admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/master'

Browse Source
This commit is contained in:
JamesMihm 2022-10-19 15:50:09 -07:00
commit c95923e398
91 changed files with 3798 additions and 277 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
2013/4xxx/CVE-2013-4253.json
View File

@ -1,17 +1,66 @@
{ {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4253",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-4253",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Openshift",
"version": {
"version_data": [
{
"version_value": "Red Hat Openshift 1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-377"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2014/06/05/19",
"url": "https://www.openwall.com/lists/oss-security/2014/06/05/19"
},
{
"refsource": "MISC",
"name": "https://github.com/openshift/openshift-extras/blob/enterprise-2.0/README.md#security-notice",
"url": "https://github.com/openshift/openshift-extras/blob/enterprise-2.0/README.md#security-notice"
}
]
},
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The deployment script in the unsupported \"OpenShift Extras\" set of add-on scripts, in Red Hat Openshift 1, installs a default public key in the root user's authorized_keys file."
} }
] ]
} }

63
2013/4xxx/CVE-2013-4281.json
View File

@ -1,17 +1,66 @@
{ {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4281",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-4281",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Openshift",
"version": {
"version_data": [
{
"version_value": "Red Hat Openshift 1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2014/06/05/19",
"url": "https://www.openwall.com/lists/oss-security/2014/06/05/19"
},
{
"refsource": "MISC",
"name": "https://github.com/openshift/openshift-extras/blob/enterprise-2.0/README.md#security-notice",
"url": "https://github.com/openshift/openshift-extras/blob/enterprise-2.0/README.md#security-notice"
}
]
},
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In Red Hat Openshift 1, weak default permissions are applied to the /etc/openshift/server_priv.pem file on the broker server, which could allow users with local access to the broker to read this file."
} }
] ]
} }

5
2017/2xxx/CVE-2017-2601.json
View File

@ -104,6 +104,11 @@
"refsource": "MLIST", "refsource": "MLIST",
"name": "[oss-security] 20220630 Multiple vulnerabilities in Jenkins plugins", "name": "[oss-security] 20220630 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/06/30/3" "url": "http://www.openwall.com/lists/oss-security/2022/06/30/3"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
} }
] ]
} }

18
2021/46xxx/CVE-2021-46846.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46846",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

55
2022/1xxx/CVE-2022-1414.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-1414", "ID": "CVE-2022-1414",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "3scale-amp-system",
"version": {
"version_data": [
{
"version_value": "3scale-amp-system as shipped in 3scale-AMP 2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1173"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2076794",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076794"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-1414",
"url": "https://access.redhat.com/security/cve/CVE-2022-1414"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks."
} }
] ]
} }

94
2022/1xxx/CVE-2022-1523.json
View File

@ -1,18 +1,100 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-08-30T16:13:00.000Z",
"ID": "CVE-2022-1523", "ID": "CVE-2022-1523",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "Fuji Electric D300win Write-what-where condition"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "D300win",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.7.1.16",
"version_value": "3.7.1.17"
}
]
}
}
]
},
"vendor_name": "Fuji Electric"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Uri Katz from Claroty reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Fuji Electric D300win prior to version 3.7.1.17 is vulnerable to a write-what-where condition, which could allow an attacker to overwrite program memory to manipulate the flow of information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-123 Write-what-where Condition"
} }
] ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-05",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-05"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Fuji Electric has fixed these vulnerabilities and recommends users upgrade to D300win v3.7.1.17 or later."
}
],
"source": {
"discovery": "UNKNOWN"
}
} }

94
2022/1xxx/CVE-2022-1738.json
View File

@ -1,18 +1,100 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-08-30T16:13:00.000Z",
"ID": "CVE-2022-1738", "ID": "CVE-2022-1738",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "Fuji Electric D300win Out-of-bounds Read"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "D300win",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.7.1.16",
"version_value": "3.7.1.17"
}
]
}
}
]
},
"vendor_name": "Fuji Electric"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Uri Katz from Claroty reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Fuji Electric D300win prior to version 3.7.1.17 is vulnerable to an out-of-bounds read, which could allow an attacker to leak sensitive data from the process memory."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
} }
] ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-05",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-05"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Fuji Electric has fixed these vulnerabilities and recommends users upgrade to D300win v3.7.1.17 or later."
}
],
"source": {
"discovery": "UNKNOWN"
}
} }

4
2022/1xxx/CVE-2022-1970.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-1970", "ID": "CVE-2022-1970",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "STATE": "REJECT"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none."
} }
] ]
} }

4
2022/20xxx/CVE-2022-20424.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-20424", "ID": "CVE-2022-20424",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "STATE": "REJECT"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
} }
] ]
} }

50
2022/23xxx/CVE-2022-23241.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-23241", "ID": "CVE-2022-23241",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-alert@netapp.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Clustered Data ONTAP",
"version": {
"version_data": [
{
"version_value": "9.11.1 through 9.11.1P2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary Data Modification"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20221017-0001/",
"url": "https://security.netapp.com/advisory/ntap-20221017-0001/"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Clustered Data ONTAP versions 9.11.1 through 9.11.1P2 with SnapLock configured FlexGroups are susceptible to a vulnerability which could allow an authenticated remote attacker to arbitrarily modify or delete WORM data prior to the end of the retention period."
} }
] ]
} }

55
2022/2xxx/CVE-2022-2805.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-2805", "ID": "CVE-2022-2805",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "ovirt-engine",
"version": {
"version_data": [
{
"version_value": "ovirt-engine 4.5.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2079545",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2079545"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-2805",
"url": "https://access.redhat.com/security/cve/CVE-2022-2805"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A flaw was found in ovirt-engine, which leads to the logging of plaintext passwords in the log file when using otapi-style. This flaw allows an attacker with sufficient privileges to read the log file, leading to confidentiality loss."
} }
] ]
} }

