"-Synchronized-Data."

This commit is contained in:
CVE Team 2022-12-19 16:00:41 +00:00
parent 17c1e603b4
commit e2276f8dac
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
12 changed files with 482 additions and 54 deletions

View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://wpvulndb.com/vulnerabilities/10016",
"url": "https://wpvulndb.com/vulnerabilities/10016"
},
{
"refsource": "MISC",
"name": "https://wordpress.org/support/topic/security-issue-cve-2019-20180-for-tablepress/#post-16282996",
"url": "https://wordpress.org/support/topic/security-issue-cve-2019-20180-for-tablepress/#post-16282996"
}
]
}

View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-33640",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "securities@openeuler.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "libtar",
"version": {
"version_data": [
{
"version_value": "libtar-1.2.20-21 in openEuler 22.03 LTS and libtar-1.2.20-19 in openEuler 20.03 LTS"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-33640&packageName=libtar",
"url": "https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-33640&packageName=libtar"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function, it continues to use pointer t: free_longlink_longname(t->th_buf) . As a result, the released memory is used (use-after-free)."
}
]
}

View File

@ -1,18 +1,111 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "hsrc@hikvision.com",
"DATE_PUBLIC": "2022-12-16T07:00:00.000Z",
"ID": "CVE-2022-28173",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DS-3WF0AC-2NT",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "V1.1.0",
"version_value": "V1.1.0"
}
]
}
},
{
"product_name": "DS-3WF01C-2N/O",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "V1.0.4",
"version_value": "V1.0.4 "
}
]
}
}
]
},
"vendor_name": "hikvision"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Souvik Kandar, Arko Dhar"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The web server of some Hikvision wireless bridge products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/access-control-vulnerability-in-some-hikvision-wireless-bridge-products/",
"name": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/access-control-vulnerability-in-some-hikvision-wireless-bridge-products/"
}
]
},
"solution": [
{
"lang": "eng",
"value": "https://www.hikvision.com/content/dam/hikvision/en/support/cybersecyrity/security-advisory/DS-3WF0AC-2NT_V1.1.0-build220929_EN.bin"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-31683",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@vmware.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Concourse",
"version": {
"version_data": [
{
"version_value": "Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9)"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authorization Bypass vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/concourse/concourse/security/advisories/GHSA-5jp2-vwrj-99rf",
"url": "https://github.com/concourse/concourse/security/advisories/GHSA-5jp2-vwrj-99rf"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9) contains an authorization bypass issue. A Concourse user can send a request with body including :team_name=team2 to bypass team scope check to gain access to certain resources belong to any other team."
}
]
}

View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42945",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@autodesk.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "DWG TrueView",
"version": {
"version_data": [
{
"version_value": "2023"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Search Order Hijacking"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0024",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0024"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "DWG TrueViewTM 2023 version has a DLL Search Order Hijacking vulnerability. Successful exploitation by a malicious attacker could result in remote code execution on the target system."
}
]
}

View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42946",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@autodesk.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Autodesk Maya",
"version": {
"version_data": [
{
"version_value": "2023"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bound Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Parsing a maliciously crafted X_B and PRT file can force Autodesk Maya 2023 to read beyond allocated buffer. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
}
]
}

View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42947",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@autodesk.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Autodesk Maya",
"version": {
"version_data": [
{
"version_value": "2023"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bound Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A maliciously crafted X_B file when parsed through Autodesk Maya 2023 can be used to write beyond the allocated buffer. This vulnerability can lead to arbitrary code execution."
}
]
}

View File

@ -1,18 +1,106 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@solarwinds.com",
"DATE_PUBLIC": "2022-12-15T19:21:00.000Z",
"ID": "CVE-2022-47512",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Sensitive Data Disclosure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hybrid Cloud Observability (HCO)/ SolarWinds Platform",
"version": {
"version_data": [
{
"platform": "Windows ",
"version_affected": "=",
"version_name": "SolarWinds ",
"version_value": " 2022.4"
}
]
}
}
]
},
"vendor_name": "SolarWinds "
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "SolarWinds would like to thank our Thwack MVP's for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. No other versions are affected"
}
]
},
"generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-312 Cleartext Storage of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4-1_release_notes.htm",
"name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4-1_release_notes.htm"
},
{
"refsource": "MISC",
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-47512",
"name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-47512"
}
]
},
"solution": [
{
"lang": "eng",
"value": "SolarWinds has released a Service Release to address this vulnerability in Hybrid Cloud Observability (HCO)/ SolarWinds Platform (2022.4.1) "
}
],
"source": {
"discovery": "USER"
}
}

