diff --git a/2019/17xxx/CVE-2019-17571.json b/2019/17xxx/CVE-2019-17571.json index 48441bec7ee..6eee9b1bf03 100644 --- a/2019/17xxx/CVE-2019-17571.json +++ b/2019/17xxx/CVE-2019-17571.json @@ -605,7 +605,9 @@ "name": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] }, diff --git a/2019/20xxx/CVE-2019-20388.json b/2019/20xxx/CVE-2019-20388.json index d7fd42a999f..c90f5dda887 100644 --- a/2019/20xxx/CVE-2019-20388.json +++ b/2019/20xxx/CVE-2019-20388.json @@ -108,7 +108,9 @@ "name": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } diff --git a/2019/20xxx/CVE-2019-20916.json b/2019/20xxx/CVE-2019-20916.json index 60924b52e0d..3ad4aabebaf 100644 --- a/2019/20xxx/CVE-2019-20916.json +++ b/2019/20xxx/CVE-2019-20916.json @@ -88,7 +88,9 @@ "name": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } diff --git a/2019/9xxx/CVE-2019-9636.json b/2019/9xxx/CVE-2019-9636.json index 0548bfe0243..76586a6349c 100644 --- a/2019/9xxx/CVE-2019-9636.json +++ b/2019/9xxx/CVE-2019-9636.json @@ -52,26 +52,11 @@ }, "references": { "reference_data": [ - { - "name": "https://github.com/python/cpython/pull/12201", - "refsource": "MISC", - "url": "https://github.com/python/cpython/pull/12201" - }, - { - "name": "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html", - "refsource": "MISC", - "url": "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html" - }, { "name": "107400", "refsource": "BID", "url": "http://www.securityfocus.com/bid/107400" }, - { - "name": "https://bugs.python.org/issue36216", - "refsource": "MISC", - "url": "https://bugs.python.org/issue36216" - }, { "refsource": "FEDORA", "name": "FEDORA-2019-243442e600", @@ -172,11 +157,6 @@ "name": "FEDORA-2019-1ffd6b6064", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/" }, - { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190517-0001/", - "url": "https://security.netapp.com/advisory/ntap-20190517-0001/" - }, { "refsource": "FEDORA", "name": "FEDORA-2019-ec26883852", @@ -282,11 +262,6 @@ "name": "FEDORA-2019-57462fa10d", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/" }, - { - "url": "https://www.oracle.com/security-alerts/cpujan2020.html", - "refsource": "MISC", - "name": "https://www.oracle.com/security-alerts/cpujan2020.html" - }, { "refsource": "SUSE", "name": "openSUSE-SU-2020:0086", @@ -297,6 +272,11 @@ "name": "GLSA-202003-26", "url": "https://security.gentoo.org/glsa/202003-26" }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, { "refsource": "MLIST", "name": "[debian-lts-announce] 20200715 [SECURITY] [DLA 2280-1] python3.5 security update", @@ -308,7 +288,29 @@ "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" + }, + { + "name": "https://github.com/python/cpython/pull/12201", + "refsource": "MISC", + "url": "https://github.com/python/cpython/pull/12201" + }, + { + "name": "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html", + "refsource": "MISC", + "url": "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html" + }, + { + "name": "https://bugs.python.org/issue36216", + "refsource": "MISC", + "url": "https://bugs.python.org/issue36216" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190517-0001/", + "url": "https://security.netapp.com/advisory/ntap-20190517-0001/" } ] } diff --git a/2019/9xxx/CVE-2019-9740.json b/2019/9xxx/CVE-2019-9740.json index 390af324b77..756d80acbc3 100644 --- a/2019/9xxx/CVE-2019-9740.json +++ b/2019/9xxx/CVE-2019-9740.json @@ -52,11 +52,6 @@ }, "references": { "reference_data": [ - { - "name": "https://bugs.python.org/issue36276", - "refsource": "MISC", - "url": "https://bugs.python.org/issue36276" - }, { "refsource": "BID", "name": "107466", @@ -77,11 +72,6 @@ "name": "FEDORA-2019-ec26883852", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/" }, - { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20190619-0005/", - "url": "https://security.netapp.com/advisory/ntap-20190619-0005/" - }, { "refsource": "MLIST", "name": "[debian-lts-announce] 20190625 [SECURITY] [DLA 1834-1] python2.7 security update", @@ -137,11 +127,6 @@ "name": "20191021 [slackware-security] python (SSA:2019-293-01)", "url": "https://seclists.org/bugtraq/2019/Oct/29" }, - { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html", - "url": "http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html" - }, { "refsource": "REDHAT", "name": "RHSA-2019:3335", @@ -187,13 +172,30 @@ "name": "[debian-lts-announce] 20200822 [SECURITY] [DLA 2337-1] python2.7 security update", "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html" }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html", + "url": "http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html" + }, { "refsource": "MLIST", "name": "[oss-security] 20210204 [CVE-2020-15693, CVE-2020-15694] Nim - stdlib Httpclient - Header Crlf Injection & Server Response Validation", "url": "http://www.openwall.com/lists/oss-security/2021/02/04/2" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" + }, + { + "name": "https://bugs.python.org/issue36276", + "refsource": "MISC", + "url": "https://bugs.python.org/issue36276" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190619-0005/", + "url": "https://security.netapp.com/advisory/ntap-20190619-0005/" } ] } diff --git a/2020/0xxx/CVE-2020-0404.json b/2020/0xxx/CVE-2020-0404.json index e7a3dc319ae..16caebcf542 100644 --- a/2020/0xxx/CVE-2020-0404.json +++ b/2020/0xxx/CVE-2020-0404.json @@ -60,7 +60,9 @@ "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] }, diff --git