From 6afbfea84cc572e292da09a3ed488e81063bd52d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 19 Oct 2022 18:00:35 +0000 Subject: [PATCH 1/5] "-Synchronized-Data." --- 2013/4xxx/CVE-2013-4253.json | 63 ++++++++++++++++++++--- 2013/4xxx/CVE-2013-4281.json | 63 ++++++++++++++++++++--- 2017/2xxx/CVE-2017-2601.json | 5 ++ 2022/1xxx/CVE-2022-1414.json | 55 ++++++++++++++++++-- 2022/1xxx/CVE-2022-1523.json | 94 +++++++++++++++++++++++++++++++--- 2022/1xxx/CVE-2022-1738.json | 94 +++++++++++++++++++++++++++++++--- 2022/1xxx/CVE-2022-1970.json | 4 +- 2022/23xxx/CVE-2022-23241.json | 50 ++++++++++++++++-- 2022/2xxx/CVE-2022-2805.json | 55 ++++++++++++++++++-- 2022/3xxx/CVE-2022-3586.json | 55 ++++++++++++++++++-- 2022/40xxx/CVE-2022-40884.json | 61 +++++++++++++++++++--- 2022/40xxx/CVE-2022-40885.json | 61 +++++++++++++++++++--- 2022/42xxx/CVE-2022-42227.json | 56 +++++++++++++++++--- 2022/43xxx/CVE-2022-43014.json | 56 +++++++++++++++++--- 2022/43xxx/CVE-2022-43015.json | 56 +++++++++++++++++--- 2022/43xxx/CVE-2022-43016.json | 56 +++++++++++++++++--- 2022/43xxx/CVE-2022-43017.json | 56 +++++++++++++++++--- 2022/43xxx/CVE-2022-43018.json | 56 +++++++++++++++++--- 2022/43xxx/CVE-2022-43019.json | 56 +++++++++++++++++--- 2022/43xxx/CVE-2022-43020.json | 56 +++++++++++++++++--- 2022/43xxx/CVE-2022-43021.json | 56 +++++++++++++++++--- 2022/43xxx/CVE-2022-43022.json | 56 +++++++++++++++++--- 2022/43xxx/CVE-2022-43023.json | 56 +++++++++++++++++--- 2022/43xxx/CVE-2022-43408.json | 5 ++ 2022/43xxx/CVE-2022-43410.json | 5 ++ 2022/43xxx/CVE-2022-43415.json | 5 ++ 2022/43xxx/CVE-2022-43416.json | 5 ++ 2022/43xxx/CVE-2022-43417.json | 5 ++ 2022/43xxx/CVE-2022-43418.json | 5 ++ 2022/43xxx/CVE-2022-43419.json | 5 ++ 2022/43xxx/CVE-2022-43420.json | 5 ++ 2022/43xxx/CVE-2022-43422.json | 5 ++ 2022/43xxx/CVE-2022-43426.json | 5 ++ 2022/43xxx/CVE-2022-43427.json | 5 ++ 2022/43xxx/CVE-2022-43430.json | 5 ++ 2022/43xxx/CVE-2022-43434.json | 5 ++ 2022/43xxx/CVE-2022-43435.json | 5 ++ 37 files changed, 1228 insertions(+), 118 deletions(-) diff --git a/2013/4xxx/CVE-2013-4253.json b/2013/4xxx/CVE-2013-4253.json index fbb782ab511..6983d2ecdb3 100644 --- a/2013/4xxx/CVE-2013-4253.json +++ b/2013/4xxx/CVE-2013-4253.json @@ -1,17 +1,66 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2013-4253", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-4253", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Red Hat Openshift", + "version": { + "version_data": [ + { + "version_value": "Red Hat Openshift 1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-377" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2014/06/05/19", + "url": "https://www.openwall.com/lists/oss-security/2014/06/05/19" + }, + { + "refsource": "MISC", + "name": "https://github.com/openshift/openshift-extras/blob/enterprise-2.0/README.md#security-notice", + "url": "https://github.com/openshift/openshift-extras/blob/enterprise-2.0/README.md#security-notice" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The deployment script in the unsupported \"OpenShift Extras\" set of add-on scripts, in Red Hat Openshift 1, installs a default public key in the root user's authorized_keys file." } ] } diff --git a/2013/4xxx/CVE-2013-4281.json b/2013/4xxx/CVE-2013-4281.json index 8282a9f9209..34f105fa09c 100644 --- a/2013/4xxx/CVE-2013-4281.json +++ b/2013/4xxx/CVE-2013-4281.json @@ -1,17 +1,66 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2013-4281", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-4281", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Red Hat Openshift", + "version": { + "version_data": [ + { + "version_value": "Red Hat Openshift 1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-276" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2014/06/05/19", + "url": "https://www.openwall.com/lists/oss-security/2014/06/05/19" + }, + { + "refsource": "MISC", + "name": "https://github.com/openshift/openshift-extras/blob/enterprise-2.0/README.md#security-notice", + "url": "https://github.com/openshift/openshift-extras/blob/enterprise-2.0/README.md#security-notice" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Red Hat Openshift 1, weak default permissions are applied to the /etc/openshift/server_priv.pem file on the broker server, which could allow users with local access to the broker to read this file." } ] } diff --git a/2017/2xxx/CVE-2017-2601.json b/2017/2xxx/CVE-2017-2601.json index bf03f40b079..429ae5029d9 100644 --- a/2017/2xxx/CVE-2017-2601.json +++ b/2017/2xxx/CVE-2017-2601.json @@ -104,6 +104,11 @@ "refsource": "MLIST", "name": "[oss-security] 20220630 Multiple vulnerabilities in Jenkins plugins", "url": "http://www.openwall.com/lists/oss-security/2022/06/30/3" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3" } ] } diff --git a/2022/1xxx/CVE-2022-1414.json b/2022/1xxx/CVE-2022-1414.json index 48a2746a6e6..134fc040132 100644 --- a/2022/1xxx/CVE-2022-1414.json +++ b/2022/1xxx/CVE-2022-1414.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-1414", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "3scale-amp-system", + "version": { + "version_data": [ + { + "version_value": "3scale-amp-system as shipped in 3scale-AMP 2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1173" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2076794", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076794" + }, + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2022-1414", + "url": "https://access.redhat.com/security/cve/CVE-2022-1414" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks." } ] } diff --git a/2022/1xxx/CVE-2022-1523.json b/2022/1xxx/CVE-2022-1523.json index 96017c83516..9490cb675ba 100644 --- a/2022/1xxx/CVE-2022-1523.json +++ b/2022/1xxx/CVE-2022-1523.json @@ -1,18 +1,100 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2022-08-30T16:13:00.000Z", "ID": "CVE-2022-1523", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Fuji Electric D300win Write-what-where condition" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "D300win", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.7.1.16", + "version_value": "3.7.1.17" + } + ] + } + } + ] + }, + "vendor_name": "Fuji Electric" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Uri Katz from Claroty reported these vulnerabilities to CISA." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Fuji Electric D300win prior to version 3.7.1.17 is vulnerable to a write-what-where condition, which could allow an attacker to overwrite program memory to manipulate the flow of information." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-123 Write-what-where Condition" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-05", + "refsource": "CONFIRM", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-05" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Fuji Electric has fixed these vulnerabilities and recommends users upgrade to D300win v3.7.1.17 or later." + } + ], + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1738.json b/2022/1xxx/CVE-2022-1738.json index eee264e31ba..8b7b51e572b 100644 --- a/2022/1xxx/CVE-2022-1738.json +++ b/2022/1xxx/CVE-2022-1738.json @@ -1,18 +1,100 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2022-08-30T16:13:00.000Z", "ID": "CVE-2022-1738", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Fuji Electric D300win Out-of-bounds Read" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "D300win", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.7.1.16", + "version_value": "3.7.1.17" + } + ] + } + } + ] + }, + "vendor_name": "Fuji Electric" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Uri Katz from Claroty reported these vulnerabilities to CISA." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Fuji Electric D300win prior to version 3.7.1.17 is vulnerable to an out-of-bounds read, which could allow an attacker to leak sensitive data from the process memory." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125 Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-05", + "refsource": "CONFIRM", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-05" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Fuji Electric has fixed these vulnerabilities and recommends users upgrade to D300win v3.7.1.17 or later." + } + ], + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1970.json b/2022/1xxx/CVE-2022-1970.json index 97bc949dcb3..b11a7ff9319 100644 --- a/2022/1xxx/CVE-2022-1970.json +++ b/2022/1xxx/CVE-2022-1970.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-1970", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none." } ] } diff --git a/2022/23xxx/CVE-2022-23241.json b/2022/23xxx/CVE-2022-23241.json index 93b4bd4fc0c..97be08a4c5d 100644 --- a/2022/23xxx/CVE-2022-23241.json +++ b/2022/23xxx/CVE-2022-23241.