View File

@ -22,7 +22,7 @@
"version": {
"version_data": [
{
"version_value": "n\/a"
"version_value": "n/a"
}
]
}
@ -32,7 +32,7 @@
"version": {
"version_data": [
{
"version_value": "n\/a"
"version_value": "n/a"
}
]
}
@ -63,24 +63,30 @@
}
]
},
"credit": "Constantin M\u00fcller\/Jan Benninger\/Pascal Zenker",
"credit": "Constantin M\u00fcller/Jan Benninger/Pascal Zenker",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "1.9",
"vectorString": "CVSS:3.1\/AV:L\/AC:H\/PR:H\/UI:N\/S:U\/C:L\/I:N\/A:N"
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/modzero.com\/modlog\/archives\/2022\/12\/19\/better_make_sure_your_password_manager_is_secure\/index.html"
"url": "https://modzero.com/modlog/archives/2022/12/19/better_make_sure_your_password_manager_is_secure/index.html",
"refsource": "MISC",
"name": "https://modzero.com/modlog/archives/2022/12/19/better_make_sure_your_password_manager_is_secure/index.html"
},
{
"url": "https:\/\/www.modzero.com\/static\/MZ-22-03_Passwordstate_Security_Disclosure_Report-v1.0.pdf"
"url": "https://www.modzero.com/static/MZ-22-03_Passwordstate_Security_Disclosure_Report-v1.0.pdf",
"refsource": "MISC",
"name": "https://www.modzero.com/static/MZ-22-03_Passwordstate_Security_Disclosure_Report-v1.0.pdf"
},
{
"url": "https:\/\/vuldb.com\/?id.216272"
"url": "https://vuldb.com/?id.216272",
"refsource": "MISC",
"name": "https://vuldb.com/?id.216272"
}
]
}

View File

@ -22,7 +22,7 @@
"version": {
"version_data": [
{
"version_value": "n\/a"
"version_value": "n/a"
}
]
}
@ -32,7 +32,7 @@
"version": {
"version_data": [
{
"version_value": "n\/a"
"version_value": "n/a"
}
]
}
@ -63,21 +63,25 @@
}
]
},
"credit": "Constantin M\u00fcller\/Jan Benninger\/Pascal Zenker",
"credit": "Constantin M\u00fcller/Jan Benninger/Pascal Zenker",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "4.3",
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N"
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/modzero.com\/modlog\/archives\/2022\/12\/19\/better_make_sure_your_password_manager_is_secure\/index.html"
"url": "https://modzero.com/modlog/archives/2022/12/19/better_make_sure_your_password_manager_is_secure/index.html",
"refsource": "MISC",
"name": "https://modzero.com/modlog/archives/2022/12/19/better_make_sure_your_password_manager_is_secure/index.html"
},
{
"url": "https:\/\/vuldb.com\/?id.216273"
"url": "https://vuldb.com/?id.216273",
"refsource": "MISC",
"name": "https://vuldb.com/?id.216273"
}
]
}

View File

@ -22,7 +22,7 @@
"version": {
"version_data": [
{
"version_value": "n\/a"
"version_value": "n/a"
}
]
}
@ -32,7 +32,7 @@
"version": {
"version_data": [
{
"version_value": "n\/a"
"version_value": "n/a"
}
]
}
@ -63,24 +63,30 @@
}
]
},
"credit": "Constantin M\u00fcller\/Jan Benninger\/Pascal Zenker",
"credit": "Constantin M\u00fcller/Jan Benninger/Pascal Zenker",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "4.3",
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N"
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/modzero.com\/modlog\/archives\/2022\/12\/19\/better_make_sure_your_password_manager_is_secure\/index.html"
"url": "https://modzero.com/modlog/archives/2022/12/19/better_make_sure_your_password_manager_is_secure/index.html",
"refsource": "MISC",
"name": "https://modzero.com/modlog/archives/2022/12/19/better_make_sure_your_password_manager_is_secure/index.html"
},
{
"url": "https:\/\/www.modzero.com\/static\/MZ-22-03_Passwordstate_Security_Disclosure_Report-v1.0.pdf"
"url": "https://www.modzero.com/static/MZ-22-03_Passwordstate_Security_Disclosure_Report-v1.0.pdf",
"refsource": "MISC",
"name": "https://www.modzero.com/static/MZ-22-03_Passwordstate_Security_Disclosure_Report-v1.0.pdf"
},
{
"url": "https:\/\/vuldb.com\/?id.216274"
"url": "https://vuldb.com/?id.216274",
"refsource": "MISC",
"name": "https://vuldb.com/?id.216274"
}
]
}

View File

@ -22,7 +22,7 @@
"version": {
"version_data": [
{
"version_value": "n\/a"
"version_value": "n/a"
}
]
}
@ -32,7 +32,7 @@
"version": {
"version_data": [
{
"version_value": "n\/a"
"version_value": "n/a"
}
]
}
@ -63,24 +63,30 @@
}
]
},
"credit": "Constantin M\u00fcller\/Jan Benninger\/Pascal Zenker",
"credit": "Constantin M\u00fcller/Jan Benninger/Pascal Zenker",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "5.0",
"vectorString": "CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:R\/S:U\/C:L\/I:L\/A:L"
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/modzero.com\/modlog\/archives\/2022\/12\/19\/better_make_sure_your_password_manager_is_secure\/index.html"
"url": "https://modzero.com/modlog/archives/2022/12/19/better_make_sure_your_password_manager_is_secure/index.html",
"refsource": "MISC",
"name": "https://modzero.com/modlog/archives/2022/12/19/better_make_sure_your_password_manager_is_secure/index.html"
},
{
"url": "https:\/\/www.modzero.com\/static\/MZ-22-03_Passwordstate_Security_Disclosure_Report-v1.0.pdf"
"url": "https://www.modzero.com/static/MZ-22-03_Passwordstate_Security_Disclosure_Report-v1.0.pdf",
"refsource": "MISC",
"name": "https://www.modzero.com/static/MZ-22-03_Passwordstate_Security_Disclosure_Report-v1.0.pdf"
},
{
"url": "https:\/\/vuldb.com\/?id.216275"
"url": "https://vuldb.com/?id.216275",
"refsource": "MISC",
"name": "https://vuldb.com/?id.216275"
}
]
}