a/2020/10xxx/CVE-2020-10683.json b/2020/10xxx/CVE-2020-10683.json index f07ac48d186..cb986bb767c 100644 --- a/2020/10xxx/CVE-2020-10683.json +++ b/2020/10xxx/CVE-2020-10683.json @@ -148,7 +148,9 @@ "name": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } diff --git a/2020/11xxx/CVE-2020-11022.json b/2020/11xxx/CVE-2020-11022.json index d8f0fe98806..e5e13d65e04 100644 --- a/2020/11xxx/CVE-2020-11022.json +++ b/2020/11xxx/CVE-2020-11022.json @@ -275,7 +275,9 @@ "name": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] }, diff --git a/2020/11xxx/CVE-2020-11023.json b/2020/11xxx/CVE-2020-11023.json index 9ce921f311a..4c9d20de3a4 100644 --- a/2020/11xxx/CVE-2020-11023.json +++ b/2020/11xxx/CVE-2020-11023.json @@ -385,7 +385,9 @@ "name": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] }, diff --git a/2020/11xxx/CVE-2020-11987.json b/2020/11xxx/CVE-2020-11987.json index 376005d76d5..74126170b8f 100644 --- a/2020/11xxx/CVE-2020-11987.json +++ b/2020/11xxx/CVE-2020-11987.json @@ -90,7 +90,9 @@ "name": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] }, diff --git a/2020/13xxx/CVE-2020-13974.json b/2020/13xxx/CVE-2020-13974.json index 66302903db9..803a5db8f1b 100644 --- a/2020/13xxx/CVE-2020-13974.json +++ b/2020/13xxx/CVE-2020-13974.json @@ -52,16 +52,6 @@ }, "references": { "reference_data": [ - { - "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b86dab054059b970111b5516ae548efaae5b3aae", - "refsource": "MISC", - "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b86dab054059b970111b5516ae548efaae5b3aae" - }, - { - "url": "https://lkml.org/lkml/2020/3/22/482", - "refsource": "MISC", - "name": "https://lkml.org/lkml/2020/3/22/482" - }, { "refsource": "SUSE", "name": "openSUSE-SU-2020:0935", @@ -102,13 +92,25 @@ "name": "USN-4485-1", "url": "https://usn.ubuntu.com/4485-1/" }, + { + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" + }, + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b86dab054059b970111b5516ae548efaae5b3aae", + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b86dab054059b970111b5516ae548efaae5b3aae" + }, + { + "url": "https://lkml.org/lkml/2020/3/22/482", + "refsource": "MISC", + "name": "https://lkml.org/lkml/2020/3/22/482" + }, { "refsource": "MISC", "name": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=dad0bf9ce93fa40b667eccd3306783f4db4b932b", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=dad0bf9ce93fa40b667eccd3306783f4db4b932b" - }, - { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } diff --git a/2020/14xxx/CVE-2020-14343.json b/2020/14xxx/CVE-2020-14343.json index ebed0295c9f..a89a4079a7e 100644 --- a/2020/14xxx/CVE-2020-14343.json +++ b/2020/14xxx/CVE-2020-14343.json @@ -55,7 +55,9 @@ "name": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] }, diff --git a/2020/17xxx/CVE-2020-17521.json b/2020/17xxx/CVE-2020-17521.json index c13411ba718..39fb70a7634 100644 --- a/2020/17xxx/CVE-2020-17521.json +++ b/2020/17xxx/CVE-2020-17521.json @@ -109,7 +109,9 @@ "name": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] }, diff --git a/2020/1xxx/CVE-2020-1747.json b/2020/1xxx/CVE-2020-1747.json index a1f8fdf2ac1..81e8728fee0 100644 --- a/2020/1xxx/CVE-2020-1747.json +++ b/2020/1xxx/CVE-2020-1747.json @@ -44,16 +44,6 @@ }, "references": { "reference_data": [ - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1747", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1747", - "refsource": "CONFIRM" - }, - { - "url": "https://github.com/yaml/pyyaml/pull/386", - "name": "https://github.com/yaml/pyyaml/pull/386", - "refsource": "MISC" - }, { "refsource": "FEDORA", "name": "FEDORA-2020-40c35d7b37", @@ -90,7 +80,19 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7PPAS6C4SZRDQLR7C22A5U3QOLXY33JX/" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1747", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1747", + "refsource": "CONFIRM" + }, + { + "url": "https://github.com/yaml/pyyaml/pull/386", + "name": "https://github.com/yaml/pyyaml/pull/386", + "refsource": "MISC" } ] }, diff --git a/2020/1xxx/CVE-2020-1927.json b/2020/1xxx/CVE-2020-1927.json index 4225cc03423..4f7400ea8af 100644 --- a/2020/1xxx/CVE-2020-1927.json +++ b/2020/1xxx/CVE-2020-1927.json @@ -175,7 +175,9 @@ "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] }, diff --git a/2020/24xxx/CVE-2020-24977.json b/2020/24xxx/CVE-2020-24977.json index 48cc4431357..6071397829e 100644 --- a/2020/24xxx/CVE-2020-24977.json +++ b/2020/24xxx/CVE-2020-24977.json @@ -158,7 +158,9 @@ "name": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } diff --git a/2020/25xxx/CVE-2020-25638.json b/2020/25xxx/CVE-2020-25638.json index 7f115137371..1f918ce4aa9 100644 --- a/2020/25xxx/CVE-2020-25638.json +++ b/2020/25xxx/CVE-2020-25638.json @@ -80,7 +80,9 @@ "name": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] }, diff --git a/2020/25xxx/CVE-2020-25649.json b/2020/25xxx/CVE-2020-25649.json index 15b220d65f9..c7b0987a84c 100644 --- a/2020/25xxx/CVE-2020-25649.json +++ b/2020/25xxx/CVE-2020-25649.json @@ -395,7 +395,9 @@ "name": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] }, diff --git a/2020/25xxx/CVE-2020-25659.json b/2020/25xxx/CVE-2020-25659.json index be9769efeaa..3b71d93d7f2 100644 --- a/2020/25xxx/CVE-2020-25659.json +++ b/2020/25xxx/CVE-2020-25659.json @@ -55,7 +55,9 @@ "name": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] }, diff --git a/2020/26xxx/CVE-2020-26137.json b/2020/26xxx/CVE-2020-26137.json index a61f8d5fcf9..31649aabe1a 100644 --- a/2020/26xxx/CVE-2020-26137.json +++ b/2020/26xxx/CVE-2020-26137.json @@ -83,7 +83,9 @@ "name": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } diff --git a/2020/26xxx/CVE-2020-26184.json b/2020/26xxx/CVE-2020-26184.json index 8a76d354f67..b2aa7eb9ca8 100644 --- a/2020/26xxx/CVE-2020-26184.json +++ b/2020/26xxx/CVE-2020-26184.json @@ -68,7 +68,9 @@ "name": "https://www.dell.com/support/article/en-us/sln322935/dsa-2020-245-dell-bsafe-micro-edition-suite-multiple-vulnerabilities?lang=en" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } diff --git a/2020/26xxx/CVE-2020-26185.json b/2020/26xxx/CVE-2020-26185.json index 2395b08e347..4c63ece4698 100644 --- a/2020/26xxx/CVE-2020-26185.json +++ b/2020/26xxx/CVE-2020-26185.json @@ -68,7 +68,9 @@ "name": "https://www.dell.com/support/article/en-us/sln322935/dsa-2020-245-dell-bsafe-micro-edition-suite-multiple-vulnerabilities?lang=en" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } diff --git a/2020/26xxx/CVE-2020-26237.json b/2020/26xxx/CVE-2020-26237.json index 033d7627ac5..65aca8c3b59 100644 --- a/2020/26xxx/CVE-2020-26237.json +++ b/2020/26xxx/CVE-2020-26237.json @@ -98,7 +98,9 @@ "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00041.html" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] }, diff --git a/2020/27xxx/CVE-2020-27619.json b/2020/27xxx/CVE-2020-27619.json index 34bb75606f8..aca745069bc 100644 --- a/2020/27xxx/CVE-2020-27619.json +++ b/2020/27xxx/CVE-2020-27619.json @@ -82,11 +82,6 @@ "refsource": "MISC", "name": "https://github.com/python/cpython/commit/e912e945f2960029d039d3390ea08835ad39374b" }, - { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20201123-0004/", - "url": "https://security.netapp.com/advisory/ntap-20201123-0004/" - }, { "refsource": "MLIST", "name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", @@ -113,7 +108,14 @@ "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20201123-0004/", + "url": "https://security.netapp.com/advisory/ntap-20201123-0004/" } ] } diff --git a/2020/27xxx/CVE-2020-27820.json b/2020/27xxx/CVE-2020-27820.json index 1e7660a1843..d1c3f87164c 100644 --- a/2020/27xxx/CVE-2020-27820.json +++ b/2020/27xxx/CVE-2020-27820.json @@ -65,7 +65,9 @@ "url": "https://lore.kernel.org/dri-devel/20201103194912.184413-4-jcline@redhat.com/" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] }, diff --git a/2020/28xxx/CVE-2020-28052.json b/2020/28xxx/CVE-2020-28052.json index 2fe5c70833d..aeb55976b9c 100644 --- a/2020/28xxx/CVE-2020-28052.json +++ b/2020/28xxx/CVE-2020-28052.json @@ -178,7 +178,9 @@ "name": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } diff --git a/2020/28xxx/CVE-2020-28491.json b/2020/28xxx/CVE-2020-28491.json index 54b5d9fcff1..cf0867a0b22 100644 --- a/2020/28xxx/CVE-2020-28491.json +++ b/2020/28xxx/CVE-2020-28491.json @@ -75,7 +75,9 @@ "name": "https://github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f269c8abec6930652af67bc8e6" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] }, diff --git a/2020/28xxx/CVE-2020-28500.json b/2020/28xxx/CVE-2020-28500.json index e6021df3f71..6d80baa46eb 100644 --- a/2020/28xxx/CVE-2020-28500.json +++ b/2020/28xxx/CVE-2020-28500.json @@ -107,7 +107,9 @@ "name": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] }, diff --git a/2020/29xxx/CVE-2020-29396.json b/2020/29xxx/CVE-2020-29396.json index 287acfbacdb..a1f4121baa8 100644 --- a/2020/29xxx/CVE-2020-29396.json +++ b/2020/29xxx/CVE-2020-29396.json @@ -122,7 +122,9 @@ "name": "https://github.com/odoo/odoo/issues/63712" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] }, diff --git a/2020/29xxx/CVE-2020-29505.json b/2020/29xxx/CVE-2020-29505.json index a931a728dd7..17e6f6388a7 100644 --- a/2020/29xxx/CVE-2020-29505.json +++ b/2020/29xxx/CVE-2020-29505.json @@ -68,7 +68,9 @@ "name": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } diff --git a/2020/29xxx/CVE-2020-29506.json b/2020/29xxx/CVE-2020-29506.json index 6b59a676c90..fe397cae836 100644 --- a/2020/29xxx/CVE-2020-29506.json +++ b/2020/29xxx/CVE-2020-29506.json @@ -68,7 +68,9 @@ "name": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } diff --git a/2020/29xxx/CVE-2020-29507.json b/2020/29xxx/CVE-2020-29507.json index 0f1f097f608..1c60949e324 100644 --- a/2020/29xxx/CVE-2020-29507.json +++ b/2020/29xxx/CVE-2020-29507.json @@ -68,7 +68,9 @@ "name": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } diff --git a/2020/29xxx/CVE-2020-29508.json b/2020/29xxx/CVE-2020-29508.json index c08300692ec..2a060455f56 100644 --- a/2020/29xxx/CVE-2020-29508.json +++ b/2020/29xxx/CVE-2020-29508.json @@ -68,7 +68,9 @@ "name": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } diff --git a/2020/29xxx/CVE-2020-29651.json b/2020/29xxx/CVE-2020-29651.json index 0132658242c..323c0641068 100644 --- a/2020/29xxx/CVE-2020-29651.json +++ b/2020/29xxx/CVE-2020-29651.json @@ -78,7 +78,9 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHDTINIBJZ67T3W74QTBIY5LPKAXEOGR/" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } diff --git a/2020/35xxx/CVE-2020-35163.json b/2020/35xxx/CVE-2020-35163.json index d4e1e6a1ddf..b48ee72695a 100644 --- a/2020/35xxx/CVE-2020-35163.json +++ b/2020/35xxx/CVE-2020-35163.json @@ -68,7 +68,9 @@ "name": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } diff --git a/2020/35xxx/CVE-2020-35164.json b/2020/35xxx/CVE-2020-35164.json index 5a2ba4c8e08..a627e650481 100644 --- a/2020/35xxx/CVE-2020-35164.json +++ b/2020/35xxx/CVE-2020-35164.json @@ -68,7 +68,9 @@ "name": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } diff --git a/2020/35xxx/CVE-2020-35166.json b/2020/35xxx/CVE-2020-35166.json index 1e1d89435da..bebe4cf6227 100644 --- a/2020/35xxx/CVE-2020-35166.json +++ b/2020/35xxx/CVE-2020-35166.json @@ -68,7 +68,9 @@ "name": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } diff --git a/2020/35xxx/CVE-2020-35167.json b/2020/35xxx/CVE-2020-35167.json index 2c1787b987e..d840f571b63 100644 --- a/2020/35xxx/CVE-2020-35167.json +++ b/2020/35xxx/CVE-2020-35167.json @@ -68,7 +68,9 @@ "name": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } diff --git a/2020/35xxx/CVE-2020-35168.json b/2020/35xxx/CVE-2020-35168.json index 7a5948b226b..ac3ad0db3be 100644 --- a/2020/35xxx/CVE-2020-35168.json +++ b/2020/35xxx/CVE-2020-35168.json @@ -68,7 +68,9 @@ "name": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } diff --git a/2020/35xxx/CVE-2020-35169.json b/2020/35xxx/CVE-2020-35169.json index e7a93a2a93b..ce92deac4db 100644 --- a/2020/35xxx/CVE-2020-35169.json +++ b/2020/35xxx/CVE-2020-35169.json @@ -68,7 +68,9 @@ "name": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } diff --git a/2020/35xxx/CVE-2020-35490.json b/2020/35xxx/CVE-2020-35490.json index 1f51f1f9b4b..adf769eb91a 100644 --- a/2020/35xxx/CVE-2020-35490.json +++ b/2020/35xxx/CVE-2020-35490.json @@ -98,7 +98,9 @@ "name": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } diff --git a/2020/35xxx/CVE-2020-35491.json b/2020/35xxx/CVE-2020-35491.json index a6006322508..e463fa53de1 100644 --- a/2020/35xxx/CVE-2020-35491.json +++ b/2020/35xxx/CVE-2020-35491.json @@ -98,7 +98,9 @@ "name": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } diff --git a/2020/35xxx/CVE-2020-35728.json b/2020/35xxx/CVE-2020-35728.json index 2c22eed8252..0d2ee310b2b 100644 --- a/2020/35xxx/CVE-2020-35728.json +++ b/2020/35xxx/CVE-2020-35728.json @@ -98,7 +98,9 @@ "name": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } diff --git a/2020/36xxx/CVE-2020-36179.json b/2020/36xxx/CVE-2020-36179.json index 6ad2fb30fb8..5cc53fb95db 100644 --- a/2020/36xxx/CVE-2020-36179.json +++ b/2020/36xxx/CVE-2020-36179.json @@ -103,7 +103,9 @@ "name": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } diff --git a/2020/36xxx/CVE-2020-36180.json b/2020/36xxx/CVE-2020-36180.json index af42b21b827..931558c8477 100644 --- a/2020/36xxx/CVE-2020-36180.json +++ b/2020/36xxx/CVE-2020-36180.json @@ -98,7 +98,9 @@ "name": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } diff --git a/2020/36xxx/CVE-2020-36181.json b/2020/36xxx/CVE-2020-36181.json index 9c4576fcfb6..7ddb7d9cb70 100644 --- a/2020/36xxx/CVE-2020-36181.json +++ b/2020/36xxx/CVE-2020-36181.json @@ -98,7 +98,9 @@ "name": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } diff --git a/2020/36xxx/CVE-2020-36182.json b/2020/36xxx/CVE-2020-36182.json index 615efdfc3d3..259d3663b63 100644 --- a/2020/36xxx/CVE-2020-36182.json +++ b/2020/36xxx/CVE-2020-36182.json @@ -98,7 +98,9 @@ "name": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } diff --git a/2020/36xxx/CVE-2020-36183.json b/2020/36xxx/CVE-2020-36183.json index 095089b6fe3..3e7432de94f 100644 --- a/2020/36xxx/CVE-2020-36183.json +++ b/2020/36xxx/CVE-2020-36183.json @@ -98,7 +98,9 @@ "name": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } diff --git a/2020/36xxx/CVE-2020-36184.json b/2020/36xxx/CVE-2020-36184.json index 6eff36c01dc..54a4857d6cf 100644 --- a/2020/36xxx/CVE-2020-36184.json +++ b/2020/36xxx/CVE-2020-36184.json @@ -98,7 +98,9 @@ "name": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } diff --git a/2020/36xxx/CVE-2020-36185.json b/2020/36xxx/CVE-2020-36185.json index 9c8b4dd066d..5152314e27e 100644 --- a/2020/36xxx/CVE-2020-36185.json +++ b/2020/36xxx/CVE-2020-36185.json @@ -98,7 +98,9 @@ "name": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } diff --git a/2020/36xxx/CVE-2020-36186.json b/2020/36xxx/CVE-2020-36186.json index c0b195969ad..aa06d5c155b 100644 --- a/2020/36xxx/CVE-2020-36186.json +++ b/2020/36xxx/CVE-2020-36186.json @@ -98,7 +98,9 @@ "name": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } diff --git a/2020/36xxx/CVE-2020-36187.json b/2020/36xxx/CVE-2020-36187.json index f592796ca62..d716bb07d6e 100644 --- a/2020/36xxx/CVE-2020-36187.json +++ b/2020/36xxx/CVE-2020-36187.json @@ -98,7 +98,9 @@ "name": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } diff --git a/2020/36xxx/CVE-2020-36188.json b/2020/36xxx/CVE-2020-36188.json index 57c49bfaae0..6619205fc3e 100644 --- a/2020/36xxx/CVE-2020-36188.json +++ b/2020/36xxx/CVE-2020-36188.json @@ -98,7 +98,9 @@ "name": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } diff --git a/2020/36xxx/CVE-2020-36189.json b/2020/36xxx/CVE-2020-36189.json index fe1c40c1f01..d7bbf75fde0 100644 --- a/2020/36xxx/CVE-2020-36189.json +++ b/2020/36xxx/CVE-2020-36189.json @@ -98,7 +98,9 @@ "name": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } diff --git a/2020/36xxx/CVE-2020-36242.json b/2020/36xxx/CVE-2020-36242.json index 5dab7d3808f..91dee2c735a 100644 --- a/2020/36xxx/CVE-2020-36242.json +++ b/2020/36xxx/CVE-2020-36242.json @@ -78,7 +78,9 @@ "url": "https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } diff --git a/2020/36xxx/CVE-2020-36518.json b/2020/36xxx/CVE-2020-36518.json index 435004c662d..61b91daecaa 100644 --- a/2020/36xxx/CVE-2020-36518.json +++ b/2020/36xxx/CVE-2020-36518.json @@ -67,13 +67,15 @@ "name": "[debian-lts-announce] 20220502 [SECURITY] [DLA 2990-1] jackson-databind security