From c79e4b57f7952169b23ccca4e326090fd79f06b7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 26 Sep 2022 02:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/18xxx/CVE-2018-18897.json | 5 +++ 2018/19xxx/CVE-2018-19058.json | 5 +++ 2018/20xxx/CVE-2018-20650.json | 5 +++ 2019/14xxx/CVE-2019-14494.json | 5 +++ 2019/9xxx/CVE-2019-9903.json | 5 +++ 2019/9xxx/CVE-2019-9959.json | 5 +++ 2020/27xxx/CVE-2020-27778.json | 5 +++ 2022/27xxx/CVE-2022-27337.json | 5 +++ 2022/35xxx/CVE-2022-35951.json | 5 +++ 2022/38xxx/CVE-2022-38784.json | 5 +++ 2022/41xxx/CVE-2022-41347.json | 77 ++++++++++++++++++++++++++++++++++ 2022/41xxx/CVE-2022-41348.json | 18 ++++++++ 2022/41xxx/CVE-2022-41349.json | 18 ++++++++ 2022/41xxx/CVE-2022-41350.json | 18 ++++++++ 2022/41xxx/CVE-2022-41351.json | 18 ++++++++ 2022/41xxx/CVE-2022-41352.json | 72 +++++++++++++++++++++++++++++++ 16 files changed, 271 insertions(+) create mode 100644 2022/41xxx/CVE-2022-41347.json create mode 100644 2022/41xxx/CVE-2022-41348.json create mode 100644 2022/41xxx/CVE-2022-41349.json create mode 100644 2022/41xxx/CVE-2022-41350.json create mode 100644 2022/41xxx/CVE-2022-41351.json create mode 100644 2022/41xxx/CVE-2022-41352.json diff --git a/2018/18xxx/CVE-2018-18897.json b/2018/18xxx/CVE-2018-18897.json index f85fe0c2b69..8b1ec38853d 100644 --- a/2018/18xxx/CVE-2018-18897.json +++ b/2018/18xxx/CVE-2018-18897.json @@ -71,6 +71,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2713", "url": "https://access.redhat.com/errata/RHSA-2019:2713" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html" } ] } diff --git a/2018/19xxx/CVE-2018-19058.json b/2018/19xxx/CVE-2018-19058.json index 5ce50adab08..5ea27e10e79 100644 --- a/2018/19xxx/CVE-2018-19058.json +++ b/2018/19xxx/CVE-2018-19058.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20201108 [SECURITY] [DLA 2440-1] poppler security update", "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html" } ] } diff --git a/2018/20xxx/CVE-2018-20650.json b/2018/20xxx/CVE-2018-20650.json index 50904767ac1..8c92c4089b2 100644 --- a/2018/20xxx/CVE-2018-20650.json +++ b/2018/20xxx/CVE-2018-20650.json @@ -91,6 +91,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20201108 [SECURITY] [DLA 2440-1] poppler security update", "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html" } ] } diff --git a/2019/14xxx/CVE-2019-14494.json b/2019/14xxx/CVE-2019-14494.json index 999c2519fa9..7b59b9348a3 100644 --- a/2019/14xxx/CVE-2019-14494.json +++ b/2019/14xxx/CVE-2019-14494.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20201108 [SECURITY] [DLA 2440-1] poppler security update", "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html" } ] } diff --git a/2019/9xxx/CVE-2019-9903.json b/2019/9xxx/CVE-2019-9903.json index 765f80eaa7a..e1da87668ba 100644 --- a/2019/9xxx/CVE-2019-9903.json +++ b/2019/9xxx/CVE-2019-9903.json @@ -91,6 +91,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2713", "url": "https://access.redhat.com/errata/RHSA-2019:2713" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html" } ] } diff --git a/2019/9xxx/CVE-2019-9959.json b/2019/9xxx/CVE-2019-9959.json index 0a70ea7d189..3ec2b9047dd 100644 --- a/2019/9xxx/CVE-2019-9959.json +++ b/2019/9xxx/CVE-2019-9959.json @@ -86,6 +86,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20201108 [SECURITY] [DLA 2440-1] poppler security update", "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html" } ] } diff --git a/2020/27xxx/CVE-2020-27778.json b/2020/27xxx/CVE-2020-27778.json index 9a81db68551..53a31c9a767 100644 --- a/2020/27xxx/CVE-2020-27778.json +++ b/2020/27xxx/CVE-2020-27778.