admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-11-14 22:00:32 +00:00
parent 4c3cdb9243
commit daabf94c24
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
10 changed files with 588 additions and 104 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

190
2022/2xxx/CVE-2022-2758.json
View File

@ -1,45 +1,15 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2758",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "20220816T00:00:00.000000Z",
"TITLE": "",
"AKA": "",
"STATE": "PUBLIC"
},
"source": {
"discovery": "UNKNOWN",
"defect": [],
"advisory": ""
"DATE_PUBLIC": "2022-08-16T18:21:00.000Z",
"ID": "CVE-2022-2758",
"STATE": "PUBLIC",
"TITLE": "Update"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "LS Electric",
"product": {
"product_data": [
{
"product_name": "PLC",
"version": {
"version_data": [
{
"version_name": "All",
"version_affected": "=",
"version_value": "All versions",
"platform": ""
}
]
}
}
]
}
},
{
"vendor_name": "LS Electric",
"product": {
"product_data": [
{
@ -47,20 +17,128 @@
"version": {
"version_data": [
{
"version_name": "All",
"version_affected": "=",
"version_value": "All versions",
"platform": ""
"version_affected": "<",
"version_name": "All versions",
"version_value": "V4.0"
}
]
}
},
{
"product_name": "PLC: XGB-XECH",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "All versions",
"version_value": "V1.30"
}
]
}
},
{
"product_name": "PLC: XGB-XBCH",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "All versions",
"version_value": "V1.90"
}
]
}
},
{
"product_name": "PLC: XGB-XBMS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "All versions",
"version_value": "V3.00"
}
]
}
},
{
"product_name": "PLC: XGR-CPUH",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "All versions",
"version_value": "V1.80"
}
]
}
},
{
"product_name": "PLC: XGI-CPUU/UD/H/S/E",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "All versions",
"version_value": "V3.20"
}
]
}
},
{
"product_name": "PLC: XGK-CPUU/H/A/S/E",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "All versions",
"version_value": "V3.50"
}
]
}
}
]
}
},
"vendor_name": "LS Industrial Systems (LSIS) Co. Ltd LS Electric"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Hong-Gi Kin of the Korea Internet & Security Agency (KISA) reported this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Passwords are not adequately encrypted during the communication process between all versions of LS Industrial Systems (LSIS) Co. Ltd LS Electric XG5000 software prior to V4.0 and LS Electric PLCs: all versions of XGK-CPUU/H/A/S/E prior to V3.50, all versions of XGI-CPUU/UD/H/S/E prior to V3.20, all versions of XGR-CPUH prior to V1.80, all versions of XGB-XBMS prior to V3.00, all versions of XGB-XBCH prior to V1.90, and all versions of XGB-XECH prior to V1.30. This would allow an attacker to identify and decrypt the password of the affected PLCs by sniffing the PLC\u2019s communication traffic."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
@ -73,40 +151,16 @@
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "All versions of LS Industrial Systems (LSIS) Co. Ltd LS Electric PLCs and XG5000 PLC programming software are affected where passwords are not adequately encrypted during the communication process between the XG5000 software and the affected PLC. This would allow an attacker to identify and decrypt the affected PLC\u2019s password by sniffing the traffic."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-02",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-02"
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-02",
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-02"
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
}
},
"work_around": [],
"solution": [],
"credit": []
"source": {
"discovery": "UNKNOWN"
}
}

61
2022/30xxx/CVE-2022-30773.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-30773",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-30773",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack). DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack). This issue was discovered by Insyde engineering. This issue is fixed in Kernel 5.4: 05.44.23 and Kernel 5.5: 05.52.23. CWE-367"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.insyde.com/security-pledge",
"refsource": "MISC",
"name": "https://www.insyde.com/security-pledge"
},
{
"refsource": "MISC",
"name": "https://www.insyde.com/security-pledge/SA-2022042",
"url": "https://www.insyde.com/security-pledge/SA-2022042"
}
]
}

64
2022/32xxx/CVE-2022-32266.json
View File

@ -1,18 +1,70 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-32266",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-32266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. The attack would require detailed knowledge of the PCD database contents on the current platform. This issue was discovered by Insyde engineering during a security review. This issue is fixed in Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23, Kernel 5.5: 05.52.23. Kernel 5.2 is unaffected. CWE-787 An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the parameter buffer that is used by a software SMI handler (used by the PcdSmmDxe driver) could lead to a TOCTOU race-condition attack on the SMI handler, and lead to corruption of other ACPI fields and adjacent memory fields. The attack would require detailed knowledge of the PCD database contents on the current platform."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.insyde.com/security-pledge",
"refsource": "MISC",
"name": "https://www.insyde.com/security-pledge"
},
{
"refsource": "MISC",
"name": "https://www.insyde.com/security-pledge/SA-2022045",
"url": "https://www.insyde.com/security-pledge/SA-2022045"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