update", "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html" }, + { + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" + }, { "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20220506-0004/", "url": "https://security.netapp.com/advisory/ntap-20220506-0004/" - }, - { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } diff --git a/2020/4xxx/CVE-2020-4788.json b/2020/4xxx/CVE-2020-4788.json index cfb33f3407b..d60fb1d687f 100644 --- a/2020/4xxx/CVE-2020-4788.json +++ b/2020/4xxx/CVE-2020-4788.json @@ -98,7 +98,9 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TITJQPYDWZ4NB2ONJWUXW75KSQIPF35T/" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] }, diff --git a/2020/5xxx/CVE-2020-5258.json b/2020/5xxx/CVE-2020-5258.json index 497b399db49..39713746d85 100644 --- a/2020/5xxx/CVE-2020-5258.json +++ b/2020/5xxx/CVE-2020-5258.json @@ -132,7 +132,9 @@ "name": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] }, diff --git a/2020/5xxx/CVE-2020-5397.json b/2020/5xxx/CVE-2020-5397.json index 63508d31a05..39b337e38a2 100644 --- a/2020/5xxx/CVE-2020-5397.json +++ b/2020/5xxx/CVE-2020-5397.json @@ -90,7 +90,9 @@ "name": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] }, diff --git a/2020/5xxx/CVE-2020-5398.json b/2020/5xxx/CVE-2020-5398.json index 393a72b59e5..61d1766ea17 100644 --- a/2020/5xxx/CVE-2020-5398.json +++ b/2020/5xxx/CVE-2020-5398.json @@ -285,7 +285,9 @@ "url": "https://security.netapp.com/advisory/ntap-20210917-0006/" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] }, diff --git a/2020/7xxx/CVE-2020-7595.json b/2020/7xxx/CVE-2020-7595.json index 4f22979cd26..f92fceffd8a 100644 --- a/2020/7xxx/CVE-2020-7595.json +++ b/2020/7xxx/CVE-2020-7595.json @@ -123,7 +123,9 @@ "name": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } diff --git a/2020/7xxx/CVE-2020-7656.json b/2020/7xxx/CVE-2020-7656.json index c5ac41bcc88..db195492817 100644 --- a/2020/7xxx/CVE-2020-7656.json +++ b/2020/7xxx/CVE-2020-7656.json @@ -44,6 +44,11 @@ }, "references": { "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" + }, { "refsource": "MISC", "name": "https://snyk.io/vuln/SNYK-JS-JQUERY-569619", @@ -53,9 +58,6 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200528-0001/", "url": "https://security.netapp.com/advisory/ntap-20200528-0001/" - }, - { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] }, diff --git a/2020/7xxx/CVE-2020-7712.json b/2020/7xxx/CVE-2020-7712.json index d3f8ed071f1..119bded5950 100644 --- a/2020/7xxx/CVE-2020-7712.json +++ b/2020/7xxx/CVE-2020-7712.json @@ -153,7 +153,9 @@ "name": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] }, diff --git a/2020/9xxx/CVE-2020-9484.json b/2020/9xxx/CVE-2020-9484.json index 364f3381466..21c3a424bce 100644 --- a/2020/9xxx/CVE-2020-9484.json +++ b/2020/9xxx/CVE-2020-9484.json @@ -250,7 +250,9 @@ "name": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] }, diff --git a/2020/9xxx/CVE-2020-9492.json b/2020/9xxx/CVE-2020-9492.json index 6034961dc32..884c3d8c013 100644 --- a/2020/9xxx/CVE-2020-9492.json +++ b/2020/9xxx/CVE-2020-9492.json @@ -74,11 +74,6 @@ "name": "[druid-commits] 20210225 [GitHub] [druid] liangrui1988 commented on pull request #10847: Suppress CVE-2020-9492 for hadoop-mapreduce-client-core", "url": "https://lists.apache.org/thread.html/r0a534f1cde7555f7208e9f9b791c1ab396d215eaaef283b3a9153429@%3Ccommits.druid.apache.org%3E" }, - { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20210304-0001/", - "url": "https://security.netapp.com/advisory/ntap-20210304-0001/" - }, { "refsource": "MLIST", "name": "[solr-issues] 20210419 [jira] [Updated] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2", @@ -120,7 +115,14 @@ "url": "https://lists.apache.org/thread.html/rb12afaa421d483863c4175e42e5dbd0673917a3cff73f3fca4f8275f@%3Cissues.solr.apache.org%3E" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210304-0001/", + "url": "https://security.netapp.com/advisory/ntap-20210304-0001/" } ] }, diff --git a/2021/20xxx/CVE-2021-20322.json b/2021/20xxx/CVE-2021-20322.json index 0da78fcb77d..cf183acd5ef 100644 --- a/2021/20xxx/CVE-2021-20322.json +++ b/2021/20xxx/CVE-2021-20322.json @@ -69,11 +69,6 @@ "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv6/route.c?h=v5.15-rc6&id=a00df2caffed3883c341d5685f830434312e4a43", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv6/route.c?h=v5.15-rc6&id=a00df2caffed3883c341d5685f830434312e4a43" }, - { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20220303-0002/", - "url": "https://security.netapp.com/advisory/ntap-20220303-0002/" - }, { "refsource": "MLIST", "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update", @@ -85,7 +80,14 @@ "url": "https://www.debian.org/security/2022/dsa-5096" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20220303-0002/", + "url": "https://security.netapp.com/advisory/ntap-20220303-0002/" } ] }, diff --git a/2021/21xxx/CVE-2021-21781.json b/2021/21xxx/CVE-2021-21781.json index 227937c5746..c178b342d52 100644 --- a/2021/21xxx/CVE-2021-21781.json +++ b/2021/21xxx/CVE-2021-21781.json @@ -50,7 +50,9 @@ "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1243" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] }, diff --git a/2021/22xxx/CVE-2021-22118.json b/2021/22xxx/CVE-2021-22118.json index ec141cf073d..f02f47cb3b1 100644 --- a/2021/22xxx/CVE-2021-22118.json +++ b/2021/22xxx/CVE-2021-22118.json @@ -75,7 +75,9 @@ "name": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] }, diff --git a/2021/22xxx/CVE-2021-22119.json