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1900712", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900712" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html" } ] }, diff --git a/2022/27xxx/CVE-2022-27337.json b/2022/27xxx/CVE-2022-27337.json index 9529b998829..50849c35680 100644 --- a/2022/27xxx/CVE-2022-27337.json +++ b/2022/27xxx/CVE-2022-27337.json @@ -71,6 +71,11 @@ "refsource": "DEBIAN", "name": "DSA-5224", "url": "https://www.debian.org/security/2022/dsa-5224" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html" } ] } diff --git a/2022/35xxx/CVE-2022-35951.json b/2022/35xxx/CVE-2022-35951.json index cdbac155768..96d33c64b56 100644 --- a/2022/35xxx/CVE-2022-35951.json +++ b/2022/35xxx/CVE-2022-35951.json @@ -73,6 +73,11 @@ "name": "https://github.com/redis/redis/security/advisories/GHSA-5gc4-76rx-22c9", "refsource": "CONFIRM", "url": "https://github.com/redis/redis/security/advisories/GHSA-5gc4-76rx-22c9" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-de7b3ceca6", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A7INCOOFPPEAKNDBZU3TIZJPYXBULI2C/" } ] }, diff --git a/2022/38xxx/CVE-2022-38784.json b/2022/38xxx/CVE-2022-38784.json index 9cfedb90eb4..65974e68949 100644 --- a/2022/38xxx/CVE-2022-38784.json +++ b/2022/38xxx/CVE-2022-38784.json @@ -100,6 +100,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-51b27699ce", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J546EJUKUOPWA3JSLP7DYNBAU3YGNCCW/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html" } ] }, diff --git a/2022/41xxx/CVE-2022-41347.json b/2022/41xxx/CVE-2022-41347.json new file mode 100644 index 00000000000..cd4465c2c7d --- /dev/null +++ b/2022/41xxx/CVE-2022-41347.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2022-41347", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Zimbra Collaboration (ZCS) 8.8.x and 9.x (e.g., 8.8.15). The Sudo configuration permits the zimbra user to execute the NGINX binary as root with arbitrary parameters. As part of its intended functionality, NGINX can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", + "refsource": "MISC", + "name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories" + }, + { + "url": "https://wiki.zimbra.com/wiki/Security_Center", + "refsource": "MISC", + "name": "https://wiki.zimbra.com/wiki/Security_Center" + }, + { + "url": "https://darrenmartyn.ie/2021/10/25/zimbra-nginx-local-root-exploit/", + "refsource": "MISC", + "name": "https://darrenmartyn.ie/2021/10/25/zimbra-nginx-local-root-exploit/" + }, + { + "url": "https://github.com/darrenmartyn/zimbra-hinginx", + "refsource": "MISC", + "name": "https://github.com/darrenmartyn/zimbra-hinginx" + } + ] + } +} \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41348.json b/2022/41xxx/CVE-2022-41348.json new file mode 100644 index 00000000000..d15c38e84bb --- /dev/null +++ b/2022/41xxx/CVE-2022-41348.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-41348", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41349.json b/2022/41xxx/CVE-2022-41349.json new file mode 100644 index 00000000000..d420ded3bfd --- /dev/null +++ b/2022/41xxx/CVE-2022-41349.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-41349", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41350.json b/2022/41xxx/CVE-2022-41350.json new file mode 100644 index 00000000000..59cb4aa21e8 --- /dev/null +++ b/2022/41xxx/CVE-2022-41350.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-41350", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41351.json b/2022/41xxx/CVE-2022-41351.json new file mode 100644 index 00000000000..a6d4414b729 --- /dev/null +++ b/2022/41xxx/CVE-2022-41351.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-41351", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41352.json b/2022/41xxx/CVE-2022-41352.json new file mode 100644 index 00000000000..8122c0b985b --- /dev/null +++ b/2022/41xxx/CVE-2022-41352.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2022-41352", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavisd via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavisd automatically prefers it over cpio." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", + "refsource": "MISC", + "name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories" + }, + { + "url": "https://wiki.zimbra.com/wiki/Security_Center", + "refsource": "MISC", + "name": "https://wiki.zimbra.com/wiki/Security_Center" + }, + { + "url": "https://forums.zimbra.org/viewtopic.php?t=71153&p=306532", + "refsource": "MISC", + "name": "https://forums.zimbra.org/viewtopic.php?t=71153&p=306532" + } + ] + } +} \ No newline at end of file