50
2022/31xxx/CVE-2022-31684.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-31684", "ID": "CVE-2022-31684",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@vmware.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Reactor Netty",
"version": {
"version_data": [
{
"version_value": "Reactor Netty 1.0.11 to 1.0.23"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HTTP Server may log request headers"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://tanzu.vmware.com/security/cve-2022-31684",
"url": "https://tanzu.vmware.com/security/cve-2022-31684"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled."
} }
] ]
} }

108
2022/36xxx/CVE-2022-36795.json
View File

@ -1,18 +1,114 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2022-10-19T14:00:00.000Z",
"ID": "CVE-2022-36795", "ID": "CVE-2022-36795",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "BIG-IP software SYN cookies vulnerability CVE-2022-36795"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "17.0.x",
"version_value": "17.0.0.1"
},
{
"version_affected": "<",
"version_name": "16.1.x",
"version_value": "16.1.3.1"
},
{
"version_affected": "<",
"version_name": "15.1.x",
"version_value": "15.1.7"
},
{
"version_affected": "<",
"version_name": "14.1.x",
"version_value": "14.1.5.1"
},
{
"version_affected": "!>=",
"version_name": "13.1.x",
"version_value": "13.1.0"
}
]
}
}
]
},
"vendor_name": "F5"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered internally by F5."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, and 14.1.x before 14.1.5.1, when an LTM TCP profile with Auto Receive Window Enabled is configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing new client connections."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-682 Incorrect Calculation"
} }
] ]
} }
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K52494562",
"name": "https://support.f5.com/csp/article/K52494562"
}
]
},
"source": {
"discovery": "INTERNAL"
}
} }

7
2022/37xxx/CVE-2022-37767.json
View File

@ -34,7 +34,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary code execution with springbok" "value": "** DISPUTED ** Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary code execution with springbok. NOTE: the vendor disputes this because input to the Pebble templating engine is intended to include arbitrary Java code, and thus either the input should not arrive from an untrusted source, or else the application using the engine should apply restrictions to the input. The engine is not responsible for validating the input."
} }
] ]
}, },
@ -56,6 +56,11 @@
"url": "https://github.com/Y4tacker/Web-Security/issues/3", "url": "https://github.com/Y4tacker/Web-Security/issues/3",
"refsource": "MISC", "refsource": "MISC",
"name": "https://github.com/Y4tacker/Web-Security/issues/3" "name": "https://github.com/Y4tacker/Web-Security/issues/3"
},
{
"refsource": "MISC",
"name": "https://github.com/PebbleTemplates/pebble/issues/625#issuecomment-1282138635",
"url": "https://github.com/PebbleTemplates/pebble/issues/625#issuecomment-1282138635"
} }
] ]
} }

92
2022/38xxx/CVE-2022-38107.json
View File

@ -1,18 +1,98 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "psirt@solarwinds.com",
"DATE_PUBLIC": "2022-10-18T09:41:00.000Z",
"ID": "CVE-2022-38107", "ID": "CVE-2022-38107",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "Sensitive Data Disclosure Vulnerability"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SQL Sentry",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "2021.18.10 and previous versions"
}
]
}
}
]
},
"vendor_name": "SolarWinds"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-209 Information Exposure Through an Error Message"
} }
] ]
} }
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38107",
"name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38107"
},
{
"refsource": "MISC",
"url": "https://docs.sentryone.com/help/sentryone-platform-release-notes",
"name": "https://docs.sentryone.com/help/sentryone-platform-release-notes"
}
]
},
"solution": [
{
"lang": "eng",
"value": "SolarWinds recommends customers upgrade to SQL Sentry version 2022.4 as soon as possible."
}
],
"source": {
"discovery": "UNKNOWN"
}
} }

55
2022/3xxx/CVE-2022-3586.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-3586", "ID": "CVE-2022-3586",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Linux Kernel",
"version": {
"version_data": [
{
"version_value": "Fixed in kernel v6.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/9efd23297cca",
"url": "https://github.com/torvalds/linux/commit/9efd23297cca"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/upcoming/",
"url": "https://www.zerodayinitiative.com/advisories/upcoming/"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A flaw was found in the Linux kernel\u2019s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service."
} }
] ]
} }

18
2022/3xxx/CVE-2022-3611.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3611",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

61
2022/40xxx/CVE-2022-40884.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-40884",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2022-40884",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Bento4 1.6.0 has memory leaks via the mp4fragment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/axiomatic-systems/Bento4/issues/759",
"refsource": "MISC",
"name": "https://github.com/axiomatic-systems/Bento4/issues/759"
},
{
"refsource": "MISC",
"name": "https://github.com/yangfar/CVE/blob/main/CVE-2022-40884.md",
"url": "https://github.com/yangfar/CVE/blob/main/CVE-2022-40884.md"
} }
] ]
} }

61
2022/40xxx/CVE-2022-40885.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-40885",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2022-40885",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Bento4 v1.6.0-639 has a memory allocation issue that can cause denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/axiomatic-systems/Bento4/issues/761",
"refsource": "MISC",
"name": "https://github.com/axiomatic-systems/Bento4/issues/761"
},
{
"refsource": "MISC",
"name": "https://github.com/yangfar/CVE/blob/main/CVE-2022-40885.md",
"url": "https://github.com/yangfar/CVE/blob/main/CVE-2022-40885.md"
} }
] ]
} }