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23241", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@netapp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Clustered Data ONTAP", + "version": { + "version_data": [ + { + "version_value": "9.11.1 through 9.11.1P2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary Data Modification" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20221017-0001/", + "url": "https://security.netapp.com/advisory/ntap-20221017-0001/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Clustered Data ONTAP versions 9.11.1 through 9.11.1P2 with SnapLock configured FlexGroups are susceptible to a vulnerability which could allow an authenticated remote attacker to arbitrarily modify or delete WORM data prior to the end of the retention period." } ] } diff --git a/2022/2xxx/CVE-2022-2805.json b/2022/2xxx/CVE-2022-2805.json index 819fd48b175..49af5d0df0f 100644 --- a/2022/2xxx/CVE-2022-2805.json +++ b/2022/2xxx/CVE-2022-2805.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2805", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ovirt-engine", + "version": { + "version_data": [ + { + "version_value": "ovirt-engine 4.5.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2079545", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2079545" + }, + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2022-2805", + "url": "https://access.redhat.com/security/cve/CVE-2022-2805" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in ovirt-engine, which leads to the logging of plaintext passwords in the log file when using otapi-style. This flaw allows an attacker with sufficient privileges to read the log file, leading to confidentiality loss." } ] } diff --git a/2022/3xxx/CVE-2022-3586.json b/2022/3xxx/CVE-2022-3586.json index dce66c55a66..a353eb38fc3 100644 --- a/2022/3xxx/CVE-2022-3586.json +++ b/2022/3xxx/CVE-2022-3586.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3586", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Linux Kernel", + "version": { + "version_data": [ + { + "version_value": "Fixed in kernel v6.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/9efd23297cca", + "url": "https://github.com/torvalds/linux/commit/9efd23297cca" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/upcoming/", + "url": "https://www.zerodayinitiative.com/advisories/upcoming/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in the Linux kernel\u2019s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service." } ] } diff --git a/2022/40xxx/CVE-2022-40884.json b/2022/40xxx/CVE-2022-40884.json index d217e6aa1ea..a80c77f185c 100644 --- a/2022/40xxx/CVE-2022-40884.json +++ b/2022/40xxx/CVE-2022-40884.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-40884", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-40884", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Bento4 1.6.0 has memory leaks via the mp4fragment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/axiomatic-systems/Bento4/issues/759", + "refsource": "MISC", + "name": "https://github.com/axiomatic-systems/Bento4/issues/759" + }, + { + "refsource": "MISC", + "name": "https://github.com/yangfar/CVE/blob/main/CVE-2022-40884.md", + "url": "https://github.com/yangfar/CVE/blob/main/CVE-2022-40884.md" } ] } diff --git a/2022/40xxx/CVE-2022-40885.json b/2022/40xxx/CVE-2022-40885.json index bb271995cc3..c39fa9fdd26 100644 --- a/2022/40xxx/CVE-2022-40885.json +++ b/2022/40xxx/CVE-2022-40885.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-40885", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-40885", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Bento4 v1.6.0-639 has a memory allocation issue that can cause denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/axiomatic-systems/Bento4/issues/761", + "refsource": "MISC", + "name": "https://github.com/axiomatic-systems/Bento4/issues/761" + }, + { + "refsource": "MISC", + "name": "https://github.com/yangfar/CVE/blob/main/CVE-2022-40885.md", + "url": "https://github.com/yangfar/CVE/blob/main/CVE-2022-40885.md" } ] } diff --git a/2022/42xxx/CVE-2022-42227.json b/2022/42xxx/CVE-2022-42227.json index c707b2f8816..b2465dc9989 100644 --- a/2022/42xxx/CVE-2022-42227.json +++ b/2022/42xxx/CVE-2022-42227.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-42227", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-42227", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "jsonlint 1.0 is vulnerable to heap-buffer-overflow via /home/hjsz/jsonlint/src/lexer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/p-ranav/jsonlint/issues/2", + "refsource": "MISC", + "name": "https://github.com/p-ranav/jsonlint/issues/2" } ] } diff --git a/2022/43xxx/CVE-2022-43014.json b/2022/43xxx/CVE-2022-43014.json index 61c12d8fd8f..1597b1690fd 100644 --- a/2022/43xxx/CVE-2022-43014.json +++ b/2022/43xxx/CVE-2022-43014.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-43014", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-43014", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the joborderID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/hansmach1ne/opencats_zero-days/blob/main/XSS_in_joborderID.md", + "refsource": "MISC", + "name": "https://github.com/hansmach1ne/opencats_zero-days/blob/main/XSS_in_joborderID.md" } ] } diff --git a/2022/43xxx/CVE-2022-43015.json b/2022/43xxx/CVE-2022-43015.json index 6bac7db2aa9..f7c3a787d03 100644 --- a/2022/43xxx/CVE-2022-43015.json +++ b/2022/43xxx/CVE-2022-43015.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-43015", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-43015", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the entriesPerPage parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/hansmach1ne/opencats_zero-days/blob/main/XSS_in_entriesPerPage.md", + "refsource": "MISC", + "name": "https://github.com/hansmach1ne/opencats_zero-days/blob/main/XSS_in_entriesPerPage.md" } ] } diff --git a/2022/43xxx/CVE-2022-43016.json b/2022/43xxx/CVE-2022-43016.json index 0386df084b5..710f265da45 100644 --- a/2022/43xxx/CVE-2022-43016.json +++ b/2022/43xxx/CVE-2022-43016.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-43016", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-43016", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/hansmach1ne/opencats_zero-days/blob/main/XSS_in_callback.md", + "refsource": "MISC", + "name": "https://github.com/hansmach1ne/opencats_zero-days/blob/main/XSS_in_callback.md" } ] } diff --git a/2022/43xxx/CVE-2022-43017.json b/2022/43xxx/CVE-2022-43017.json index 7f94f7f8341..1389d81de18 100644 --- a/2022/43xxx/CVE-2022-43017.json +++ b/2022/43xxx/CVE-2022-43017.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-43017", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-43017", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the indexFile component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/hansmach1ne/opencats_zero-days/blob/main/XSS_in_indexFile.md", + "refsource": "MISC", + "name": "https://github.com/hansmach1ne/opencats_zero-days/blob/main/XSS_in_indexFile.md" } ] } diff --git a/2022/43xxx/CVE-2022-43018.json b/2022/43xxx/CVE-2022-43018.json index 6c2cdd1bfee..c0b5b5e493a 100644 --- a/2022/43xxx/CVE-2022-43018.json +++ b/2022/43xxx/CVE-2022-43018.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-43018", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-43018", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the email parameter in the Check Email function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/hansmach1ne/opencats_zero-days/blob/main/XSS_in_checkEmail.md", + "refsource": "MISC", + "name": "https://github.com/hansmach1ne/opencats_zero-days/blob/main/XSS_in_checkEmail.md" } ] } diff --git a/2022/43xxx/CVE-2022-43019.json b/2022/43xxx/CVE-2022-43019.json index 18d0a6adbc1..551a4af0938 100644 --- a/2022/43xxx/CVE-2022-43019.json +++ b/2022/43xxx/CVE-2022-43019.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-43019", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-43019", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OpenCATS v0.9.6 was discovered to contain a remote code execution (RCE) vulnerability via the getDataGridPager's ajax functionality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/hansmach1ne/opencats_zero-days/blob/main/RCE_via_deserialisation.md", + "refsource": "MISC", + "name": "https://github.com/hansmach1ne/opencats_zero-days/blob/main/RCE_via_deserialisation.md" } ] } diff --git a/2022/43xxx/CVE-2022-43020.json b/2022/43xxx/CVE-2022-43020.json index f72ecfe5a2b..ff2b7e02a61 100644 --- a/2022/43xxx/CVE-2022-43020.json +++ b/2022/43xxx/CVE-2022-43020.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-43020", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-43020", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag update function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/hansmach1ne/opencats_zero-days/blob/main/SQLI_in_Tag_Updates.md", + "refsource": "MISC", + "name": "https://github.com/hansmach1ne/opencats_zero-days/blob/main/SQLI_in_Tag_Updates.md" } ] } diff --git a/2022/43xxx/CVE-2022-43021.json b/2022/43xxx/CVE-2022-43021.json index 60192bbce45..3865c08ed02 100644 --- a/2022/43xxx/CVE-2022-43021.json +++ b/2022/43xxx/CVE-2022-43021.