admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-02-12 22:03:11 +00:00
parent 00de4b0d9d
commit e5b8ffd700
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
6 changed files with 115 additions and 208 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
2022/46xxx/CVE-2022-46340.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in X.Org. The issue occurs due to the swap handler for the XTestFakeInput request of the XTest extension, possibly corrupting the stack if GenericEvents with lengths larger than 32 bytes are sent through the XTestFakeInput request. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where the client and server use the same byte order."
"value": "A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow",
"cweId": "CWE-121"
"value": "stack overflow"
}
]
}
@ -32,20 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "xorg-x11-server",
"version": {
"version_data": [
{
"version_value": "0:1.8.0-23.el7_9",
"version_affected": "!"
},
{
"version_value": "0:1.20.4-21.el7_9",
"version_affected": "!"
"version_affected": "=",
"version_value": "xorg-x11-server-1.20.4"
}
]
}
@ -63,6 +58,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-46340"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151755",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2151755"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/",
"refsource": "MISC",
@ -87,39 +87,6 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWTH3SNJ3GKYDSN7I3QDGWYEPSMWU6EP/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWTH3SNJ3GKYDSN7I3QDGWYEPSMWU6EP/"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:0045",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:0045"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:0046",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:0046"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151755",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2151755"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

55
2022/46xxx/CVE-2022-46342.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in X.Org. This flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions."
"value": "A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se"
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Use After Free",
"cweId": "CWE-416"
"value": "use-after-free"
}
]
}
@ -32,20 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "xorg-x11-server",
"version": {
"version_data": [
{
"version_value": "0:1.8.0-23.el7_9",
"version_affected": "!"
},
{
"version_value": "0:1.20.4-21.el7_9",
"version_affected": "!"
"version_affected": "=",
"version_value": "xorg-x11-server-1.20.4"
}
]
}
@ -58,6 +53,11 @@
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151757",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2151757"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-46342",
"refsource": "MISC",
@ -82,39 +82,6 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:0045",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:0045"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:0046",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:0046"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151757",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2151757"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

55
2022/46xxx/CVE-2022-46343.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in X.Org. This issue occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This flaw can lead to local privileges elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions."
"value": "A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Use After Free",
"cweId": "CWE-416"
"value": "use-after-free"
}
]
}
@ -32,20 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "xorg-x11-server",
"version": {
"version_data": [
{
"version_value": "0:1.8.0-23.el7_9",
"version_affected": "!"
},
{
"version_value": "0:1.20.4-21.el7_9",
"version_affected": "!"
"version_affected": "=",
"version_value": "xorg-x11-server-1.20.4"
}
]
}
@ -63,6 +58,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-46343"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151758",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2151758"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/",
"refsource": "MISC",
@ -82,39 +82,6 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:0045",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:0045"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:0046",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:0046"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151758",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2151758"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

52
2022/4xxx/CVE-2022-4415.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4415",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "systemd >= 247"
}
]
@ -30,37 +52,17 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.openwall.com/lists/oss-security/2022/12/21/3",
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2022/12/21/3",
"url": "https://www.openwall.com/lists/oss-security/2022/12/21/3"
"name": "https://www.openwall.com/lists/oss-security/2022/12/21/3"
},
{
"url": "https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c",
"refsource": "MISC",
"name": "https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c",
"url": "https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting."
"name": "https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c"
}
]
}

54
2022/4xxx/CVE-2022-4515.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4515",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Exuberant Ctags in the way it handles the \"-o\" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an unsafe way."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions are affected"
}
]
@ -30,37 +52,17 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://sourceforge.net/p/ctags/code/HEAD/tree/tags/ctags-5.8/sort.c#l56",
"refsource": "MISC",
"name": "https://sourceforge.net/p/ctags/code/HEAD/tree/tags/ctags-5.8/sort.c#l56",
"url": "https://sourceforge.net/p/ctags/code/HEAD/tree/tags/ctags-5.8/sort.c#l56"
"name": "https://sourceforge.net/p/ctags/code/HEAD/tree/tags/ctags-5.8/sort.c#l56"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20221231 [SECURITY] [DLA 3254-1] exuberant-ctags security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00040.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Exuberant Ctags in the way it handles the \"-o\" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an unsafe way."
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00040.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2022/12/msg00040.html"
}
]
}

52
2022/4xxx/CVE-2022-4543.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4543",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw named \"EntryBleed\" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all versions"
}
]
@ -30,37 +52,17 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.openwall.com/lists/oss-security/2022/12/16/3",
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2022/12/16/3",
"url": "https://www.openwall.com/lists/oss-security/2022/12/16/3"
"name": "https://www.openwall.com/lists/oss-security/2022/12/16/3"
},
{
"url": "https://www.willsroot.io/2022/12/entrybleed.html",
"refsource": "MISC",
"name": "https://www.willsroot.io/2022/12/entrybleed.html",
"url": "https://www.willsroot.io/2022/12/entrybleed.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw named \"EntryBleed\" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems."
"name": "https://www.willsroot.io/2022/12/entrybleed.html"
}
]
}