108
2022/41xxx/CVE-2022-41617.json
View File

@ -1,18 +1,114 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2022-10-19T14:00:00.000Z",
"ID": "CVE-2022-41617", "ID": "CVE-2022-41617",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "BIG-IP Advanced WAF and ASM iControl REST vulnerability CVE-2022-41617"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP Advanced WAF & ASM",
"version": {
"version_data": [
{
"version_affected": "!>=",
"version_name": "17.0.x",
"version_value": "17.0.0"
},
{
"version_affected": "<",
"version_name": "16.1.x",
"version_value": "16.1.3.1"
},
{
"version_affected": "<",
"version_name": "15.1.x",
"version_value": "15.1.6.1"
},
{
"version_affected": "<",
"version_name": "14.1.x",
"version_value": "14.1.5.1"
},
{
"version_affected": "<",
"version_name": "13.1.x",
"version_value": "13.1.5.1"
}
]
}
}
]
},
"vendor_name": "F5"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered internally by F5."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, When the Advanced WAF / ASM module is provisioned, an authenticated remote code execution vulnerability exists in the BIG-IP iControl REST interface."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"
} }
] ]
} }
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K11830089",
"name": "https://support.f5.com/csp/article/K11830089"
}
]
},
"source": {
"discovery": "INTERNAL"
}
} }

108
2022/41xxx/CVE-2022-41624.json
View File

@ -1,18 +1,114 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2022-10-19T14:00:00.000Z",
"ID": "CVE-2022-41624", "ID": "CVE-2022-41624",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "BIG-IP iRules vulnerability CVE-2022-41624"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "17.0.x",
"version_value": "17.0.0.1"
},
{
"version_affected": "<",
"version_name": "16.1.x",
"version_value": "16.1.3.2"
},
{
"version_affected": "<",
"version_name": "15.1.x",
"version_value": "15.1.7"
},
{
"version_affected": "<",
"version_name": "14.1.x",
"version_value": "14.1.5.2"
},
{
"version_affected": "<",
"version_name": "13.1.x",
"version_value": "13.1.5.1"
}
]
}
}
]
},
"vendor_name": "F5"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered internally by F5."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.2, 15.1.x before 15.1.7, 14.1.x before 14.1.5.2, and 13.1.x before 13.1.5.1, when a sideband iRule is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401 Missing Release of Memory after Effective Lifetime"
} }
] ]
} }
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K43024307",
"name": "https://support.f5.com/csp/article/K43024307"
}
]
},
"source": {
"discovery": "INTERNAL"
}
} }

108
2022/41xxx/CVE-2022-41691.json
View File

@ -1,18 +1,114 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2022-10-19T14:00:00.000Z",
"ID": "CVE-2022-41691", "ID": "CVE-2022-41691",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "BIG-IP Advanced WAF/ASM bd vulnerability CVE-2022-41691"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP Advanced WAF & ASM",
"version": {
"version_data": [
{
"version_affected": "!>=",
"version_name": "17.0.x",
"version_value": "17.0.0"
},
{
"version_affected": "!<=",
"version_name": "16.1.x",
"version_value": "16.1.0"
},
{
"version_affected": "!>=",
"version_name": "15.1.x",
"version_value": "15.1.0"
},
{
"version_affected": "<",
"version_name": "14.1.x",
"version_value": "14.1.5.2"
},
{
"version_affected": "!>=",
"version_name": "13.1.x",
"version_value": "13.1.0"
}
]
}
}
]
},
"vendor_name": "F5"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered internally by F5."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-763 Release of Invalid Pointer or Reference"
} }
] ]
} }
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K02694732",
"name": "https://support.f5.com/csp/article/K02694732"
}
]
},
"source": {
"discovery": "INTERNAL"
}
} }

125
2022/41xxx/CVE-2022-41694.json
View File

@ -1,18 +1,131 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2022-10-19T14:00:00.000Z",
"ID": "CVE-2022-41694", "ID": "CVE-2022-41694",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "BIG-IP and BIG-IQ mcpd vulnerability CVE-2022-41694"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_affected": "!>=",
"version_name": "17.0.x",
"version_value": "17.0.0"
},
{
"version_affected": "<",
"version_name": "16.1.x",
"version_value": "16.1.3"
},
{
"version_affected": "<",
"version_name": "15.1.x",
"version_value": "15.1.6.1"
},
{
"version_affected": "<",
"version_name": "14.1.x",
"version_value": "14.1.5"
},
{
"version_affected": ">=",
"version_name": "13.1.x",
"version_value": "13.1.0"
}
]
}
},
{
"product_name": "BIG-IQ",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8.x",
"version_value": "8.2.0.1"
},
{
"version_affected": ">=",
"version_name": "7.1.x",
"version_value": "7.1.0"
}
]
}
}
]
},
"vendor_name": "F5"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered internally by F5."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In BIG-IP versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, and BIG-IQ versions 8.x before 8.2.0.1 and all versions of 7.x, when an SSL key is imported on a BIG-IP or BIG-IQ system, undisclosed input can cause MCPD to terminate."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
} }
] ]
} }
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K64829234",
"name": "https://support.f5.com/csp/article/K64829234"
}
]
},
"source": {
"discovery": "INTERNAL"
}
} }

55
2022/41xxx/CVE-2022-41708.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-41708", "ID": "CVE-2022-41708",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "help@fluidattacks.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "relatedcode/Messenger",
"version": {
"version_data": [
{
"version_value": "7bcd20b"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper authorization control for web services"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/relatedcode/Messenger",
"url": "https://github.com/relatedcode/Messenger"
},
{
"refsource": "MISC",
"name": "https://fluidattacks.com/advisories/tiesto/",
"url": "https://fluidattacks.com/advisories/tiesto/"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access existing chats in the workspaces of any user of the application. This is possible because the application does not validate permissions correctly."
} }
] ]
} }