b/2021/22xxx/CVE-2021-22119.json index e84e582f72d..60b2b211335 100644 --- a/2021/22xxx/CVE-2021-22119.json +++ b/2021/22xxx/CVE-2021-22119.json @@ -85,7 +85,9 @@ "name": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + "url": "https://www.oracle.com/security-alerts/cpujul2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] }, diff --git a/2022/22xxx/CVE-2022-22999.json b/2022/22xxx/CVE-2022-22999.json index 33171602a3f..08b85426d04 100644 --- a/2022/22xxx/CVE-2022-22999.json +++ b/2022/22xxx/CVE-2022-22999.json @@ -1,18 +1,94 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@wdc.com", "ID": "CVE-2022-22999", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cross-site Scripting Vulnerability in USB Backups App" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "My Cloud", + "version": { + "version_data": [ + { + "platform": "Linux", + "version_affected": "<", + "version_name": "My Cloud OS 5", + "version_value": "5.23.114" + } + ] + } + } + ] + }, + "vendor_name": "Western Digital" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Western Digital My Cloud devices are vulnerable to a cross side scripting vulnerability that can allow a malicious user with elevated privileges access to drives being backed up to construct and inject JavaScript payloads into an authenticated user's browser. As a result, it may be possible to gain control over the authenticated session, steal data, modify settings, or redirect the user to malicious websites. The scope of impact can extend to other components." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.westerndigital.com/support/product-security/wdc-22011-my-cloud-firmware-version-5-23-114", + "name": "https://www.westerndigital.com/support/product-security/wdc-22011-my-cloud-firmware-version-5-23-114" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "To take advantage of the latest security fixes, Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification." + } + ], + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/23xxx/CVE-2022-23000.json b/2022/23xxx/CVE-2022-23000.json index 494bee57e99..fc14e4710ca 100644 --- a/2022/23xxx/CVE-2022-23000.json +++ b/2022/23xxx/CVE-2022-23000.json @@ -1,18 +1,94 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@wdc.com", "ID": "CVE-2022-23000", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Weak Default SSL use in Port Forwarding Service" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "My Cloud", + "version": { + "version_data": [ + { + "platform": "Linux", + "version_affected": "<", + "version_name": "My Cloud OS 5", + "version_value": "5.23.114" + } + ] + } + } + ] + }, + "vendor_name": "Western Digital" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Western Digital My Cloud Web App [https://os5.mycloud.com/] uses a weak SSLContext when attempting to configure port forwarding rules. This was enabled to maintain compatibility with old or outdated home routers. By using an \"SSL\" context instead of \"TLS\" or specifying stronger validation, deprecated or insecure protocols are permitted. As a result, a local user with no privileges can exploit this vulnerability and jeopardize the integrity, confidentiality and authenticity of information transmitted. The scope of impact cannot extend to other components and no user input is required to exploit this vulnerability." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-757 Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.westerndigital.com/support/product-security/wdc-22011-my-cloud-firmware-version-5-23-114", + "name": "https://www.westerndigital.com/support/product-security/wdc-22011-my-cloud-firmware-version-5-23-114" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "To take advantage of the latest security fixes, Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification." + } + ], + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2077.json b/2022/2xxx/CVE-2022-2077.json index 696ff0a1bcc..2158b3ff962 100644 --- a/2022/2xxx/CVE-2022-2077.json +++ b/2022/2xxx/CVE-2022-2077.json @@ -4,84 +4,14 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2077", - "TITLE": "Microsoft O365 Conditional Access Policy access control", - "REQUESTER": "cna@vuldb.com", - "ASSIGNER": "secure@microsoft.com", - "STATE": "PUBLIC" - }, - "generator": "vuldb.com", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Microsoft", - "product": { - "product_data": [ - { - "product_name": "O365", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - } - } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-284 Improper Access Controls" - } - ] - } - ] + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** DISPUTED ** A vulnerability was found in Microsoft O365 and classified as critical. This issue affects the Conditional Access Policy which leads to improper access controls. By default the policy is not verified for every request. The attack may be initiated remotely. Exploit details have been disclosed to the public. It is recommended to change the configuration settings. NOTE: Vendor claims that pre-requisites are very high, the feature works as intended, and that configuration settings might mitigate the issue." - } - ] - }, - "credit": "Lukas Reiter/Alexander Hagenah", - "impact": { - "cvss": { - "version": "3.1", - "baseScore": "5.0", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" - } - }, - "references": { - "reference_data": [ - { - "url": "https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-continuous-access-evaluation", - "refsource": "MISC", - "name": "https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-continuous-access-evaluation" - }, - { - "url": "https://www.mandiant.com/resources/russian-targeting-gov-business", - "refsource": "MISC", - "name": "https://www.mandiant.com/resources/russian-targeting-gov-business" - }, - { - "url": "https://github.com/sixgroup-security/Advisories/tree/main/20211209_Conditional-Access-Bypass-via-Session-Hijacking-in-Microsoft-O365", - "refsource": "MISC", - "name": "https://github.com/sixgroup-security/Advisories/tree/main/20211209_Conditional-Access-Bypass-via-Session-Hijacking-in-Microsoft-O365" - }, - { - "url": "https://vuldb.com/?id.192029", - "refsource": "MISC", - "name": "https://vuldb.com/?id.192029" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2022/34xxx/CVE-2022-34966.json b/2022/34xxx/CVE-2022-34966.json index 32069b652a7..71eedbba671 100644 --- a/2022/34xxx/CVE-2022-34966.json +++ b/2022/34xxx/CVE-2022-34966.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-34966", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-34966", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an HTML injection vulnerability via the location parameter at http://ip_address/:port/ossn/home." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.opensource-socialnetwork.org/", + "refsource": "MISC", + "name": "https://www.opensource-socialnetwork.org/" + }, + { + "url": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3", + "refsource": "MISC", + "name": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3" + }, + { + "url": "https://www.openteknik.com/contact?channel=ossn", + "refsource": "MISC", + "name": "https://www.openteknik.com/contact?channel=ossn" + }, + { + "refsource": "MISC", + "name": "https://grimthereaperteam.medium.com/cve-2022-34966-ossn-6-3-lts-html-injection-vulnerability-at-location-parameter-3fe791dd22c6", + "url": "https://grimthereaperteam.medium.com/cve-2022-34966-ossn-6-3-lts-html-injection-vulnerability-at-location-parameter-3fe791dd22c6" } ] } diff --git a/2022/35xxx/CVE-2022-35869.json b/2022/35xxx/CVE-2022-35869.json index e042de5eafd..8d0bfa044c3 100644 --- a/2022/35xxx/CVE-2022-35869.json +++ b/2022/35xxx/CVE-2022-35869.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2022-35869", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Ignition", - "version": { - "version_data": [ - { - "version_value": "8.1.15 (b2022030114)" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2022-35869", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Ignition", + "version": { + "version_data": [ + { + "version_value": "8.1.15 (b2022030114)" + } + ] + } + } + ] + }, + "vendor_name": "Inductive Automation" } - } ] - }, - "vendor_name": "Inductive Automation" } - ] - } - }, - "credit": "@_s_n_t of @pentestltd", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within com.inductiveautomation.ignition.gateway.web.pages. The issue results from the lack of proper authentication prior to access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17211." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-288: Authentication Bypass Using an Alternate Path or Channel" - } + }, + "credit": "@_s_n_t of @pentestltd", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within com.inductiveautomation.ignition.gateway.web.pages. The issue results from the lack of proper authentication prior to access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17211." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1016/" - }, - { - "url": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-288: Authentication Bypass Using an Alternate Path or Channel" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1016/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-1016/" + }, + { + "url": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities", + "refsource": "MISC", + "name": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2022/35xxx/CVE-2022-35870.json b/2022/35xxx/CVE-2022-35870.json index 9320c6aa46e..16d5d51ac4b 100644 --- a/2022/35xxx/CVE-2022-35870.json +++ b/2022/35xxx/CVE-2022-35870.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2022-35870", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Ignition", - "version": { - "version_data": [ - { - "version_value": "8.1.15 (b2022030114)" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2022-35870", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Ignition", + "version": { + "version_data": [ + { + "version_value": "8.1.15 (b2022030114)" + } + ] + } + } + ] + }, + "vendor_name": "Inductive Automation" } - } ] - }, - "vendor_name": "Inductive Automation" } - ] - } - }, - "credit": "@_s_n_t of @pentestltd", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within com.inductiveautomation.metro.impl. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17265." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-502: Deserialization of Untrusted Data" - } + }, + "credit": "@_s_n_t of @pentestltd", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within com.inductiveautomation.metro.impl. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17265." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1017/" - }, - { - "url": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502: Deserialization of Untrusted Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities", + "refsource": "MISC", + "name": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1017/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-1017/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2022/35xxx/CVE-2022-35871.json b/2022/35xxx/CVE-2022-35871.json index 43068991d1d..3becad92aa2 100644 --- a/2022/35xxx/CVE-2022-35871.json +++ b/2022/35xxx/CVE-2022-35871.