admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-12-07 23:00:35 +00:00
parent aec04f47bd
commit f7d6d50bb3
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
5 changed files with 378 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

85
2022/23xxx/CVE-2022-23471.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-23471",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user's process fails to launch due to, for example, a faulty command, the goroutine will be stuck waiting to send without a receiver, resulting in a memory leak. Kubernetes and crictl can both be configured to use containerd's CRI implementation and the stream server is used for handling container IO. This bug has been fixed in containerd 1.6.12 and 1.5.16. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used and that only trusted users have permissions to execute commands in running containers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "containerd",
"product": {
"product_data": [
{
"product_name": "containerd",
"version": {
"version_data": [
{
"version_value": "< 1.5.16",
"version_affected": "="
},
{
"version_value": ">= 1.6.0, < 1.6.12",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-2qjp-425j-52j9",
"refsource": "MISC",
"name": "https://github.com/containerd/containerd/security/advisories/GHSA-2qjp-425j-52j9"
},
{
"url": "https://github.com/containerd/containerd/commit/a05d175400b1145e5e6a735a6710579d181e7fb0",
"refsource": "MISC",
"name": "https://github.com/containerd/containerd/commit/a05d175400b1145e5e6a735a6710579d181e7fb0"
}
]
},
"source": {
"advisory": "GHSA-2qjp-425j-52j9",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

97
2022/2xxx/CVE-2022-2002.json
View File

@ -1,17 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2002",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GE CIMPICITY versions 2022 and prior is vulnerable when data from faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-822 Untrusted Pointer Dereference",
"cweId": "CWE-822"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GE",
"product": {
"product_data": [
{
"product_name": "CIMPLICITY",
"version": {
"version_data": [
{
"version_value": "0",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04",
"refsource": "MISC",
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<p>GE recommends users refer to the <a target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/communities/en_US/Documentation/CIMPLICITY-Secure-Deployment-Guide2\">CIMPLICITY Secure Deployment Guide</a>&nbsp;(login required) for mitigations to the reported vulnerabilities. Specific sections to reference include Section 3.5 Projects and Section 4.2 CimView. </p><p>For more information about this issue, see the GE Digital Product <a target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-22-06\">Security Advisory</a>&nbsp;(login required). </p><p>For further questions, users should contact <a target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/communities/CC_Contact\">GE</a>. </p>\n\n<br>"
}
],
"value": "\nGE recommends users refer to the CIMPLICITY Secure Deployment Guide https://digitalsupport.ge.com/communities/en_US/Documentation/CIMPLICITY-Secure-Deployment-Guide2 \u00a0(login required) for mitigations to the reported vulnerabilities. Specific sections to reference include Section 3.5 Projects and Section 4.2 CimView. \n\nFor more information about this issue, see the GE Digital Product Security Advisory https://digitalsupport.ge.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-22-06 \u00a0(login required). \n\nFor further questions, users should contact GE https://digitalsupport.ge.com/communities/CC_Contact . \n\n\n\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Kimiya working with Trend micro Zero Day Initiative reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

97
2022/2xxx/CVE-2022-2948.json
View File

@ -1,17 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2948",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GE CIMPICITY versions 2022 and prior is vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122 Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GE",
"product": {
"product_data": [
{
"product_name": "CIMPLICITY",
"version": {
"version_data": [
{
"version_value": "0",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04",
"refsource": "MISC",
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<p>GE recommends users refer to the <a target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/communities/en_US/Documentation/CIMPLICITY-Secure-Deployment-Guide2\">CIMPLICITY Secure Deployment Guide</a>&nbsp;(login required) for mitigations to the reported vulnerabilities. Specific sections to reference include Section 3.5 Projects and Section 4.2 CimView. </p><p>For more information about this issue, see the GE Digital Product <a target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-22-06\">Security Advisory</a>&nbsp;(login required). </p><p>For further questions, users should contact <a target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/communities/CC_Contact\">GE</a>. </p>\n\n<br>"
}
],
"value": "\nGE recommends users refer to the CIMPLICITY Secure Deployment Guide https://digitalsupport.ge.com/communities/en_US/Documentation/CIMPLICITY-Secure-Deployment-Guide2 \u00a0(login required) for mitigations to the reported vulnerabilities. Specific sections to reference include Section 3.5 Projects and Section 4.2 CimView. \n\nFor more information about this issue, see the GE Digital Product Security Advisory https://digitalsupport.ge.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-22-06 \u00a0(login required). \n\nFor further questions, users should contact GE https://digitalsupport.ge.com/communities/CC_Contact . \n\n\n\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Kimiya working with Trend micro Zero Day Initiative reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

97
2022/2xxx/CVE-2022-2952.json
View File

@ -1,17 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2952",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-824 Access of Uninitialized Pointer",
"cweId": "CWE-824"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GE",
"product": {
"product_data": [
{
"product_name": "CIMPLICITY",
"version": {
"version_data": [
{
"version_value": "0",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04",
"refsource": "MISC",
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<p>GE recommends users refer to the <a target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/communities/en_US/Documentation/CIMPLICITY-Secure-Deployment-Guide2\">CIMPLICITY Secure Deployment Guide</a>&nbsp;(login required) for mitigations to the reported vulnerabilities. Specific sections to reference include Section 3.5 Projects and Section 4.2 CimView. </p><p>For more information about this issue, see the GE Digital Product <a target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-22-06\">Security Advisory</a>&nbsp;(login required). </p><p>For further questions, users should contact <a target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/communities/CC_Contact\">GE</a>. </p>\n\n<br>"
}
],
"value": "\nGE recommends users refer to the CIMPLICITY Secure Deployment Guide https://digitalsupport.ge.com/communities/en_US/Documentation/CIMPLICITY-Secure-Deployment-Guide2 \u00a0(login required) for mitigations to the reported vulnerabilities. Specific sections to reference include Section 3.5 Projects and Section 4.2 CimView. \n\nFor more information about this issue, see the GE Digital Product Security Advisory https://digitalsupport.ge.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-22-06 \u00a0(login required). \n\nFor further questions, users should contact GE https://digitalsupport.ge.com/communities/CC_Contact . \n\n\n\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Kimiya working with Trend micro Zero Day Initiative reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

18
2022/4xxx/CVE-2022-4342.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4342",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}