124
2022/41xxx/CVE-2022-41741.json
View File

@ -1,18 +1,130 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2022-10-19T14:00:00.000Z",
"ID": "CVE-2022-41741", "ID": "CVE-2022-41741",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "NGINX ngx_http_mp4_module vulnerability CVE-2022-41741"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NGINX",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "Mainline",
"version_value": "1.23.2"
},
{
"version_affected": "<",
"version_name": "Stable",
"version_value": "1.22.1"
}
]
}
},
{
"product_name": "NGINX Plus",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R27",
"version_value": "R27-p1"
},
{
"version_affected": "<",
"version_name": "R1",
"version_value": "R26-p1"
}
]
}
},
{
"product_name": "NGINX Open Source Subscription",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R2",
"version_value": "R2 P1"
},
{
"version_affected": "<",
"version_name": "R1",
"version_value": "R1 P1"
}
]
}
}
]
},
"vendor_name": "F5"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its termination or potential other impact using a specially crafted audio or video file. The issue affects only NGINX products that are built with the ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
} }
] ]
} }
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K81926432",
"name": "https://support.f5.com/csp/article/K81926432"
}
]
},
"source": {
"defect": [
"NWA-1396"
],
"discovery": "EXTERNAL"
}
} }

124
2022/41xxx/CVE-2022-41742.json
View File

@ -1,18 +1,130 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2022-10-19T14:00:00.000Z",
"ID": "CVE-2022-41742", "ID": "CVE-2022-41742",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "NGINX ngx_http_mp4_module vulnerability CVE-2022-41742"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NGINX",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "Mainline",
"version_value": "1.23.2"
},
{
"version_affected": "<",
"version_name": "Stable",
"version_value": "1.22.1"
}
]
}
},
{
"product_name": "NGINX Plus",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R27",
"version_value": "R27-p1"
},
{
"version_affected": "<",
"version_name": "R1",
"version_value": "R26-p1 "
}
]
}
},
{
"product_name": "NGINX Open Source Subscription",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R2",
"version_value": "R2 P1"
},
{
"version_affected": "<",
"version_name": "R1",
"version_value": "R1 P1"
}
]
}
}
]
},
"vendor_name": "F5"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products that are built with the module ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
} }
] ]
} }
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K28112382",
"name": "https://support.f5.com/csp/article/K28112382"
}
]
},
"source": {
"defect": [
"NWA-1396"
],
"discovery": "EXTERNAL"
}
} }

90
2022/41xxx/CVE-2022-41743.json
View File

@ -1,18 +1,96 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2022-10-19T14:00:00.000Z",
"ID": "CVE-2022-41743", "ID": "CVE-2022-41743",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "NGINX ngx_http_hls_module vulnerability CVE-2022-41743"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NGINX Plus",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R27",
"version_value": "R27-p1"
},
{
"version_affected": "<",
"version_name": "R1",
"version_value": "R26-p1 "
}
]
}
}
]
},
"vendor_name": "F5"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_hls_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its crash or potential other impact using a specially crafted audio or video file. The issue affects only NGINX Plus when the hls directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_hls_module."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
} }
] ]
} }
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K01112063",
"name": "https://support.f5.com/csp/article/K01112063"
}
]
},
"source": {
"defect": [
"NWA-1396"
],
"discovery": "EXTERNAL"
}
} }

125
2022/41xxx/CVE-2022-41770.json
View File

@ -1,18 +1,131 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2022-10-19T14:00:00.000Z",
"ID": "CVE-2022-41770", "ID": "CVE-2022-41770",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "BIG-IP and BIG-IQ iControl REST vulnerability CVE-2022-41770"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "17.0.x",
"version_value": "17.0.0.1"
},
{
"version_affected": "<",
"version_name": "16.1.x",
"version_value": "16.1.3.1"
},
{
"version_affected": "<",
"version_name": "15.1.x",
"version_value": "15.1.7"
},
{
"version_affected": "<",
"version_name": "14.1.x",
"version_value": "14.1.5.1"
},
{
"version_affected": ">=",
"version_name": "13.1.x",
"version_value": "13.1.0"
}
]
}
},
{
"product_name": "BIG-IQ",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "8.x",
"version_value": "8.0.0"
},
{
"version_affected": ">=",
"version_name": "7.1.x",
"version_value": "7.1.0"
}
]
}
}
]
},
"vendor_name": "F5"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered internally by F5."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ all versions of 8.x and 7.x, an authenticated iControl REST user can cause an increase in memory resource utilization, via undisclosed requests."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
} }
] ]
} }
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K22505850",
"name": "https://support.f5.com/csp/article/K22505850"
}
]
},
"source": {
"discovery": "INTERNAL"
}
} }

100
2022/41xxx/CVE-2022-41780.json
View File

@ -1,18 +1,106 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2022-10-19T14:00:00.000Z",
"ID": "CVE-2022-41780", "ID": "CVE-2022-41780",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "F5OS CLI vulnerability CVE-2022-41780"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "F5OS-A",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.x",
"version_value": "1.1.0"
}
]
}
},
{
"product_name": "F5OS-C",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.x",
"version_value": "1.4.0"
}
]
}
}
]
},
"vendor_name": "F5"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered internally by F5."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.4.0, a directory traversal vulnerability exists in an undisclosed location of the F5OS CLI that allows an attacker to read arbitrary files."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
} }
] ]
} }
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K81701735",
"name": "https://support.f5.com/csp/article/K81701735"
}
]
},
"source": {
"discovery": "INTERNAL"
}
} }

