diff --git a/2021/33xxx/CVE-2021-33430.json b/2021/33xxx/CVE-2021-33430.json index 87740a64555..0d3fa650669 100644 --- a/2021/33xxx/CVE-2021-33430.json +++ b/2021/33xxx/CVE-2021-33430.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArray_NewFromDescr_int function of ctors.c when specifying arrays of large dimensions (over 32) from Python code, which could let a malicious user cause a Denial of Service." + "value": "** DISPUTED ** A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArray_NewFromDescr_int function of ctors.c when specifying arrays of large dimensions (over 32) from Python code, which could let a malicious user cause a Denial of Service. NOTE: The vendor does not agree this is a vulneraility; In (very limited) circumstances a user may be able provoke the buffer overflow, the user is most likely already privileged to at least provoke denial of service by exhausting memory. Triggering this further requires the use of uncommon API (complicated structured dtypes), which is very unlikely to be available to an unprivileged user." } ] }, diff --git a/2021/41xxx/CVE-2021-41496.json b/2021/41xxx/CVE-2021-41496.json index 97c31dac752..c86cc8898c9 100644 --- a/2021/41xxx/CVE-2021-41496.json +++ b/2021/41xxx/CVE-2021-41496.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy < 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values." + "value": "** DISPUTED ** Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy < 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values. NOTE: The vendor does not agree this is a vulnerability; the negative dimensions can only be created by an already privileged user (or internally)." } ] }, diff --git a/2022/0xxx/CVE-2022-0514.json b/2022/0xxx/CVE-2022-0514.json new file mode 100644 index 00000000000..11220a9c14d --- /dev/null +++ b/2022/0xxx/CVE-2022-0514.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-0514", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0515.json b/2022/0xxx/CVE-2022-0515.json new file mode 100644 index 00000000000..1ff8ea409bb --- /dev/null +++ b/2022/0xxx/CVE-2022-0515.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-0515", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22931.json b/2022/22xxx/CVE-2022-22931.json index 93bde04c4fa..7f67e56f66e 100644 --- a/2022/22xxx/CVE-2022-22931.json +++ b/2022/22xxx/CVE-2022-22931.json @@ -33,7 +33,7 @@ "credit": [ { "lang": "eng", - "value": "These issues were discovered and reported by GHSL team member Jaroslav Lobačevski" + "value": "These issues were discovered and reported by GHSL team member Jaroslav Loba\u010devski" } ], "data_format": "MITRE", @@ -43,7 +43,7 @@ "description_data": [ { "lang": "eng", - "value": "Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations.\n\nAffected implementations include:\n - maildir mailbox store\n - Sieve file repository\n\nThis enables a user to access other users data stores (limited to user names being prefixed by the value of the username being used)." + "value": "Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. Affected implementations include: - maildir mailbox store - Sieve file repository This enables a user to access other users data stores (limited to user names being prefixed by the value of the username being used)." } ] }, @@ -70,12 +70,14 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://lists.apache.org/thread/bp8yql4wws56jlh0vxoowj7foothsmpr" + "refsource": "MISC", + "url": "https://lists.apache.org/thread/bp8yql4wws56jlh0vxoowj7foothsmpr", + "name": "https://lists.apache.org/thread/bp8yql4wws56jlh0vxoowj7foothsmpr" }, { - "refsource": "CONFIRM", - "url": "https://www.openwall.com/lists/oss-security/2022/02/07/1" + "refsource": "MISC", + "url": "https://www.openwall.com/lists/oss-security/2022/02/07/1", + "name": "https://www.openwall.com/lists/oss-security/2022/02/07/1" } ] },