [ + { + "product_name": "contiki-ng", + "version": { + "version_data": [ + { + "version_value": "<= 4.8", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-24xp-g5gf-6vvm", + "refsource": "MISC", + "name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-24xp-g5gf-6vvm" + }, + { + "url": "https://github.com/contiki-ng/contiki-ng/pull/2253", + "refsource": "MISC", + "name": "https://github.com/contiki-ng/contiki-ng/pull/2253" + } + ] + }, + "source": { + "advisory": "GHSA-24xp-g5gf-6vvm", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 2.9, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2022/4xxx/CVE-2022-4563.json b/2022/4xxx/CVE-2022-4563.json index 10fece6a3fc..a588e76d1f8 100644 --- a/2022/4xxx/CVE-2022-4563.json +++ b/2022/4xxx/CVE-2022-4563.json @@ -22,7 +22,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -57,19 +57,25 @@ "cvss": { "version": "3.1", "baseScore": "7.8", - "vectorString": "CVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H" + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/freedomofpress\/securedrop\/pull\/6704" + "url": "https://github.com/freedomofpress/securedrop/pull/6704", + "refsource": "MISC", + "name": "https://github.com/freedomofpress/securedrop/pull/6704" }, { - "url": "https:\/\/github.com\/freedomofpress\/securedrop\/commit\/b0526a06f8ca713cce74b63e00d3730618d89691" + "url": "https://github.com/freedomofpress/securedrop/commit/b0526a06f8ca713cce74b63e00d3730618d89691", + "refsource": "MISC", + "name": "https://github.com/freedomofpress/securedrop/commit/b0526a06f8ca713cce74b63e00d3730618d89691" }, { - "url": "https:\/\/vuldb.com\/?id.215972" + "url": "https://vuldb.com/?id.215972", + "refsource": "MISC", + "name": "https://vuldb.com/?id.215972" } ] } diff --git a/2022/4xxx/CVE-2022-4564.json b/2022/4xxx/CVE-2022-4564.json index bb3679354f3..96104a2f7d1 100644 --- a/2022/4xxx/CVE-2022-4564.json +++ b/2022/4xxx/CVE-2022-4564.json @@ -49,7 +49,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability classified as problematic has been found in University of Central Florida Materia up to 9.0.1-alpha1. This affects the function before of the file fuel\/app\/classes\/controller\/api.php of the component API Controller. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 9.0.2-alpha2 is able to address this issue. The name of the patch is af259115d2e8f17068e61902151ee8a9dbac397b. It is recommended to upgrade the affected component. The identifier VDB-215973 was assigned to this vulnerability." + "value": "A vulnerability classified as problematic has been found in University of Central Florida Materia up to 9.0.1-alpha1. This affects the function before of the file fuel/app/classes/controller/api.php of the component API Controller. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 9.0.2-alpha2 is able to address this issue. The name of the patch is af259115d2e8f17068e61902151ee8a9dbac397b. It is recommended to upgrade the affected component. The identifier VDB-215973 was assigned to this vulnerability." } ] }, @@ -57,22 +57,30 @@ "cvss": { "version": "3.1", "baseScore": "4.3", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:L\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/ucfopen\/Materia\/pull\/1371" + "url": "https://github.com/ucfopen/Materia/pull/1371", + "refsource": "MISC", + "name": "https://github.com/ucfopen/Materia/pull/1371" }, { - "url": "https:\/\/github.com\/ucfopen\/Materia\/releases\/tag\/v9.0.2-alpha2" + "url": "https://github.com/ucfopen/Materia/releases/tag/v9.0.2-alpha2", + "refsource": "MISC", + "name": "https://github.com/ucfopen/Materia/releases/tag/v9.0.2-alpha2" }, { - "url": "https:\/\/github.com\/ucfopen\/Materia\/commit\/af259115d2e8f17068e61902151ee8a9dbac397b" + "url": "https://github.com/ucfopen/Materia/commit/af259115d2e8f17068e61902151ee8a9dbac397b", + "refsource": "MISC", + "name": "https://github.com/ucfopen/Materia/commit/af259115d2e8f17068e61902151ee8a9dbac397b" }, { - "url": "https:\/\/vuldb.com\/?id.215973" + "url": "https://vuldb.com/?id.215973", + "refsource": "MISC", + "name": "https://vuldb.com/?id.215973" } ] } diff --git a/2022/4xxx/CVE-2022-4565.json b/2022/4xxx/CVE-2022-4565.json new file mode 100644 index 00000000000..c9bca831bbd --- /dev/null +++ b/2022/4xxx/CVE-2022-4565.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4565", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4566.json b/2022/4xxx/CVE-2022-4566.json new file mode 100644 index 00000000000..cd2b4a1b13b --- /dev/null +++ b/2022/4xxx/CVE-2022-4566.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4566", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file