140
2022/41xxx/CVE-2022-41787.json
View File

@ -1,18 +1,146 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2022-10-19T14:00:00.000Z",
"ID": "CVE-2022-41787", "ID": "CVE-2022-41787",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "BIG-IP DNS Express vulnerability CVE-2022-41787"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP DNS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "17.0.x",
"version_value": "17.0.0.1"
},
{
"version_affected": "<",
"version_name": "16.1.x",
"version_value": "16.1.3.1"
},
{
"version_affected": "<",
"version_name": "15.1.x",
"version_value": "15.1.6.1"
},
{
"version_affected": "<",
"version_name": "14.1.x",
"version_value": "14.1.5.1"
},
{
"version_affected": "<",
"version_name": "13.1.x",
"version_value": "13.1.5.1"
}
]
}
},
{
"product_name": "BIG-IP LTM",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "17.0.x",
"version_value": "17.0.0.1"
},
{
"version_affected": "<",
"version_name": "16.1.x",
"version_value": "16.1.3.1"
},
{
"version_affected": "<",
"version_name": "15.1.x",
"version_value": "15.1.6.1"
},
{
"version_affected": "<",
"version_name": "14.1.x",
"version_value": "14.1.5.1"
},
{
"version_affected": "<",
"version_name": "13.1.x",
"version_value": "13.1.5.1"
}
]
}
}
]
},
"vendor_name": "F5"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered internally by F5."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, when DNS profile is configured on a virtual server with DNS Express enabled, undisclosed DNS queries with DNSSEC can cause TMM to terminate."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference"
} }
] ]
} }
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K70569537",
"name": "https://support.f5.com/csp/article/K70569537"
}
]
},
"source": {
"discovery": "INTERNAL"
}
} }

108
2022/41xxx/CVE-2022-41806.json
View File

@ -1,18 +1,114 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2022-10-19T14:00:00.000Z",
"ID": "CVE-2022-41806", "ID": "CVE-2022-41806",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "BIG-IP AFM NAT64 Policy Vulnerability CVE-2022-41806"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP AFM",
"version": {
"version_data": [
{
"version_affected": "!>=",
"version_name": "17.0.x",
"version_value": "17.0.0"
},
{
"version_affected": "<",
"version_name": "16.1.x",
"version_value": "16.1.3.2"
},
{
"version_affected": "<",
"version_name": "15.1.x",
"version_value": "15.1.5.1"
},
{
"version_affected": "!>=",
"version_name": "14.1.x",
"version_value": "14.1.0"
},
{
"version_affected": "!>=",
"version_name": "13.1.x",
"version_value": "13.1.0"
}
]
}
}
]
},
"vendor_name": "F5"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered internally by F5."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In versions 16.1.x before 16.1.3.2 and 15.1.x before 15.1.5.1, when BIG-IP AFM Network Address Translation policy with IPv6/IPv4 translation rules is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
} }
] ]
} }
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K00721320",
"name": "https://support.f5.com/csp/article/K00721320"
}
]
},
"source": {
"discovery": "INTERNAL"
}
} }

108
2022/41xxx/CVE-2022-41813.json
View File

@ -1,18 +1,114 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2022-10-19T14:00:00.000Z",
"ID": "CVE-2022-41813", "ID": "CVE-2022-41813",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "BIG-IP PEM and AFM TMUI, TMSH and iControl vulnerability CVE-2022-41813"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP AFM & PEM",
"version": {
"version_data": [
{
"version_affected": "!>=",
"version_name": "17.0.x",
"version_value": "17.0.0"
},
{
"version_affected": "<",
"version_name": "16.1.x",
"version_value": "16.1.3.1"
},
{
"version_affected": "<",
"version_name": "15.1.x",
"version_value": "15.1.6.1"
},
{
"version_affected": "<",
"version_name": "14.1.x",
"version_value": "14.1.5"
},
{
"version_affected": ">=",
"version_name": "13.1.x",
"version_value": "13.1.0"
}
]
}
}
]
},
"vendor_name": "F5"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered internally by F5."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when BIG-IP is provisioned with PEM or AFM module, an undisclosed input can cause Traffic Management Microkernel (TMM) to terminate."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
} }
] ]
} }
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K93723284",
"name": "https://support.f5.com/csp/article/K93723284"
}
]
},
"source": {
"discovery": "INTERNAL"
}
} }

108
2022/41xxx/CVE-2022-41832.json
View File

@ -1,18 +1,114 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2022-10-19T14:00:00.000Z",
"ID": "CVE-2022-41832", "ID": "CVE-2022-41832",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "BIG-IP SIP vulnerability CVE-2022-41832"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "17.0.x",
"version_value": "17.0.0.1"
},
{
"version_affected": "<",
"version_name": "16.1.x",
"version_value": "16.1.3.1"
},
{
"version_affected": "<",
"version_name": "15.1.x",
"version_value": "15.1.6.1"
},
{
"version_affected": "<",
"version_name": "14.1.x",
"version_value": "14.1.5.1"
},
{
"version_affected": "<",
"version_name": "13.1.x",
"version_value": "13.1.5.1"
}
]
}
}
]
},
"vendor_name": "F5"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered internally by F5."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, when a SIP profile is configured on a virtual server, undisclosed messages can cause an increase in memory resource utilization."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401 Missing Release of Memory after Effective Lifetime"
} }
] ]
} }
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K10347453",
"name": "https://support.f5.com/csp/article/K10347453"
}
]
},
"source": {
"discovery": "INTERNAL"
}
} }