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-43021", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-43021", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the entriesPerPage variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/hansmach1ne/opencats_zero-days/blob/main/SQLI_JobOrders.md", + "refsource": "MISC", + "name": "https://github.com/hansmach1ne/opencats_zero-days/blob/main/SQLI_JobOrders.md" } ] } diff --git a/2022/43xxx/CVE-2022-43022.json b/2022/43xxx/CVE-2022-43022.json index 563c01c8843..cbf9d36bab9 100644 --- a/2022/43xxx/CVE-2022-43022.json +++ b/2022/43xxx/CVE-2022-43022.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-43022", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-43022", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag deletion function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/hansmach1ne/opencats_zero-days/blob/main/SQLI_tag_deletion.md", + "refsource": "MISC", + "name": "https://github.com/hansmach1ne/opencats_zero-days/blob/main/SQLI_tag_deletion.md" } ] } diff --git a/2022/43xxx/CVE-2022-43023.json b/2022/43xxx/CVE-2022-43023.json index 6d1724d6920..6194f43b650 100644 --- a/2022/43xxx/CVE-2022-43023.json +++ b/2022/43xxx/CVE-2022-43023.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-43023", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-43023", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/hansmach1ne/opencats_zero-days/blob/main/SQLI_imports_errors.md", + "refsource": "MISC", + "name": "https://github.com/hansmach1ne/opencats_zero-days/blob/main/SQLI_imports_errors.md" } ] } diff --git a/2022/43xxx/CVE-2022-43408.json b/2022/43xxx/CVE-2022-43408.json index 7e86088db54..755e9066be2 100644 --- a/2022/43xxx/CVE-2022-43408.json +++ b/2022/43xxx/CVE-2022-43408.json @@ -61,6 +61,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2828", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2828", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3" } ] } diff --git a/2022/43xxx/CVE-2022-43410.json b/2022/43xxx/CVE-2022-43410.json index f16ba0069e8..f0aa2b0dfe2 100644 --- a/2022/43xxx/CVE-2022-43410.json +++ b/2022/43xxx/CVE-2022-43410.json @@ -57,6 +57,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2831", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2831", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3" } ] } diff --git a/2022/43xxx/CVE-2022-43415.json b/2022/43xxx/CVE-2022-43415.json index 7e6d7331306..72828ec3c0b 100644 --- a/2022/43xxx/CVE-2022-43415.json +++ b/2022/43xxx/CVE-2022-43415.json @@ -57,6 +57,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2337", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2337", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3" } ] } diff --git a/2022/43xxx/CVE-2022-43416.json b/2022/43xxx/CVE-2022-43416.json index 64724feb701..2b687d4ecee 100644 --- a/2022/43xxx/CVE-2022-43416.json +++ b/2022/43xxx/CVE-2022-43416.json @@ -57,6 +57,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2844", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2844", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3" } ] } diff --git a/2022/43xxx/CVE-2022-43417.json b/2022/43xxx/CVE-2022-43417.json index edd8e5c4f21..e4018056be7 100644 --- a/2022/43xxx/CVE-2022-43417.json +++ b/2022/43xxx/CVE-2022-43417.json @@ -57,6 +57,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2845%20(1)", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2845%20(1)", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3" } ] } diff --git a/2022/43xxx/CVE-2022-43418.json b/2022/43xxx/CVE-2022-43418.json index 6954fae6f71..b87ca945535 100644 --- a/2022/43xxx/CVE-2022-43418.json +++ b/2022/43xxx/CVE-2022-43418.json @@ -57,6 +57,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2845%20(2)", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2845%20(2)", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3" } ] } diff --git a/2022/43xxx/CVE-2022-43419.json b/2022/43xxx/CVE-2022-43419.json index 21ddc0b07c5..e621e92c506 100644 --- a/2022/43xxx/CVE-2022-43419.json +++ b/2022/43xxx/CVE-2022-43419.json @@ -57,6 +57,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2846", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2846", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3" } ] } diff --git a/2022/43xxx/CVE-2022-43420.json b/2022/43xxx/CVE-2022-43420.json index c06a54aa3e1..9c4d84a5739 100644 --- a/2022/43xxx/CVE-2022-43420.json +++ b/2022/43xxx/CVE-2022-43420.json @@ -57,6 +57,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2836", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2836", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3" } ] } diff --git a/2022/43xxx/CVE-2022-43422.json b/2022/43xxx/CVE-2022-43422.json index 455aace072b..0a9ef23618e 100644 --- a/2022/43xxx/CVE-2022-43422.json +++ b/2022/43xxx/CVE-2022-43422.json @@ -57,6 +57,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2620", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2620", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3" } ] } diff --git a/2022/43xxx/CVE-2022-43426.json b/2022/43xxx/CVE-2022-43426.json index d9933a44566..6fe3ae9c48f 100644 --- a/2022/43xxx/CVE-2022-43426.json +++ b/2022/43xxx/CVE-2022-43426.json @@ -61,6 +61,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2480", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2480", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3" } ] } diff --git a/2022/43xxx/CVE-2022-43427.json b/2022/43xxx/CVE-2022-43427.json index c3fb5299fa5..48bd7c92742 100644 --- a/2022/43xxx/CVE-2022-43427.json +++ b/2022/43xxx/CVE-2022-43427.json @@ -61,6 +61,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2623", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2623", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3" } ] } diff --git a/2022/43xxx/CVE-2022-43430.json b/2022/43xxx/CVE-2022-43430.json index f55cb1f2b22..316095d07b1 100644 --- a/2022/43xxx/CVE-2022-43430.json +++ b/2022/43xxx/CVE-2022-43430.json @@ -61,6 +61,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2625", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2625", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3" } ] } diff --git a/2022/43xxx/CVE-2022-43434.json b/2022/43xxx/CVE-2022-43434.json index 5b8ba0c9005..d4942228941 100644 --- a/2022/43xxx/CVE-2022-43434.json +++ b/2022/43xxx/CVE-2022-43434.json @@ -61,6 +61,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2865", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2865", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3" } ] } diff --git a/2022/43xxx/CVE-2022-43435.json b/2022/43xxx/CVE-2022-43435.json index ea93d2adfa5..73bc9672ad7 100644 --- a/2022/43xxx/CVE-2022-43435.json +++ b/2022/43xxx/CVE-2022-43435.json @@ -61,6 +61,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2866", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2866", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3" } ] } From a5ff4079b77de205677f6a5861122457a2388fec Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 19 Oct 2022 19:00:37 +0000 Subject: [PATCH 2/5] "-Synchronized-Data." --- 2022/37xxx/CVE-2022-37767.json | 7 ++++- 2022/41xxx/CVE-2022-41708.json | 55 +++++++++++++++++++++++++++++++-- 2022/43xxx/CVE-2022-43024.json | 56 ++++++++++++++++++++++++++++++---- 2022/43xxx/CVE-2022-43025.json | 56 ++++++++++++++++++++++++++++++---- 2022/43xxx/CVE-2022-43026.json | 56 ++++++++++++++++++++++++++++++---- 2022/43xxx/CVE-2022-43027.json | 56 ++++++++++++++++++++++++++++++---- 2022/43xxx/CVE-2022-43028.json | 56 ++++++++++++++++++++++++++++++---- 2022/43xxx/CVE-2022-43029.json | 56 ++++++++++++++++++++++++++++++---- 2022/43xxx/CVE-2022-43401.json | 5 +++ 2022/43xxx/CVE-2022-43403.json | 5 +++ 2022/43xxx/CVE-2022-43404.json | 5 +++ 2022/43xxx/CVE-2022-43405.json | 5 +++ 2022/43xxx/CVE-2022-43406.json | 5 +++ 2022/43xxx/CVE-2022-43409.json | 5 +++ 2022/43xxx/CVE-2022-43411.json | 5 +++ 2022/43xxx/CVE-2022-43412.json | 5 +++ 2022/43xxx/CVE-2022-43413.json | 5 +++ 2022/43xxx/CVE-2022-43421.json | 5 +++ 2022/43xxx/CVE-2022-43423.json | 5 +++ 2022/43xxx/CVE-2022-43424.json | 5 +++ 2022/43xxx/CVE-2022-43425.json | 5 +++ 2022/43xxx/CVE-2022-43429.json | 5 +++ 2022/43xxx/CVE-2022-43431.json | 5 +++ 23 files changed, 433 insertions(+), 40 deletions(-) diff --git a/2022/37xxx/CVE-2022-37767.json b/2022/37xxx/CVE-2022-37767.json index 3c0618d6720..3288d936914 100644 --- a/2022/37xxx/CVE-2022-37767.json +++ b/2022/37xxx/CVE-2022-37767.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary code execution with springbok" + "value": "** DISPUTED ** Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary code execution with springbok. NOTE: the vendor disputes this because input to the Pebble templating engine is intended to include arbitrary Java code, and thus either the input should not arrive from an untrusted source, or else the application using the engine should apply restrictions to the input. The engine is not responsible for validating the input." } ] }, @@ -56,6 +56,11 @@ "url": "https://github.com/Y4tacker/Web-Security/issues/3", "refsource": "MISC", "name": "https://github.com/Y4tacker/Web-Security/issues/3" + }, + { + "refsource": "MISC", + "name": "https://github.com/PebbleTemplates/pebble/issues/625#issuecomment-1282138635", + "url": "https://github.com/PebbleTemplates/pebble/issues/625#issuecomment-1282138635" } ] } diff --git a/2022/41xxx/CVE-2022-41708.json b/2022/41xxx/CVE-2022-41708.json index efa176cc2e4..187367d88bf 100644 --- a/2022/41xxx/CVE-2022-41708.json +++ b/2022/41xxx/CVE-2022-41708.