47
2022/37xxx/CVE-2022-37680.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "An access control issue in Hitachi Kokusai Electric Inc ISnex HC-IP9100HD Version 1.07 and below allows attackers to remotely reboot the device via a crafted POST request to the endpoint /ptipupgrade.cgi."
"value": "An improper authentication for critical function issue in Hitachi Kokusai Electric Network products for monitoring system (Camera, Decoder and Encoder) and bellow allows attckers to remotely reboot the device via a crafted POST request to the endpoint /ptipupgrade.cgi. Security information ID hitachi-sec-2022-001 contains fixes for the issue."
}
]
},
@ -53,15 +53,50 @@
},
"references": {
"reference_data": [
{
"url": "https://www.hitachi-kokusai.co.jp/global/en/products/camera/network/index.html",
"refsource": "MISC",
"name": "https://www.hitachi-kokusai.co.jp/global/en/products/camera/network/index.html"
},
{
"url": "https://gist.github.com/Nwqda/5efea18c9142c6a966d85c6be2c0c2b5",
"refsource": "MISC",
"name": "https://gist.github.com/Nwqda/5efea18c9142c6a966d85c6be2c0c2b5"
},
{
"url": "https://www.hitachi-kokusai.co.jp/global/en/products/info/vulnerable/hitachi-sec-2022-001/index.html",
"refsource": "MISC",
"name": "https://www.hitachi-kokusai.co.jp/global/en/products/info/vulnerable/hitachi-sec-2022-001/index.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "hitachi-sec-2022-001",
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Thomas Knudsen"
},
{
"lang": "en",
"value": "Samy Younsi"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

47
2022/37xxx/CVE-2022-37681.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Hitachi Kokusai Electric Inc ISnex HC-IP9100HD Version 1.07 and below allows attackers to perform a directory traversal via a crafted GET request to the endpoint /ptippage.cgi."
"value": "Hitachi Kokusai Electric Newtork products for monitoring system (Camera, Decoder and Encoder) and below allows attckers to perform a directory traversal via a crafted GET request to the endpoint /ptippage.cgi. Security information ID hitachi-sec-2022-001 contains fixes for the issue."
}
]
},
@ -53,15 +53,50 @@
},
"references": {
"reference_data": [
{
"url": "https://www.hitachi-kokusai.co.jp/global/en/products/camera/network/index.html",
"refsource": "MISC",
"name": "https://www.hitachi-kokusai.co.jp/global/en/products/camera/network/index.html"
},
{
"url": "https://gist.github.com/Nwqda/5efea18c9142c6a966d85c6be2c0c2b5",
"refsource": "MISC",
"name": "https://gist.github.com/Nwqda/5efea18c9142c6a966d85c6be2c0c2b5"
},
{
"url": "https://www.hitachi-kokusai.co.jp/global/en/products/info/vulnerable/hitachi-sec-2022-001/index.html",
"refsource": "MISC",
"name": "https://www.hitachi-kokusai.co.jp/global/en/products/info/vulnerable/hitachi-sec-2022-001/index.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "hitachi-sec-2022-001",
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Thomas Knudsen"
},
{
"lang": "en",
"value": "Samy Younsi"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

61
2022/43xxx/CVE-2022-43294.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-43294",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-43294",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tasmota before commit 066878da4d4762a9b6cb169fdf353e804d735cfd was discovered to contain a stack overflow via the ClientPortPtr parameter at lib/libesp32/rtsp/CRtspSession.cpp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/arendst/Tasmota/pull/16802/commits/066878da4d4762a9b6cb169fdf353e804d735cfd",
"refsource": "MISC",
"name": "https://github.com/arendst/Tasmota/pull/16802/commits/066878da4d4762a9b6cb169fdf353e804d735cfd"
},
{
"url": "https://github.com/arendst/Tasmota/pull/16802",
"refsource": "MISC",
"name": "https://github.com/arendst/Tasmota/pull/16802"
}
]
}

68
2022/43xxx/CVE-2022-43686.json
View File

@ -5,13 +5,77 @@
"CVE_data_meta": {
"ID": "CVE-2022-43686",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/concretecms/concretecms/releases/9.1.3",
"url": "https://github.com/concretecms/concretecms/releases/9.1.3"
},
{
"refsource": "MISC",
"name": "https://github.com/concretecms/concretecms/releases/8.5.10",
"url": "https://github.com/concretecms/concretecms/releases/8.5.10"
},
{
"refsource": "MISC",
"name": "https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes",
"url": "https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes"
},
{
"refsource": "MISC",
"name": "https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes",
"url": "https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes"
},
{
"refsource": "MISC",
"name": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31",
"url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2, the authTypeConcreteCookieMap table can be filled up causing a denial of service (high load)."
}
]
}

68
2022/43xxx/CVE-2022-43967.json
View File

@ -5,13 +5,77 @@
"CVE_data_meta": {
"ID": "CVE-2022-43967",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/concretecms/concretecms/releases/9.1.3",
"url": "https://github.com/concretecms/concretecms/releases/9.1.3"
},
{
"refsource": "MISC",
"name": "https://github.com/concretecms/concretecms/releases/8.5.10",
"url": "https://github.com/concretecms/concretecms/releases/8.5.10"
},
{
"refsource": "MISC",
"name": "https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes",
"url": "https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes"
},
{
"refsource": "MISC",
"name": "https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes",
"url": "https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes"
},
{
"refsource": "MISC",
"name": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31",
"url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the multilingual report due to un-sanitized output. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+."
}
]
}

68
2022/43xxx/CVE-2022-43968.json
View File

@ -5,13 +5,77 @@
"CVE_data_meta": {
"ID": "CVE-2022-43968",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/concretecms/concretecms/releases/9.1.3",
"url": "https://github.com/concretecms/concretecms/releases/9.1.3"
},
{
"refsource": "MISC",
"name": "https://github.com/concretecms/concretecms/releases/8.5.10",
"url": "https://github.com/concretecms/concretecms/releases/8.5.10"
},
{
"refsource": "MISC",
"name": "https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes",
"url": "https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes"
},
{
"refsource": "MISC",
"name": "https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes",
"url": "https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes"
},
{
"refsource": "MISC",
"name": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31",
"url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the dashboard icons due to un-sanitized output. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+."
}
]
}

18
2022/45xxx/CVE-2022-45435.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-45435",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}