108
2022/41xxx/CVE-2022-41833.json
View File

@ -1,18 +1,114 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2022-10-19T14:00:00.000Z",
"ID": "CVE-2022-41833", "ID": "CVE-2022-41833",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "BIG-IP iRule vulnerability CVE-2022-41833"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_affected": "!>=",
"version_name": "17.0.x",
"version_value": "17.0.0"
},
{
"version_affected": "!<=",
"version_name": "16.1.x",
"version_value": "16.1.0"
},
{
"version_affected": "!>=",
"version_name": "15.1.x",
"version_value": "15.1.0"
},
{
"version_affected": "!>=",
"version_name": "14.1.x",
"version_value": "14.1.0"
},
{
"version_affected": ">=",
"version_name": "13.1.x",
"version_value": "13.1.0"
}
]
}
}
]
},
"vendor_name": "F5"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered internally by F5."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In all BIG-IP 13.1.x versions, when an iRule containing the HTTP::collect command is configured on a virtual server, undisclosed requests can cause Traffic Management Microkernel (TMM) to terminate."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
} }
] ]
} }
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K69940053",
"name": "https://support.f5.com/csp/article/K69940053"
}
]
},
"source": {
"discovery": "INTERNAL"
}
} }

100
2022/41xxx/CVE-2022-41835.json
View File

@ -1,18 +1,106 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2022-10-19T14:00:00.000Z",
"ID": "CVE-2022-41835", "ID": "CVE-2022-41835",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "F5OS vulnerability CVE-2022-41835"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "F5OS-A",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.x",
"version_value": "1.1.0"
}
]
}
},
{
"product_name": "F5OS-C",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.x",
"version_value": "1.5.0"
}
]
}
}
]
},
"vendor_name": "F5"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered internally by F5."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.5.0, excessive file permissions in F5OS allows an authenticated local attacker to execute limited set of commands in a container and impact the F5OS controller."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
} }
] ]
} }
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K33484483",
"name": "https://support.f5.com/csp/article/K33484483"
}
]
},
"source": {
"discovery": "INTERNAL"
}
} }

108
2022/41xxx/CVE-2022-41836.json
View File

@ -1,18 +1,114 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2022-10-19T14:00:00.000Z",
"ID": "CVE-2022-41836", "ID": "CVE-2022-41836",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "BIG-IP Advanced WAF and ASM bd vulnerability CVE-2022-41836"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP Advanced WAF & ASM",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "17.0.x",
"version_value": "17.0.0.1"
},
{
"version_affected": "<",
"version_name": "16.1.x",
"version_value": "16.1.3.1"
},
{
"version_affected": "<",
"version_name": "15.1.x",
"version_value": "15.1.7"
},
{
"version_affected": "!>=",
"version_name": "14.1.x",
"version_value": "14.1.0"
},
{
"version_affected": "!>=",
"version_name": "13.1.x",
"version_value": "13.1.0"
}
]
}
}
]
},
"vendor_name": "F5"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered internally by F5."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "When an 'Attack Signature False Positive Mode' enabled security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
} }
] ]
} }
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K47204506",
"name": "https://support.f5.com/csp/article/K47204506"
}
]
},
"source": {
"discovery": "INTERNAL"
}
} }

108
2022/41xxx/CVE-2022-41983.json
View File

@ -1,18 +1,114 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2022-10-19T14:00:00.000Z",
"ID": "CVE-2022-41983", "ID": "CVE-2022-41983",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "BIG-IP TMM Vulnerability CVE-2022-41983"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_affected": "!>=",
"version_name": "17.0.x",
"version_value": "17.0.0"
},
{
"version_affected": "<",
"version_name": "16.1.x",
"version_value": "16.1.3.1"
},
{
"version_affected": "<",
"version_name": "15.1.x",
"version_value": "15.1.7"
},
{
"version_affected": "<",
"version_name": "14.1.x",
"version_value": "14.1.5.1"
},
{
"version_affected": ">=",
"version_name": "13.1.x",
"version_value": "13.1.0"
}
]
}
}
]
},
"vendor_name": "F5"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered internally by F5."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, while Intel QAT (QuickAssist Technology) and the AES-GCM/CCM cipher is in use, undisclosed conditions can cause BIG-IP to send data unencrypted even with an SSL Profile applied."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319 Cleartext Transmission of Sensitive Information"
} }
] ]
} }
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K31523465",
"name": "https://support.f5.com/csp/article/K31523465"
}
]
},
"source": {
"discovery": "INTERNAL"
}
} }

56
2022/42xxx/CVE-2022-42227.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-42227",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2022-42227",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "jsonlint 1.0 is vulnerable to heap-buffer-overflow via /home/hjsz/jsonlint/src/lexer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/p-ranav/jsonlint/issues/2",
"refsource": "MISC",
"name": "https://github.com/p-ranav/jsonlint/issues/2"
} }
] ]
} }

56
2022/43xxx/CVE-2022-43014.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-43014",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2022-43014",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the joborderID parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/hansmach1ne/opencats_zero-days/blob/main/XSS_in_joborderID.md",
"refsource": "MISC",
"name": "https://github.com/hansmach1ne/opencats_zero-days/blob/main/XSS_in_joborderID.md"
} }
] ]
} }

56
2022/43xxx/CVE-2022-43015.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-43015",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2022-43015",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the entriesPerPage parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/hansmach1ne/opencats_zero-days/blob/main/XSS_in_entriesPerPage.md",
"refsource": "MISC",
"name": "https://github.com/hansmach1ne/opencats_zero-days/blob/main/XSS_in_entriesPerPage.md"
} }
] ]
} }

56
2022/43xxx/CVE-2022-43016.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-43016",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2022-43016",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/hansmach1ne/opencats_zero-days/blob/main/XSS_in_callback.md",
"refsource": "MISC",
"name": "https://github.com/hansmach1ne/opencats_zero-days/blob/main/XSS_in_callback.md"
} }
] ]
} }

56
2022/43xxx/CVE-2022-43017.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-43017",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2022-43017",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the indexFile component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/hansmach1ne/opencats_zero-days/blob/main/XSS_in_indexFile.md",
"refsource": "MISC",
"name": "https://github.com/hansmach1ne/opencats_zero-days/blob/main/XSS_in_indexFile.md"
} }
] ]
} }