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2022-35871", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Ignition", - "version": { - "version_data": [ - { - "version_value": "8.1.15 (b2022030114)" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2022-35871", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Ignition", + "version": { + "version_data": [ + { + "version_value": "8.1.15 (b2022030114)" + } + ] + } + } + ] + }, + "vendor_name": "Inductive Automation" } - } ] - }, - "vendor_name": "Inductive Automation" } - ] - } - }, - "credit": "Daan Keuper & Thijs Alkemade from Computest", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the authenticateAdSso method. The issue results from the lack of authentication prior to allowing the execution of python code. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17206." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-306: Missing Authentication for Critical Function" - } + }, + "credit": "Daan Keuper & Thijs Alkemade from Computest", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within the authenticateAdSso method. The issue results from the lack of authentication prior to allowing the execution of python code. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17206." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1018/" - }, - { - "url": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306: Missing Authentication for Critical Function" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities", + "refsource": "MISC", + "name": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1018/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-1018/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2022/35xxx/CVE-2022-35872.json b/2022/35xxx/CVE-2022-35872.json index 56429f4e3f3..4b8c73d248a 100644 --- a/2022/35xxx/CVE-2022-35872.json +++ b/2022/35xxx/CVE-2022-35872.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2022-35872", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Ignition", - "version": { - "version_data": [ - { - "version_value": "8.1.15 (b2022030114)" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2022-35872", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Ignition", + "version": { + "version_data": [ + { + "version_value": "8.1.15 (b2022030114)" + } + ] + } + } + ] + }, + "vendor_name": "Inductive Automation" } - } ] - }, - "vendor_name": "Inductive Automation" } - ] - } - }, - "credit": "Piotr Bazydlo (@chudypb)", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of ZIP files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17115." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-502: Deserialization of Untrusted Data" - } + }, + "credit": "Piotr Bazydlo (@chudypb)", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ZIP files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17115." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1019/" - }, - { - "url": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502: Deserialization of Untrusted Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities", + "refsource": "MISC", + "name": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1019/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-1019/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2022/35xxx/CVE-2022-35873.json b/2022/35xxx/CVE-2022-35873.json index 01237a963da..39905f3eb1c 100644 --- a/2022/35xxx/CVE-2022-35873.json +++ b/2022/35xxx/CVE-2022-35873.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2022-35873", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Ignition", - "version": { - "version_data": [ - { - "version_value": "8.1.15 (b2022030114)" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2022-35873", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Ignition", + "version": { + "version_data": [ + { + "version_value": "8.1.15 (b2022030114)" + } + ] + } + } + ] + }, + "vendor_name": "Inductive Automation" } - } ] - }, - "vendor_name": "Inductive Automation" } - ] - } - }, - "credit": "20urdjk", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the processing of ZIP files. Crafted data in a ZIP file can cause the application to execute arbitrary Python scripts. The user interface fails to provide sufficient indication of the hazard. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16949." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-356: Product UI does not Warn User of Unsafe Actions" - } + }, + "credit": "20urdjk", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of ZIP files. Crafted data in a ZIP file can cause the application to execute arbitrary Python scripts. The user interface fails to provide sufficient indication of the hazard. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16949." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1020/" - }, - { - "url": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-356: Product UI does not Warn User of Unsafe Actions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities", + "refsource": "MISC", + "name": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1020/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-1020/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file