diff --git a/2022/23xxx/CVE-2022-23471.json b/2022/23xxx/CVE-2022-23471.json
index 0e451a48fac..444ebcf0205 100644
--- a/2022/23xxx/CVE-2022-23471.json
+++ b/2022/23xxx/CVE-2022-23471.json
@@ -1,17 +1,94 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-23471",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security-advisories@github.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user's process fails to launch due to, for example, a faulty command, the goroutine will be stuck waiting to send without a receiver, resulting in a memory leak. Kubernetes and crictl can both be configured to use containerd's CRI implementation and the stream server is used for handling container IO. This bug has been fixed in containerd 1.6.12 and 1.5.16. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used and that only trusted users have permissions to execute commands in running containers."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-400: Uncontrolled Resource Consumption",
+ "cweId": "CWE-400"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "containerd",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "containerd",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "< 1.5.16",
+ "version_affected": "="
+ },
+ {
+ "version_value": ">= 1.6.0, < 1.6.12",
+ "version_affected": "="
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/containerd/containerd/security/advisories/GHSA-2qjp-425j-52j9",
+ "refsource": "MISC",
+ "name": "https://github.com/containerd/containerd/security/advisories/GHSA-2qjp-425j-52j9"
+ },
+ {
+ "url": "https://github.com/containerd/containerd/commit/a05d175400b1145e5e6a735a6710579d181e7fb0",
+ "refsource": "MISC",
+ "name": "https://github.com/containerd/containerd/commit/a05d175400b1145e5e6a735a6710579d181e7fb0"
+ }
+ ]
+ },
+ "source": {
+ "advisory": "GHSA-2qjp-425j-52j9",
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 5.7,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2022/2xxx/CVE-2022-2002.json b/2022/2xxx/CVE-2022-2002.json
index d6d11f08dd6..8478c64fe46 100644
--- a/2022/2xxx/CVE-2022-2002.json
+++ b/2022/2xxx/CVE-2022-2002.json
@@ -1,17 +1,106 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2002",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "ics-cert@hq.dhs.gov",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "GE CIMPICITY versions 2022 and prior is vulnerable when data from faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-822 Untrusted Pointer Dereference",
+ "cweId": "CWE-822"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "GE",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "CIMPLICITY",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "0",
+ "version_affected": "="
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04",
+ "refsource": "MISC",
+ "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "\n\nGE recommends users refer to the CIMPLICITY Secure Deployment Guide (login required) for mitigations to the reported vulnerabilities. Specific sections to reference include Section 3.5 Projects and Section 4.2 CimView.
For more information about this issue, see the GE Digital Product Security Advisory (login required).
For further questions, users should contact GE.
\n\n
"
+ }
+ ],
+ "value": "\nGE recommends users refer to the CIMPLICITY Secure Deployment Guide https://digitalsupport.ge.com/communities/en_US/Documentation/CIMPLICITY-Secure-Deployment-Guide2 \u00a0(login required) for mitigations to the reported vulnerabilities. Specific sections to reference include Section 3.5 Projects and Section 4.2 CimView. \n\nFor more information about this issue, see the GE Digital Product Security Advisory https://digitalsupport.ge.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-22-06 \u00a0(login required). \n\nFor further questions, users should contact GE https://digitalsupport.ge.com/communities/CC_Contact . \n\n\n\n\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Kimiya working with Trend micro Zero Day Initiative reported these vulnerabilities to CISA."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2022/2xxx/CVE-2022-2948.json b/2022/2xxx/CVE-2022-2948.json
index a3dcb220593..3aa408369b0 100644
--- a/2022/2xxx/CVE-2022-2948.json
+++ b/2022/2xxx/CVE-2022-2948.json
@@ -1,17 +1,106 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2948",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "ics-cert@hq.dhs.gov",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "GE CIMPICITY versions 2022 and prior is vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-122 Heap-based Buffer Overflow",
+ "cweId": "CWE-122"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "GE",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "CIMPLICITY",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "0",
+ "version_affected": "="
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04",
+ "refsource": "MISC",
+ "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "\n\nGE recommends users refer to the CIMPLICITY Secure Deployment Guide (login required) for mitigations to the reported vulnerabilities. Specific sections to reference include Section 3.5 Projects and Section 4.2 CimView.
For more information about this issue, see the GE Digital Product Security Advisory (login required).
For further questions, users should contact GE.
\n\n
"
+ }
+ ],
+ "value": "\nGE recommends users refer to the CIMPLICITY Secure Deployment Guide https://digitalsupport.ge.com/communities/en_US/Documentation/CIMPLICITY-Secure-Deployment-Guide2 \u00a0(login required) for mitigations to the reported vulnerabilities. Specific sections to reference include Section 3.5 Projects and Section 4.2 CimView. \n\nFor more information about this issue, see the GE Digital Product Security Advisory https://digitalsupport.ge.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-22-06 \u00a0(login required). \n\nFor further questions, users should contact GE https://digitalsupport.ge.com/communities/CC_Contact . \n\n\n\n\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Kimiya working with Trend micro Zero Day Initiative reported these vulnerabilities to CISA."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2022/2xxx/CVE-2022-2952.json b/2022/2xxx/CVE-2022-2952.json
index 84727f6de5c..bcc75ff3b89 100644
--- a/2022/2xxx/CVE-2022-2952.json
+++ b/2022/2xxx/CVE-2022-2952.json
@@ -1,17 +1,106 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2952",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "ics-cert@hq.dhs.gov",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-824 Access of Uninitialized Pointer",
+ "cweId": "CWE-824"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "GE",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "CIMPLICITY",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "0",
+ "version_affected": "="
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04",
+ "refsource": "MISC",
+ "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "\n\nGE recommends users refer to the CIMPLICITY Secure Deployment Guide (login required) for mitigations to the reported vulnerabilities. Specific sections to reference include Section 3.5 Projects and Section 4.2 CimView.
For more information about this issue, see the GE Digital Product Security Advisory (login required).
For further questions, users should contact GE.
\n\n
"
+ }
+ ],
+ "value": "\nGE recommends users refer to the CIMPLICITY Secure Deployment Guide https://digitalsupport.ge.com/communities/en_US/Documentation/CIMPLICITY-Secure-Deployment-Guide2 \u00a0(login required) for mitigations to the reported vulnerabilities. Specific sections to reference include Section 3.5 Projects and Section 4.2 CimView. \n\nFor more information about this issue, see the GE Digital Product Security Advisory https://digitalsupport.ge.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-22-06 \u00a0(login required). \n\nFor further questions, users should contact GE https://digitalsupport.ge.com/communities/CC_Contact . \n\n\n\n\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Kimiya working with Trend micro Zero Day Initiative reported these vulnerabilities to CISA."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2022/4xxx/CVE-2022-4342.json b/2022/4xxx/CVE-2022-4342.json
new file mode 100644
index 00000000000..a9bce1d51b4
--- /dev/null
+++ b/2022/4xxx/CVE-2022-4342.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2022-4342",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file