56
2022/43xxx/CVE-2022-43018.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-43018",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2022-43018",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the email parameter in the Check Email function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/hansmach1ne/opencats_zero-days/blob/main/XSS_in_checkEmail.md",
"refsource": "MISC",
"name": "https://github.com/hansmach1ne/opencats_zero-days/blob/main/XSS_in_checkEmail.md"
} }
] ]
} }

56
2022/43xxx/CVE-2022-43019.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-43019",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2022-43019",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "OpenCATS v0.9.6 was discovered to contain a remote code execution (RCE) vulnerability via the getDataGridPager's ajax functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/hansmach1ne/opencats_zero-days/blob/main/RCE_via_deserialisation.md",
"refsource": "MISC",
"name": "https://github.com/hansmach1ne/opencats_zero-days/blob/main/RCE_via_deserialisation.md"
} }
] ]
} }

56
2022/43xxx/CVE-2022-43020.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-43020",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2022-43020",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag update function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/hansmach1ne/opencats_zero-days/blob/main/SQLI_in_Tag_Updates.md",
"refsource": "MISC",
"name": "https://github.com/hansmach1ne/opencats_zero-days/blob/main/SQLI_in_Tag_Updates.md"
} }
] ]
} }

56
2022/43xxx/CVE-2022-43021.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-43021",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2022-43021",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the entriesPerPage variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/hansmach1ne/opencats_zero-days/blob/main/SQLI_JobOrders.md",
"refsource": "MISC",
"name": "https://github.com/hansmach1ne/opencats_zero-days/blob/main/SQLI_JobOrders.md"
} }
] ]
} }

56
2022/43xxx/CVE-2022-43022.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-43022",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2022-43022",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag deletion function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/hansmach1ne/opencats_zero-days/blob/main/SQLI_tag_deletion.md",
"refsource": "MISC",
"name": "https://github.com/hansmach1ne/opencats_zero-days/blob/main/SQLI_tag_deletion.md"
} }
] ]
} }

56
2022/43xxx/CVE-2022-43023.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-43023",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2022-43023",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/hansmach1ne/opencats_zero-days/blob/main/SQLI_imports_errors.md",
"refsource": "MISC",
"name": "https://github.com/hansmach1ne/opencats_zero-days/blob/main/SQLI_imports_errors.md"
} }
] ]
} }

56
2022/43xxx/CVE-2022-43024.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-43024",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2022-43024",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/tianhui999/myCVE/blob/main/TX3/TX3-6.md",
"refsource": "MISC",
"name": "https://github.com/tianhui999/myCVE/blob/main/TX3/TX3-6.md"
} }
] ]
} }

56
2022/43xxx/CVE-2022-43025.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-43025",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2022-43025",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the startIp parameter at /goform/SetPptpServerCfg."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/tianhui999/myCVE/blob/main/TX3/TX3-1.md",
"refsource": "MISC",
"name": "https://github.com/tianhui999/myCVE/blob/main/TX3/TX3-1.md"
} }
] ]
} }

56
2022/43xxx/CVE-2022-43026.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-43026",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2022-43026",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the endIp parameter at /goform/SetPptpServerCfg."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/tianhui999/myCVE/blob/main/TX3/TX3-2.md",
"refsource": "MISC",
"name": "https://github.com/tianhui999/myCVE/blob/main/TX3/TX3-2.md"
} }
] ]
} }

56
2022/43xxx/CVE-2022-43027.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-43027",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2022-43027",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the firewallEn parameter at /goform/SetFirewallCfg."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/tianhui999/myCVE/blob/main/TX3/TX3-5.md",
"refsource": "MISC",
"name": "https://github.com/tianhui999/myCVE/blob/main/TX3/TX3-5.md"
} }
] ]
} }

56
2022/43xxx/CVE-2022-43028.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-43028",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2022-43028",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the timeZone parameter at /goform/SetSysTimeCfg."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/tianhui999/myCVE/blob/main/TX3/TX3-3.md",
"refsource": "MISC",
"name": "https://github.com/tianhui999/myCVE/blob/main/TX3/TX3-3.md"
} }
] ]
} }

56
2022/43xxx/CVE-2022-43029.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-43029",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2022-43029",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the time parameter at /goform/SetSysTimeCfg."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/tianhui999/myCVE/blob/main/TX3/TX3-4.md",
"refsource": "MISC",
"name": "https://github.com/tianhui999/myCVE/blob/main/TX3/TX3-4.md"
} }
] ]
} }

5
2022/43xxx/CVE-2022-43401.json
View File

@ -61,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)", "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)",
"refsource": "CONFIRM" "refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
} }
] ]
} }

5
2022/43xxx/CVE-2022-43402.json
View File

@ -65,6 +65,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)", "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)",
"refsource": "CONFIRM" "refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
} }
] ]
} }

5
2022/43xxx/CVE-2022-43403.json
View File

@ -61,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)", "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)",
"refsource": "CONFIRM" "refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
} }
] ]
} }

5
2022/43xxx/CVE-2022-43404.json
View File

@ -61,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)", "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)",
"refsource": "CONFIRM" "refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
} }
] ]
} }

5
2022/43xxx/CVE-2022-43405.json
View File

@ -61,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(2)", "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(2)",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(2)", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(2)",
"refsource": "CONFIRM" "refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
} }
] ]
} }

5
2022/43xxx/CVE-2022-43406.json
View File

@ -57,6 +57,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(2)", "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(2)",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(2)", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(2)",
"refsource": "CONFIRM" "refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
} }
] ]
} }

5
2022/43xxx/CVE-2022-43407.json
View File

@ -61,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2880", "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2880",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2880", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2880",
"refsource": "CONFIRM" "refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
} }
] ]
} }