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41708", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "help@fluidattacks.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "relatedcode/Messenger", + "version": { + "version_data": [ + { + "version_value": "7bcd20b" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper authorization control for web services" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/relatedcode/Messenger", + "url": "https://github.com/relatedcode/Messenger" + }, + { + "refsource": "MISC", + "name": "https://fluidattacks.com/advisories/tiesto/", + "url": "https://fluidattacks.com/advisories/tiesto/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access existing chats in the workspaces of any user of the application. This is possible because the application does not validate permissions correctly." } ] } diff --git a/2022/43xxx/CVE-2022-43024.json b/2022/43xxx/CVE-2022-43024.json index b1d8a85ee80..aec7dacec58 100644 --- a/2022/43xxx/CVE-2022-43024.json +++ b/2022/43xxx/CVE-2022-43024.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-43024", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-43024", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/tianhui999/myCVE/blob/main/TX3/TX3-6.md", + "refsource": "MISC", + "name": "https://github.com/tianhui999/myCVE/blob/main/TX3/TX3-6.md" } ] } diff --git a/2022/43xxx/CVE-2022-43025.json b/2022/43xxx/CVE-2022-43025.json index 6e7487e18b6..cc8bb62ac09 100644 --- a/2022/43xxx/CVE-2022-43025.json +++ b/2022/43xxx/CVE-2022-43025.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-43025", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-43025", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the startIp parameter at /goform/SetPptpServerCfg." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/tianhui999/myCVE/blob/main/TX3/TX3-1.md", + "refsource": "MISC", + "name": "https://github.com/tianhui999/myCVE/blob/main/TX3/TX3-1.md" } ] } diff --git a/2022/43xxx/CVE-2022-43026.json b/2022/43xxx/CVE-2022-43026.json index 0dec532f1ce..a7d8874bfdc 100644 --- a/2022/43xxx/CVE-2022-43026.json +++ b/2022/43xxx/CVE-2022-43026.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-43026", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-43026", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the endIp parameter at /goform/SetPptpServerCfg." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/tianhui999/myCVE/blob/main/TX3/TX3-2.md", + "refsource": "MISC", + "name": "https://github.com/tianhui999/myCVE/blob/main/TX3/TX3-2.md" } ] } diff --git a/2022/43xxx/CVE-2022-43027.json b/2022/43xxx/CVE-2022-43027.json index 9ec910d8f12..2f36a51e747 100644 --- a/2022/43xxx/CVE-2022-43027.json +++ b/2022/43xxx/CVE-2022-43027.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-43027", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-43027", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the firewallEn parameter at /goform/SetFirewallCfg." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/tianhui999/myCVE/blob/main/TX3/TX3-5.md", + "refsource": "MISC", + "name": "https://github.com/tianhui999/myCVE/blob/main/TX3/TX3-5.md" } ] } diff --git a/2022/43xxx/CVE-2022-43028.json b/2022/43xxx/CVE-2022-43028.json index 90312eb6e41..a7bfbe19ad4 100644 --- a/2022/43xxx/CVE-2022-43028.json +++ b/2022/43xxx/CVE-2022-43028.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-43028", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-43028", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the timeZone parameter at /goform/SetSysTimeCfg." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/tianhui999/myCVE/blob/main/TX3/TX3-3.md", + "refsource": "MISC", + "name": "https://github.com/tianhui999/myCVE/blob/main/TX3/TX3-3.md" } ] } diff --git a/2022/43xxx/CVE-2022-43029.json b/2022/43xxx/CVE-2022-43029.json index 05c88adb655..b3fd5e8260c 100644 --- a/2022/43xxx/CVE-2022-43029.json +++ b/2022/43xxx/CVE-2022-43029.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-43029", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-43029", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the time parameter at /goform/SetSysTimeCfg." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/tianhui999/myCVE/blob/main/TX3/TX3-4.md", + "refsource": "MISC", + "name": "https://github.com/tianhui999/myCVE/blob/main/TX3/TX3-4.md" } ] } diff --git a/2022/43xxx/CVE-2022-43401.json b/2022/43xxx/CVE-2022-43401.json index 309fd32cc4d..5cbed6a71db 100644 --- a/2022/43xxx/CVE-2022-43401.json +++ b/2022/43xxx/CVE-2022-43401.json @@ -61,6 +61,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3" } ] } diff --git a/2022/43xxx/CVE-2022-43403.json b/2022/43xxx/CVE-2022-43403.json index 76e7f092f31..ff9d79dfd0f 100644 --- a/2022/43xxx/CVE-2022-43403.json +++ b/2022/43xxx/CVE-2022-43403.json @@ -61,6 +61,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3" } ] } diff --git a/2022/43xxx/CVE-2022-43404.json b/2022/43xxx/CVE-2022-43404.json index 67eb11c1a77..f1714364511 100644 --- a/2022/43xxx/CVE-2022-43404.json +++ b/2022/43xxx/CVE-2022-43404.json @@ -61,6 +61,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3" } ] } diff --git a/2022/43xxx/CVE-2022-43405.json b/2022/43xxx/CVE-2022-43405.json index 0af8217eaf2..c9271c195f8 100644 --- a/2022/43xxx/CVE-2022-43405.json +++ b/2022/43xxx/CVE-2022-43405.json @@ -61,6 +61,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(2)", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(2)", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3" } ] } diff --git a/2022/43xxx/CVE-2022-43406.json b/2022/43xxx/CVE-2022-43406.json index 0d1881cc769..2b6ceb1e08a 100644 --- a/2022/43xxx/CVE-2022-43406.json +++ b/2022/43xxx/CVE-2022-43406.json @@ -57,6 +57,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(2)", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(2)", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3" } ] } diff --git a/2022/43xxx/CVE-2022-43409.json b/2022/43xxx/CVE-2022-43409.json index 69f840b3736..9db0297a9cd 100644 --- a/2022/43xxx/CVE-2022-43409.json +++ b/2022/43xxx/CVE-2022-43409.json @@ -61,6 +61,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2881", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2881", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3" } ] } diff --git a/2022/43xxx/CVE-2022-43411.json b/2022/43xxx/CVE-2022-43411.json index 8624d25743c..1020830876a 100644 --- a/2022/43xxx/CVE-2022-43411.json +++ b/2022/43xxx/CVE-2022-43411.json @@ -57,6 +57,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2877", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2877", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3" } ] } diff --git a/2022/43xxx/CVE-2022-43412.json b/2022/43xxx/CVE-2022-43412.json index 6a38daae80a..66d92e40689 100644 --- a/2022/43xxx/CVE-2022-43412.json +++ b/2022/43xxx/CVE-2022-43412.json @@ -57,6 +57,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2874", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2874", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3" } ] } diff --git a/2022/43xxx/CVE-2022-43413.json b/2022/43xxx/CVE-2022-43413.json index 96238d5b9ef..97f73c145f4 100644 --- a/2022/43xxx/CVE-2022-43413.json +++ b/2022/43xxx/CVE-2022-43413.json @@ -57,6 +57,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2791", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2791", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3" } ] } diff --git a/2022/43xxx/CVE-2022-43421.json b/2022/43xxx/CVE-2022-43421.json index 03c3e7e37a1..de939d93fcf 100644 --- a/2022/43xxx/CVE-2022-43421.json +++ b/2022/43xxx/CVE-2022-43421.json @@ -57,6 +57,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2852", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2852", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3" } ] } diff --git a/2022/43xxx/CVE-2022-43423.json b/2022/43xxx/CVE-2022-43423.json index 25597dcb00b..14cfdc09e26 100644 --- a/2022/43xxx/CVE-2022-43423.json +++ b/2022/43xxx/CVE-2022-43423.json @@ -57,6 +57,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2622", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2622", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3" } ] } diff --git a/2022/43xxx/CVE-2022-43424.json b/2022/43xxx/CVE-2022-43424.json index 06760a9039c..377797f805c 100644 --- a/2022/43xxx/CVE-2022-43424.json +++ b/2022/43xxx/CVE-2022-43424.json @@ -57,6 +57,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2627", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2627", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3" } ] } diff --git a/2022/43xxx/CVE-2022-43425.json b/2022/43xxx/CVE-2022-43425.json index e22896908bc..41222fb51e8 100644 --- a/2022/43xxx/CVE-2022-43425.json +++ b/2022/43xxx/CVE-2022-43425.json @@ -61,6 +61,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2797", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2797", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3" } ] } diff --git a/2022/43xxx/CVE-2022-43429.json b/2022/43xxx/CVE-2022-43429.json index 5efaa4806a7..e56d70f5444 100644 --- a/2022/43xxx/CVE-2022-43429.json +++ b/2022/43xxx/CVE-2022-43429.json @@ -61,6 +61,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2624", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2624", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3" } ] } diff --git a/2022/43xxx/CVE-2022-43431.json b/2022/43xxx/CVE-2022-43431.json index fd8b81c0f30..73d4855d79b 100644 --- a/2022/43xxx/CVE-2022-43431.json +++ b/2022/43xxx/CVE-2022-43431.json @@ -61,6 +61,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2631", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2631", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3" } ] } From 5f311aaf0232e611726709e89ef9e42b829ad971 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 19 Oct 2022 20:00:35 +0000 Subject: [PATCH 3/5] "-Synchronized-Data." --- 2022/3xxx/CVE-2022-3611.json | 18 ++++++++++++++++++ 2022/43xxx/CVE-2022-43402.json | 5 +++++ 2022/43xxx/CVE-2022-43407.json | 5 +++++ 2022/43xxx/CVE-2022-43414.json | 5 +++++ 2022/43xxx/CVE-2022-43428.json | 5 +++++ 2022/43xxx/CVE-2022-43432.json | 5 +++++ 2022/43xxx/CVE-2022-43433.json | 5 +++++ 2022/43xxx/CVE-2022-43515.json | 18 ++++++++++++++++++ 2022/43xxx/CVE-2022-43516.json | 18 ++++++++++++++++++ 9 files changed, 84 insertions(+) create mode 100644 2022/3xxx/CVE-2022-3611.json create mode 100644 2022/43xxx/CVE-2022-43515.json create mode 100644 2022/43xxx/CVE-2022-43516.json diff --git a/2022/3xxx/CVE-2022-3611.json b/2022/3xxx/CVE-2022-3611.json new file mode 100644 index 00000000000..0afac152d5b --- /dev/null +++ b/2022/3xxx/CVE-2022-3611.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3611", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43402.json b/2022/43xxx/CVE-2022-43402.json index cd485621d11..4f52a355471 100644 --- a/2022/43xxx/CVE-2022-43402.json +++ b/2022/43xxx/CVE-2022-43402.json @@ -65,6 +65,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3" } ] } diff --git a/2022/43xxx/CVE-2022-43407.json b/2022/43xxx/CVE-2022-43407.json index c90e37514c6..9a08838a83e 100644 --- a/2022/43xxx/CVE-2022-43407.json +++ b/2022/43xxx/CVE-2022-43407.json @@ -61,6 +61,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2880", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2880", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3" } ] } diff --git a/2022/43xxx/CVE-2022-43414.json b/2022/43xxx/CVE-2022-43414.json index c6b8193747d..8701439894d 100644 --- a/2022/43xxx/CVE-2022-43414.json +++ b/2022/43xxx/CVE-2022-43414.json @@ -57,6 +57,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2551", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2551", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3" } ] } diff --git a/2022/43xxx/CVE-2022-43428.json b/2022/43xxx/CVE-2022-43428.json index 4e5506346fd..27fec7ca8ac 100644 --- a/2022/43xxx/CVE-2022-43428.json +++ b/2022/43xxx/CVE-2022-43428.json @@ -61,6 +61,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2624", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2624", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3" } ] } diff --git a/2022/43xxx/CVE-2022-43432.json b/2022/43xxx/CVE-2022-43432.json index 88cc21851dc..41c1c2176ca 100644 --- a/2022/43xxx/CVE-2022-43432.json +++ b/2022/43xxx/CVE-2022-43432.json @@ -61,6 +61,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2863", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2863", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3" } ] } diff --git a/2022/43xxx/CVE-2022-43433.json b/2022/43xxx/CVE-2022-43433.json index 39717fe1ae7..4ea4dcaf2b9 100644 --- a/2022/43xxx/CVE-2022-43433.json +++ b/2022/43xxx/CVE-2022-43433.json @@ -61,6 +61,11 @@ "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2864", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2864", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3" } ] } diff --git a/2022/43xxx/CVE-2022-43515.json b/2022/43xxx/CVE-2022-43515.json new file mode 100644 index 00000000000..cc6c7dcdb26 --- /dev/null +++ b/2022/43xxx/CVE-2022-43515.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43515", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43516.json b/2022/43xxx/CVE-2022-43516.json new file mode 100644 index 00000000000..adad2bce430 --- /dev/null +++ b/2022/43xxx/CVE-2022-43516.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43516", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From f5eb5d52eef44be8c86db53bdb6b6cedfb250561 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 19 Oct 2022 21:00:37 +0000 Subject: [PATCH 4/5] "-Synchronized-Data." --- 2022/20xxx/CVE-2022-20424.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/2022/20xxx/CVE-2022-20424.json b/2022/20xxx/CVE-2022-20424.json index 6545289e284..1b44c60f9ec 100644 --- a/2022/20xxx/CVE-2022-20424.json +++ b/2022/20xxx/CVE-2022-20424.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-20424", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } From 47262bbe574ec872137583aeff3d0e2a29367a87 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 19 Oct 2022 22:00:33 +0000 Subject: [PATCH 5/5] "-Synchronized-Data." --- 2021/46xxx/CVE-2021-46846.json | 18 +++++ 2022/31xxx/CVE-2022-31684.json | 50 +++++++++++- 2022/36xxx/CVE-2022-36795.json | 108 +++++++++++++++++++++++-- 2022/38xxx/CVE-2022-38107.json | 92 ++++++++++++++++++++-- 2022/41xxx/CVE-2022-41617.json | 108 +++++++++++++++++++++++-- 2022/41xxx/CVE-2022-41624.json | 108 +++++++++++++++++++++++-- 2022/41xxx/CVE-2022-41691.json | 108 +++++++++++++++++++++++-- 2022/41xxx/CVE-2022-41694.json | 125 +++++++++++++++++++++++++++-- 2022/41xxx/CVE-2022-41741.json | 124 +++++++++++++++++++++++++++-- 2022/41xxx/CVE-2022-41742.json | 124 +++++++++++++++++++++++++++-- 2022/41xxx/CVE-2022-41743.json | 90 +++++++++++++++++++-- 2022/41xxx/CVE-2022-41770.json | 125 +++++++++++++++++++++++++++-- 2022/41xxx/CVE-2022-41780.json | 100 +++++++++++++++++++++-- 2022/41xxx/CVE-2022-41787.json | 140 +++++++++++++++++++++++++++++++-- 2022/41xxx/CVE-2022-41806.json | 108 +++++++++++++++++++++++-- 2022/41xxx/CVE-2022-41813.json | 108 +++++++++++++++++++++++-- 2022/41xxx/CVE-2022-41832.json | 108 +++++++++++++++++++++++-- 2022/41xxx/CVE-2022-41833.json | 108 +++++++++++++++++++++++-- 2022/41xxx/CVE-2022-41835.json | 100 +++++++++++++++++++++-- 2022/41xxx/CVE-2022-41836.json | 108 +++++++++++++++++++++++-- 2022/41xxx/CVE-2022-41983.json | 108 +++++++++++++++++++++++-- 21 files changed, 2051 insertions(+), 117 deletions(-) create mode 100644 2021/46xxx/CVE-2021-46846.json diff --git a/2021/46xxx/CVE-2021-46846.json b/2021/46xxx/CVE-2021-46846.json new file mode 100644 index 00000000000..a0b722d43a8 --- /dev/null +++ b/2021/46xxx/CVE-2021-46846.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-46846", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/31xxx/CVE-2022-31684.json b/2022/31xxx/CVE-2022-31684.json index 1061f682ae5..b8b295a5844 100644 --- a/2022/31xxx/CVE-2022-31684.json +++ b/2022/31xxx/CVE-2022-31684.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-31684", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reactor Netty", + "version": { + "version_data": [ + { + "version_value": "Reactor Netty 1.0.11 to 1.0.23" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "HTTP Server may log request headers" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://tanzu.vmware.com/security/cve-2022-31684", + "url": "https://tanzu.vmware.com/security/cve-2022-31684" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled." } ] } diff --git a/2022/36xxx/CVE-2022-36795.json b/2022/36xxx/CVE-2022-36795.json index fe5504d1da3..fac51b4ed56 100644 --- a/2022/36xxx/CVE-2022-36795.json +++ b/2022/36xxx/CVE-2022-36795.json @@ -1,18 +1,114 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2022-10-19T14:00:00.000Z", "ID": "CVE-2022-36795", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "BIG-IP software SYN cookies vulnerability CVE-2022-36795" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "17.0.x", + "version_value": "17.0.0.1" + }, + { + "version_affected": "<", + "version_name": "16.1.x", + "version_value": "16.1.3.1" + }, + { + "version_affected": "<", + "version_name": "15.1.x", + "version_value": "15.1.7" + }, + { + "version_affected": "<", + "version_name": "14.1.x", + "version_value": "14.1.5.1" + }, + { + "version_affected": "!>=", + "version_name": "13.1.x", + "version_value": "13.1.0" + } + ] + } + } + ] + }, + "vendor_name": "F5" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "This issue was discovered internally by F5." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, and 14.1.x before 14.1.5.1, when an LTM TCP profile with Auto Receive Window Enabled is configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing new client connections." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-682 Incorrect Calculation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.f5.com/csp/article/K52494562", + "name": "https://support.f5.com/csp/article/K52494562" + } + ] + }, + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38107.json b/2022/38xxx/CVE-2022-38107.json index 5e64e320adb..a8c8e68eb76 100644 --- a/2022/38xxx/CVE-2022-38107.json +++ b/2022/38xxx/CVE-2022-38107.json @@ -1,18 +1,98 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@solarwinds.com", + "DATE_PUBLIC": "2022-10-18T09:41:00.000Z", "ID": "CVE-2022-38107", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Sensitive Data Disclosure Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SQL Sentry", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2021.18.10 and previous versions" + } + ] + } + } + ] + }, + "vendor_name": "SolarWinds" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-209 Information Exposure Through an Error Message" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38107", + "name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38107" + }, + { + "refsource": "MISC", + "url": "https://docs.sentryone.com/help/sentryone-platform-release-notes", + "name": "https://docs.sentryone.com/help/sentryone-platform-release-notes" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "SolarWinds recommends customers upgrade to SQL Sentry version 2022.4 as soon as possible." + } + ], + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41617.json b/2022/41xxx/CVE-2022-41617.json index e9763fd4569..4e6f0b7f2b8 100644 --- a/2022/41xxx/CVE-2022-41617.json +++ b/2022/41xxx/CVE-2022-41617.json @@ -1,18 +1,114 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2022-10-19T14:00:00.000Z", "ID": "CVE-2022-41617", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "BIG-IP Advanced WAF and ASM iControl REST vulnerability CVE-2022-41617" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP Advanced WAF & ASM", + "version": { + "version_data": [ + { + "version_affected": "!>=", + "version_name": "17.0.x", + "version_value": "17.0.0" + }, + { + "version_affected": "<", + "version_name": "16.1.x", + "version_value": "16.1.3.1" + }, + { + "version_affected": "<", + "version_name": "15.1.x", + "version_value": "15.1.6.1" + }, + { + "version_affected": "<", + "version_name": "14.1.x", + "version_value": "14.1.5.1" + }, + { + "version_affected": "<", + "version_name": "13.1.x", + "version_value": "13.1.5.1" + } + ] + } + } + ] + }, + "vendor_name": "F5" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "This issue was discovered internally by F5." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, When the Advanced WAF / ASM module is provisioned, an authenticated remote code execution vulnerability exists in the BIG-IP iControl REST interface." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.f5.com/csp/article/K11830089", + "name": "https://support.f5.com/csp/article/K11830089" + } + ] + }, + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41624.json b/2022/41xxx/CVE-2022-41624.json index 9b925b73517..36b5a8609aa 100644 --- a/2022/41xxx/CVE-2022-41624.json +++ b/2022/41xxx/CVE-2022-41624.json @@ -1,18 +1,114 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2022-10-19T14:00:00.000Z", "ID": "CVE-2022-41624", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "BIG-IP iRules vulnerability CVE-2022-41624" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "17.0.x", + "version_value": "17.0.0.1" + }, + { + "version_affected": "<", + "version_name": "16.1.x", + "version_value": "16.1.3.2" + }, + { + "version_affected": "<", + "version_name": "15.1.x", + "version_value": "15.1.7" + }, + { + "version_affected": "<", + "version_name": "14.1.x", + "version_value": "14.1.5.2" + }, + { + "version_affected": "<", + "version_name": "13.1.x", + "version_value": "13.1.5.1" + } + ] + } + } + ] + }, + "vendor_name": "F5" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "This issue was discovered internally by F5." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.2, 15.1.x before 15.1.7, 14.1.x before 14.1.5.2, and 13.1.x before 13.1.5.1, when a sideband iRule is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-401 Missing Release of Memory after Effective Lifetime" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.f5.com/csp/article/K43024307", + "name": "https://support.f5.com/csp/article/K43024307" + } + ] + }, + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41691.json b/2022/41xxx/CVE-2022-41691.json index 05863d31d74..fb79e537940 100644 --- a/2022/41xxx/CVE-2022-41691.json +++ b/2022/41xxx/CVE-2022-41691.json @@ -1,18 +1,114 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2022-10-19T14:00:00.000Z", "ID": "CVE-2022-41691", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "BIG-IP Advanced WAF/ASM bd vulnerability CVE-2022-41691" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP Advanced WAF & ASM", + "version": { + "version_data": [ + { + "version_affected": "!>=", + "version_name": "17.0.x", + "version_value": "17.0.0" + }, + { + "version_affected": "!<=", + "version_name": "16.1.x", + "version_value": "16.1.0" + }, + { + "version_affected": "!>=", + "version_name": "15.1.x", + "version_value": "15.1.0" + }, + { + "version_affected": "<", + "version_name": "14.1.x", + "version_value": "14.1.5.2" + }, + { + "version_affected": "!>=", + "version_name": "13.1.x", + "version_value": "13.1.0" + } + ] + } + } + ] + }, + "vendor_name": "F5" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "This issue was discovered internally by F5." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-763 Release of Invalid Pointer or Reference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.f5.com/csp/article/K02694732", + "name": "https://support.f5.com/csp/article/K02694732" + } + ] + }, + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41694.json b/2022/41xxx/CVE-2022-41694.json index 94ef5ebc6b4..75949293a84 100644 --- a/2022/41xxx/CVE-2022-41694.json +++ b/2022/41xxx/CVE-2022-41694.json @@ -1,18 +1,131 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2022-10-19T14:00:00.000Z", "ID": "CVE-2022-41694", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "BIG-IP and BIG-IQ mcpd vulnerability CVE-2022-41694" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_affected": "!>=", + "version_name": "17.0.x", + "version_value": "17.0.0" + }, + { + "version_affected": "<", + "version_name": "16.1.x", + "version_value": "16.1.3" + }, + { + "version_affected": "<", + "version_name": "15.1.x", + "version_value": "15.1.6.1" + }, + { + "version_affected": "<", + "version_name": "14.1.x", + "version_value": "14.1.5" + }, + { + "version_affected": ">=", + "version_name": "13.1.x", + "version_value": "13.1.0" + } + ] + } + }, + { + "product_name": "BIG-IQ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "8.x", + "version_value": "8.2.0.1" + }, + { + "version_affected": ">=", + "version_name": "7.1.x", + "version_value": "7.1.0" + } + ] + } + } + ] + }, + "vendor_name": "F5" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "This issue was discovered internally by F5." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In BIG-IP versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, and BIG-IQ versions 8.x before 8.2.0.1 and all versions of 7.x, when an SSL key is imported on a BIG-IP or BIG-IQ system, undisclosed input can cause MCPD to terminate." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.f5.com/csp/article/K64829234", + "name": "https://support.f5.com/csp/article/K64829234" + } + ] + }, + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41741.json b/2022/41xxx/CVE-2022-41741.json index 2a2c564187c..7a0a01301ef 100644 --- a/2022/41xxx/CVE-2022-41741.json +++ b/2022/41xxx/CVE-2022-41741.json @@ -1,18 +1,130 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2022-10-19T14:00:00.000Z", "ID": "CVE-2022-41741", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "NGINX ngx_http_mp4_module vulnerability CVE-2022-41741" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NGINX", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Mainline", + "version_value": "1.23.2" + }, + { + "version_affected": "<", + "version_name": "Stable", + "version_value": "1.22.1" + } + ] + } + }, + { + "product_name": "NGINX Plus", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R27", + "version_value": "R27-p1" + }, + { + "version_affected": "<", + "version_name": "R1", + "version_value": "R26-p1" + } + ] + } + }, + { + "product_name": "NGINX Open Source Subscription", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R2", + "version_value": "R2 P1" + }, + { + "version_affected": "<", + "version_name": "R1", + "version_value": "R1 P1" + } + ] + } + } + ] + }, + "vendor_name": "F5" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its termination or potential other impact using a specially crafted audio or video file. The issue affects only NGINX products that are built with the ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787 Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.f5.com/csp/article/K81926432", + "name": "https://support.f5.com/csp/article/K81926432" + } + ] + }, + "source": { + "defect": [ + "NWA-1396" + ], + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41742.json b/2022/41xxx/CVE-2022-41742.json index d69f9d43716..94c4a7a9e24 100644 --- a/2022/41xxx/CVE-2022-41742.json +++ b/2022/41xxx/CVE-2022-41742.json @@ -1,18 +1,130 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2022-10-19T14:00:00.000Z", "ID": "CVE-2022-41742", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "NGINX ngx_http_mp4_module vulnerability CVE-2022-41742" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NGINX", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Mainline", + "version_value": "1.23.2" + }, + { + "version_affected": "<", + "version_name": "Stable", + "version_value": "1.22.1" + } + ] + } + }, + { + "product_name": "NGINX Plus", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R27", + "version_value": "R27-p1" + }, + { + "version_affected": "<", + "version_name": "R1", + "version_value": "R26-p1 " + } + ] + } + }, + { + "product_name": "NGINX Open Source Subscription", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R2", + "version_value": "R2 P1" + }, + { + "version_affected": "<", + "version_name": "R1", + "version_value": "R1 P1" + } + ] + } + } + ] + }, + "vendor_name": "F5" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products that are built with the module ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787 Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.f5.com/csp/article/K28112382", + "name": "https://support.f5.com/csp/article/K28112382" + } + ] + }, + "source": { + "defect": [ + "NWA-1396" + ], + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41743.json b/2022/41xxx/CVE-2022-41743.json index b4b93e7e0fe..4fdbb72f5b7 100644 --- a/2022/41xxx/CVE-2022-41743.json +++ b/2022/41xxx/CVE-2022-41743.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2022-10-19T14:00:00.000Z", "ID": "CVE-2022-41743", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "NGINX ngx_http_hls_module vulnerability CVE-2022-41743" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NGINX Plus", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R27", + "version_value": "R27-p1" + }, + { + "version_affected": "<", + "version_name": "R1", + "version_value": "R26-p1 " + } + ] + } + } + ] + }, + "vendor_name": "F5" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_hls_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its crash or potential other impact using a specially crafted audio or video file. The issue affects only NGINX Plus when the hls directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_hls_module." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787 Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.f5.com/csp/article/K01112063", + "name": "https://support.f5.com/csp/article/K01112063" + } + ] + }, + "source": { + "defect": [ + "NWA-1396" + ], + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41770.json b/2022/41xxx/CVE-2022-41770.json index 60d5e111cc5..7aab58123ee 100644 --- a/2022/41xxx/CVE-2022-41770.json +++ b/2022/41xxx/CVE-2022-41770.json @@ -1,18 +1,131 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2022-10-19T14:00:00.000Z", "ID": "CVE-2022-41770", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "BIG-IP and BIG-IQ iControl REST vulnerability CVE-2022-41770" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "17.0.x", + "version_value": "17.0.0.1" + }, + { + "version_affected": "<", + "version_name": "16.1.x", + "version_value": "16.1.3.1" + }, + { + "version_affected": "<", + "version_name": "15.1.x", + "version_value": "15.1.7" + }, + { + "version_affected": "<", + "version_name": "14.1.x", + "version_value": "14.1.5.1" + }, + { + "version_affected": ">=", + "version_name": "13.1.x", + "version_value": "13.1.0" + } + ] + } + }, + { + "product_name": "BIG-IQ", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_name": "8.x", + "version_value": "8.0.0" + }, + { + "version_affected": ">=", + "version_name": "7.1.x", + "version_value": "7.1.0" + } + ] + } + } + ] + }, + "vendor_name": "F5" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "This issue was discovered internally by F5." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ all versions of 8.x and 7.x, an authenticated iControl REST user can cause an increase in memory resource utilization, via undisclosed requests." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400 Uncontrolled Resource Consumption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.f5.com/csp/article/K22505850", + "name": "https://support.f5.com/csp/article/K22505850" + } + ] + }, + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41780.json b/2022/41xxx/CVE-2022-41780.json index cabf593bf40..921b653e3bd 100644 --- a/2022/41xxx/CVE-2022-41780.json +++ b/2022/41xxx/CVE-2022-41780.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2022-10-19T14:00:00.000Z", "ID": "CVE-2022-41780", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "F5OS CLI vulnerability CVE-2022-41780" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "F5OS-A", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.x", + "version_value": "1.1.0" + } + ] + } + }, + { + "product_name": "F5OS-C", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.x", + "version_value": "1.4.0" + } + ] + } + } + ] + }, + "vendor_name": "F5" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "This issue was discovered internally by F5." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.4.0, a directory traversal vulnerability exists in an undisclosed location of the F5OS CLI that allows an attacker to read arbitrary files." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.f5.com/csp/article/K81701735", + "name": "https://support.f5.com/csp/article/K81701735" + } + ] + }, + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41787.json b/2022/41xxx/CVE-2022-41787.json index ba22d8eb61a..69d145581aa 100644 --- a/2022/41xxx/CVE-2022-41787.json +++ b/2022/41xxx/CVE-2022-41787.json @@ -1,18 +1,146 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2022-10-19T14:00:00.000Z", "ID": "CVE-2022-41787", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "BIG-IP DNS Express vulnerability CVE-2022-41787" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP DNS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "17.0.x", + "version_value": "17.0.0.1" + }, + { + "version_affected": "<", + "version_name": "16.1.x", + "version_value": "16.1.3.1" + }, + { + "version_affected": "<", + "version_name": "15.1.x", + "version_value": "15.1.6.1" + }, + { + "version_affected": "<", + "version_name": "14.1.x", + "version_value": "14.1.5.1" + }, + { + "version_affected": "<", + "version_name": "13.1.x", + "version_value": "13.1.5.1" + } + ] + } + }, + { + "product_name": "BIG-IP LTM", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "17.0.x", + "version_value": "17.0.0.1" + }, + { + "version_affected": "<", + "version_name": "16.1.x", + "version_value": "16.1.3.1" + }, + { + "version_affected": "<", + "version_name": "15.1.x", + "version_value": "15.1.6.1" + }, + { + "version_affected": "<", + "version_name": "14.1.x", + "version_value": "14.1.5.1" + }, + { + "version_affected": "<", + "version_name": "13.1.x", + "version_value": "13.1.5.1" + } + ] + } + } + ] + }, + "vendor_name": "F5" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "This issue was discovered internally by F5." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, when DNS profile is configured on a virtual server with DNS Express enabled, undisclosed DNS queries with DNSSEC can cause TMM to terminate." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476 NULL Pointer Dereference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.f5.com/csp/article/K70569537", + "name": "https://support.f5.com/csp/article/K70569537" + } + ] + }, + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41806.json b/2022/41xxx/CVE-2022-41806.json index 92c7107b961..a05d300d211 100644 --- a/2022/41xxx/CVE-2022-41806.json +++ b/2022/41xxx/CVE-2022-41806.json @@ -1,18 +1,114 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2022-10-19T14:00:00.000Z", "ID": "CVE-2022-41806", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "BIG-IP AFM NAT64 Policy Vulnerability CVE-2022-41806" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP AFM", + "version": { + "version_data": [ + { + "version_affected": "!>=", + "version_name": "17.0.x", + "version_value": "17.0.0" + }, + { + "version_affected": "<", + "version_name": "16.1.x", + "version_value": "16.1.3.2" + }, + { + "version_affected": "<", + "version_name": "15.1.x", + "version_value": "15.1.5.1" + }, + { + "version_affected": "!>=", + "version_name": "14.1.x", + "version_value": "14.1.0" + }, + { + "version_affected": "!>=", + "version_name": "13.1.x", + "version_value": "13.1.0" + } + ] + } + } + ] + }, + "vendor_name": "F5" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "This issue was discovered internally by F5." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In versions 16.1.x before 16.1.3.2 and 15.1.x before 15.1.5.1, when BIG-IP AFM Network Address Translation policy with IPv6/IPv4 translation rules is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400 Uncontrolled Resource Consumption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.f5.com/csp/article/K00721320", + "name": "https://support.f5.com/csp/article/K00721320" + } + ] + }, + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41813.json b/2022/41xxx/CVE-2022-41813.json index 6f06697ea42..1787b1144bd 100644 --- a/2022/41xxx/CVE-2022-41813.json +++ b/2022/41xxx/CVE-2022-41813.json @@ -1,18 +1,114 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2022-10-19T14:00:00.000Z", "ID": "CVE-2022-41813", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "BIG-IP PEM and AFM TMUI, TMSH and iControl vulnerability CVE-2022-41813" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP AFM & PEM", + "version": { + "version_data": [ + { + "version_affected": "!>=", + "version_name": "17.0.x", + "version_value": "17.0.0" + }, + { + "version_affected": "<", + "version_name": "16.1.x", + "version_value": "16.1.3.1" + }, + { + "version_affected": "<", + "version_name": "15.1.x", + "version_value": "15.1.6.1" + }, + { + "version_affected": "<", + "version_name": "14.1.x", + "version_value": "14.1.5" + }, + { + "version_affected": ">=", + "version_name": "13.1.x", + "version_value": "13.1.0" + } + ] + } + } + ] + }, + "vendor_name": "F5" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "This issue was discovered internally by F5." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when BIG-IP is provisioned with PEM or AFM module, an undisclosed input can cause Traffic Management Microkernel (TMM) to terminate." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.f5.com/csp/article/K93723284", + "name": "https://support.f5.com/csp/article/K93723284" + } + ] + }, + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41832.json b/2022/41xxx/CVE-2022-41832.json index a6b40c55451..2aa5b292195 100644 --- a/2022/41xxx/CVE-2022-41832.json +++ b/2022/41xxx/CVE-2022-41832.json @@ -1,18 +1,114 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2022-10-19T14:00:00.000Z", "ID": "CVE-2022-41832", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "BIG-IP SIP vulnerability CVE-2022-41832" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "17.0.x", + "version_value": "17.0.0.1" + }, + { + "version_affected": "<", + "version_name": "16.1.x", + "version_value": "16.1.3.1" + }, + { + "version_affected": "<", + "version_name": "15.1.x", + "version_value": "15.1.6.1" + }, + { + "version_affected": "<", + "version_name": "14.1.x", + "version_value": "14.1.5.1" + }, + { + "version_affected": "<", + "version_name": "13.1.x", + "version_value": "13.1.5.1" + } + ] + } + } + ] + }, + "vendor_name": "F5" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "This issue was discovered internally by F5." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, when a SIP profile is configured on a virtual server, undisclosed messages can cause an increase in memory resource utilization." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-401 Missing Release of Memory after Effective Lifetime" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.f5.com/csp/article/K10347453", + "name": "https://support.f5.com/csp/article/K10347453" + } + ] + }, + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41833.json b/2022/41xxx/CVE-2022-41833.json index a2342ec3e8d..72f86f46665 100644 --- a/2022/41xxx/CVE-2022-41833.json +++ b/2022/41xxx/CVE-2022-41833.json @@ -1,18 +1,114 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2022-10-19T14:00:00.000Z", "ID": "CVE-2022-41833", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "BIG-IP iRule vulnerability CVE-2022-41833" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_affected": "!>=", + "version_name": "17.0.x", + "version_value": "17.0.0" + }, + { + "version_affected": "!<=", + "version_name": "16.1.x", + "version_value": "16.1.0" + }, + { + "version_affected": "!>=", + "version_name": "15.1.x", + "version_value": "15.1.0" + }, + { + "version_affected": "!>=", + "version_name": "14.1.x", + "version_value": "14.1.0" + }, + { + "version_affected": ">=", + "version_name": "13.1.x", + "version_value": "13.1.0" + } + ] + } + } + ] + }, + "vendor_name": "F5" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "This issue was discovered internally by F5." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In all BIG-IP 13.1.x versions, when an iRule containing the HTTP::collect command is configured on a virtual server, undisclosed requests can cause Traffic Management Microkernel (TMM) to terminate." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400 Uncontrolled Resource Consumption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.f5.com/csp/article/K69940053", + "name": "https://support.f5.com/csp/article/K69940053" + } + ] + }, + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41835.json b/2022/41xxx/CVE-2022-41835.json index 6c75c81024b..67d909fc1c2 100644 --- a/2022/41xxx/CVE-2022-41835.json +++ b/2022/41xxx/CVE-2022-41835.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2022-10-19T14:00:00.000Z", "ID": "CVE-2022-41835", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "F5OS vulnerability CVE-2022-41835" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "F5OS-A", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.x", + "version_value": "1.1.0" + } + ] + } + }, + { + "product_name": "F5OS-C", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.x", + "version_value": "1.5.0" + } + ] + } + } + ] + }, + "vendor_name": "F5" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "This issue was discovered internally by F5." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.5.0, excessive file permissions in F5OS allows an authenticated local attacker to execute limited set of commands in a container and impact the F5OS controller." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269 Improper Privilege Management" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.f5.com/csp/article/K33484483", + "name": "https://support.f5.com/csp/article/K33484483" + } + ] + }, + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41836.json b/2022/41xxx/CVE-2022-41836.json index f7b50a630da..f7ae846dc9e 100644 --- a/2022/41xxx/CVE-2022-41836.json +++ b/2022/41xxx/CVE-2022-41836.json @@ -1,18 +1,114 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2022-10-19T14:00:00.000Z", "ID": "CVE-2022-41836", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "BIG-IP Advanced WAF and ASM bd vulnerability CVE-2022-41836" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP Advanced WAF & ASM", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "17.0.x", + "version_value": "17.0.0.1" + }, + { + "version_affected": "<", + "version_name": "16.1.x", + "version_value": "16.1.3.1" + }, + { + "version_affected": "<", + "version_name": "15.1.x", + "version_value": "15.1.7" + }, + { + "version_affected": "!>=", + "version_name": "14.1.x", + "version_value": "14.1.0" + }, + { + "version_affected": "!>=", + "version_name": "13.1.x", + "version_value": "13.1.0" + } + ] + } + } + ] + }, + "vendor_name": "F5" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "This issue was discovered internally by F5." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When an 'Attack Signature False Positive Mode' enabled security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.f5.com/csp/article/K47204506", + "name": "https://support.f5.com/csp/article/K47204506" + } + ] + }, + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41983.json b/2022/41xxx/CVE-2022-41983.json index d2a50b76f0a..71ab819b052 100644 --- a/2022/41xxx/CVE-2022-41983.json +++ b/2022/41xxx/CVE-2022-41983.json @@ -1,18 +1,114 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2022-10-19T14:00:00.000Z", "ID": "CVE-2022-41983", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "BIG-IP TMM Vulnerability CVE-2022-41983" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_affected": "!>=", + "version_name": "17.0.x", + "version_value": "17.0.0" + }, + { + "version_affected": "<", + "version_name": "16.1.x", + "version_value": "16.1.3.1" + }, + { + "version_affected": "<", + "version_name": "15.1.x", + "version_value": "15.1.7" + }, + { + "version_affected": "<", + "version_name": "14.1.x", + "version_value": "14.1.5.1" + }, + { + "version_affected": ">=", + "version_name": "13.1.x", + "version_value": "13.1.0" + } + ] + } + } + ] + }, + "vendor_name": "F5" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "This issue was discovered internally by F5." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, while Intel QAT (QuickAssist Technology) and the AES-GCM/CCM cipher is in use, undisclosed conditions can cause BIG-IP to send data unencrypted even with an SSL Profile applied." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.7, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-319 Cleartext Transmission of Sensitive Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.f5.com/csp/article/K31523465", + "name": "https://support.f5.com/csp/article/K31523465" + } + ] + }, + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file