5
2022/43xxx/CVE-2022-43408.json
View File

@ -61,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2828", "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2828",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2828", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2828",
"refsource": "CONFIRM" "refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
} }
] ]
} }

5
2022/43xxx/CVE-2022-43409.json
View File

@ -61,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2881", "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2881",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2881", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2881",
"refsource": "CONFIRM" "refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
} }
] ]
} }

5
2022/43xxx/CVE-2022-43410.json
View File

@ -57,6 +57,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2831", "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2831",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2831", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2831",
"refsource": "CONFIRM" "refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
} }
] ]
} }

5
2022/43xxx/CVE-2022-43411.json
View File

@ -57,6 +57,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2877", "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2877",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2877", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2877",
"refsource": "CONFIRM" "refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
} }
] ]
} }

5
2022/43xxx/CVE-2022-43412.json
View File

@ -57,6 +57,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2874", "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2874",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2874", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2874",
"refsource": "CONFIRM" "refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
} }
] ]
} }

5
2022/43xxx/CVE-2022-43413.json
View File

@ -57,6 +57,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2791", "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2791",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2791", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2791",
"refsource": "CONFIRM" "refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
} }
] ]
} }

5
2022/43xxx/CVE-2022-43414.json
View File

@ -57,6 +57,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2551", "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2551",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2551", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2551",
"refsource": "CONFIRM" "refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
} }
] ]
} }

5
2022/43xxx/CVE-2022-43415.json
View File

@ -57,6 +57,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2337", "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2337",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2337", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2337",
"refsource": "CONFIRM" "refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
} }
] ]
} }

5
2022/43xxx/CVE-2022-43416.json
View File

@ -57,6 +57,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2844", "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2844",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2844", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2844",
"refsource": "CONFIRM" "refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
} }
] ]
} }

5
2022/43xxx/CVE-2022-43417.json
View File

@ -57,6 +57,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2845%20(1)", "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2845%20(1)",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2845%20(1)", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2845%20(1)",
"refsource": "CONFIRM" "refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
} }
] ]
} }

5
2022/43xxx/CVE-2022-43418.json
View File

@ -57,6 +57,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2845%20(2)", "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2845%20(2)",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2845%20(2)", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2845%20(2)",
"refsource": "CONFIRM" "refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
} }
] ]
} }

5
2022/43xxx/CVE-2022-43419.json
View File

@ -57,6 +57,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2846", "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2846",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2846", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2846",
"refsource": "CONFIRM" "refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
} }
] ]
} }

5
2022/43xxx/CVE-2022-43420.json
View File

@ -57,6 +57,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2836", "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2836",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2836", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2836",
"refsource": "CONFIRM" "refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
} }
] ]
} }

5
2022/43xxx/CVE-2022-43421.json
View File

@ -57,6 +57,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2852", "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2852",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2852", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2852",
"refsource": "CONFIRM" "refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
} }
] ]
} }

5
2022/43xxx/CVE-2022-43422.json
View File

@ -57,6 +57,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2620", "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2620",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2620", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2620",
"refsource": "CONFIRM" "refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
} }
] ]
} }

5
2022/43xxx/CVE-2022-43423.json
View File

@ -57,6 +57,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2622", "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2622",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2622", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2622",
"refsource": "CONFIRM" "refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
} }
] ]
} }

5
2022/43xxx/CVE-2022-43424.json
View File

@ -57,6 +57,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2627", "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2627",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2627", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2627",
"refsource": "CONFIRM" "refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
} }
] ]
} }

5
2022/43xxx/CVE-2022-43425.json
View File

@ -61,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2797", "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2797",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2797", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2797",
"refsource": "CONFIRM" "refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
} }
] ]
} }

5
2022/43xxx/CVE-2022-43426.json
View File

@ -61,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2480", "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2480",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2480", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2480",
"refsource": "CONFIRM" "refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
} }
] ]
} }

5
2022/43xxx/CVE-2022-43427.json
View File

@ -61,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2623", "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2623",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2623", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2623",
"refsource": "CONFIRM" "refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
} }
] ]
} }

5
2022/43xxx/CVE-2022-43428.json
View File

@ -61,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2624", "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2624",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2624", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2624",
"refsource": "CONFIRM" "refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
} }
] ]
} }

5
2022/43xxx/CVE-2022-43429.json
View File

@ -61,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2624", "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2624",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2624", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2624",
"refsource": "CONFIRM" "refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
} }
] ]
} }

5
2022/43xxx/CVE-2022-43430.json
View File

@ -61,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2625", "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2625",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2625", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2625",
"refsource": "CONFIRM" "refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
} }
] ]
} }

5
2022/43xxx/CVE-2022-43431.json
View File

@ -61,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2631", "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2631",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2631", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2631",
"refsource": "CONFIRM" "refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
} }
] ]
} }

5
2022/43xxx/CVE-2022-43432.json
View File

@ -61,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2863", "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2863",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2863", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2863",
"refsource": "CONFIRM" "refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
} }
] ]
} }

5
2022/43xxx/CVE-2022-43433.json
View File

@ -61,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2864", "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2864",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2864", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2864",
"refsource": "CONFIRM" "refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
} }
] ]
} }

5
2022/43xxx/CVE-2022-43434.json
View File

@ -61,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2865", "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2865",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2865", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2865",
"refsource": "CONFIRM" "refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
} }
] ]
} }

5
2022/43xxx/CVE-2022-43435.json
View File

@ -61,6 +61,11 @@
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2866", "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2866",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2866", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2866",
"refsource": "CONFIRM" "refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
} }
] ]
} }

18
2022/43xxx/CVE-2022-43515.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-43515",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/43xxx/CVE-2022-43516.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-43516",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}