diff --git a/2021/38xxx/CVE-2021-38924.json b/2021/38xxx/CVE-2021-38924.json index 6cce05aacaf..ffd0addf741 100644 --- a/2021/38xxx/CVE-2021-38924.json +++ b/2021/38xxx/CVE-2021-38924.json @@ -1,93 +1,93 @@ { - "data_format" : "MITRE", - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "7.6.1.1" - }, - { - "version_value" : "7.6.1.2" - } - ] - }, - "product_name" : "Maximo Asset Management" - } - ] - } - } - ] - } - }, - "CVE_data_meta" : { - "ID" : "CVE-2021-38924", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2022-09-13T00:00:00", - "STATE" : "PUBLIC" - }, - "data_type" : "CVE", - "description" : { - "description_data" : [ - { - "value" : "IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 210163.", - "lang" : "eng" - } - ] - }, - "data_version" : "4.0", - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - }, - "BM" : { - "A" : "N", - "C" : "L", - "UI" : "N", - "AV" : "N", - "I" : "N", - "AC" : "L", - "S" : "U", - "SCORE" : "5.300", - "PR" : "N" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } + "data_format": "MITRE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "7.6.1.1" + }, + { + "version_value": "7.6.1.2" + } + ] + }, + "product_name": "Maximo Asset Management" + } + ] + } + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6620059", - "url" : "https://www.ibm.com/support/pages/node/6620059", - "title" : "IBM Security Bulletin 6620059 (Maximo Asset Management)", - "refsource" : "CONFIRM" - }, - { - "name" : "ibm-maximo-cve202138924-info-disc (210163)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/210163", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF" - } - ] - } -} + } + }, + "CVE_data_meta": { + "ID": "CVE-2021-38924", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2022-09-13T00:00:00", + "STATE": "PUBLIC" + }, + "data_type": "CVE", + "description": { + "description_data": [ + { + "value": "IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 210163.", + "lang": "eng" + } + ] + }, + "data_version": "4.0", + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + }, + "BM": { + "A": "N", + "C": "L", + "UI": "N", + "AV": "N", + "I": "N", + "AC": "L", + "S": "U", + "SCORE": "5.300", + "PR": "N" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/6620059", + "url": "https://www.ibm.com/support/pages/node/6620059", + "title": "IBM Security Bulletin 6620059 (Maximo Asset Management)", + "refsource": "CONFIRM" + }, + { + "name": "ibm-maximo-cve202138924-info-disc (210163)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/210163", + "title": "X-Force Vulnerability Report", + "refsource": "XF" + } + ] + } +} \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0029.json b/2022/0xxx/CVE-2022-0029.json index b16a5206bbc..f462ea01eeb 100644 --- a/2022/0xxx/CVE-2022-0029.json +++ b/2022/0xxx/CVE-2022-0029.json @@ -67,7 +67,7 @@ "credit": [ { "lang": "eng", - "value": "Palo Alto Networks thanks Diego GarcĂ­a of INCIDE for discovering and reporting this issue." + "value": "Palo Alto Networks thanks Diego Garc\u00eda of INCIDE for discovering and reporting this issue." } ], "data_format": "MITRE", @@ -121,8 +121,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://security.paloaltonetworks.com/CVE-2022-0029" + "refsource": "MISC", + "url": "https://security.paloaltonetworks.com/CVE-2022-0029", + "name": "https://security.paloaltonetworks.com/CVE-2022-0029" } ] }, diff --git a/2022/33xxx/CVE-2022-33733.json b/2022/33xxx/CVE-2022-33733.json index 9460a5b8c0b..229b50de4ee 100644 --- a/2022/33xxx/CVE-2022-33733.json +++ b/2022/33xxx/CVE-2022-33733.json @@ -74,6 +74,11 @@ "refsource": "MISC", "url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08", "name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08" + }, + { + "refsource": "MISC", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08" } ] }, diff --git a/2022/33xxx/CVE-2022-33734.json b/2022/33xxx/CVE-2022-33734.json index 3b33b369a25..ceb225d8019 100644 --- a/2022/33xxx/CVE-2022-33734.json +++ b/2022/33xxx/CVE-2022-33734.json @@ -74,6 +74,11 @@ "refsource": "MISC", "url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08", "name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08" + }, + { + "refsource": "MISC", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08" } ] }, diff --git a/2022/36xxx/CVE-2022-36829.json b/2022/36xxx/CVE-2022-36829.json index 488d9da84f3..030709ef6fb 100644 --- a/2022/36xxx/CVE-2022-36829.json +++ b/2022/36xxx/CVE-2022-36829.json @@ -74,6 +74,11 @@ "refsource": "MISC", "url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08", "name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08" + }, + { + "refsource": "MISC", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08" } ] }, diff --git a/2022/36xxx/CVE-2022-36830.json b/2022/36xxx/CVE-2022-36830.json index 6964c371888..f5738a40a2b 100644 --- a/2022/36xxx/CVE-2022-36830.json +++ b/2022/36xxx/CVE-2022-36830.json @@ -74,6 +74,11 @@ "refsource": "MISC", "url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08", "name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08" + }, + { + "refsource": "MISC", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08" } ] }, diff --git a/2022/36xxx/CVE-2022-36831.json b/2022/36xxx/CVE-2022-36831.json index cf927f4f50b..76862f1e358 100644 --- a/2022/36xxx/CVE-2022-36831.json +++ b/2022/36xxx/CVE-2022-36831.json @@ -74,6 +74,11 @@ "refsource": "MISC", "url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08", "name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08" + }, + { + "refsource": "MISC", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08" } ] }, diff --git a/2022/36xxx/CVE-2022-36832.json b/2022/36xxx/CVE-2022-36832.json index de1121d3589..29bd5c2efd7 100644 --- a/2022/36xxx/CVE-2022-36832.json +++ b/2022/36xxx/CVE-2022-36832.json @@ -74,6 +74,11 @@ "refsource": "MISC", "url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08", "name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08" + }, + { + "refsource": "MISC", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08" } ] }, diff --git a/2022/36xxx/CVE-2022-36833.json b/2022/36xxx/CVE-2022-36833.json index 05837553071..009d6160ded 100644 --- a/2022/36xxx/CVE-2022-36833.json +++ b/2022/36xxx/CVE-2022-36833.json @@ -74,6 +74,11 @@ "refsource": "MISC", "url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08", "name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08" + }, + { + "refsource": "MISC", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08" } ] }, diff --git a/2022/36xxx/CVE-2022-36834.json b/2022/36xxx/CVE-2022-36834.json index 2d420ce8d13..cfd47bb036b 100644 --- a/2022/36xxx/CVE-2022-36834.json +++ b/2022/36xxx/CVE-2022-36834.json @@ -74,6 +74,11 @@ "refsource": "MISC", "url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08", "name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08" + }, + { + "refsource": "MISC", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08" } ] }, diff --git a/2022/36xxx/CVE-2022-36835.json b/2022/36xxx/CVE-2022-36835.json index 915134abb03..2f95bddf8f7 100644 --- a/2022/36xxx/CVE-2022-36835.json +++ b/2022/36xxx/CVE-2022-36835.json @@ -74,6 +74,11 @@ "refsource": "MISC", "url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08", "name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08" + }, + { + "refsource": "MISC", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08" } ] }, diff --git a/2022/36xxx/CVE-2022-36836.json b/2022/36xxx/CVE-2022-36836.json index 487f23ebbff..7a3a5c9412d 100644 --- a/2022/36xxx/CVE-2022-36836.json +++ b/2022/36xxx/CVE-2022-36836.json @@ -74,6 +74,11 @@ "refsource": "MISC", "url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08", "name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08" + }, + { + "refsource": "MISC", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08" } ] }, diff --git a/2022/36xxx/CVE-2022-36837.json b/2022/36xxx/CVE-2022-36837.json index 9a4ccd4cf50..f778a7f2e89 100644 --- a/2022/36xxx/CVE-2022-36837.json +++ b/2022/36xxx/CVE-2022-36837.json @@ -74,6 +74,11 @@ "refsource": "MISC", "url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08", "name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08" + }, + { + "refsource": "MISC", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08" } ] }, diff --git a/2022/36xxx/CVE-2022-36838.json b/2022/36xxx/CVE-2022-36838.json index c5a2f795ea6..c14a1d18fb2 100644 --- a/2022/36xxx/CVE-2022-36838.json +++ b/2022/36xxx/CVE-2022-36838.json @@ -74,6 +74,11 @@ "refsource": "MISC", "url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08", "name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08" + }, + { + "refsource": "MISC", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08" } ] }, diff --git a/2022/36xxx/CVE-2022-36839.json b/2022/36xxx/CVE-2022-36839.json index b11603a74ea..65b4ece19dd 100644 --- a/2022/36xxx/CVE-2022-36839.json +++ b/2022/36xxx/CVE-2022-36839.json @@ -74,6 +74,11 @@ "refsource": "MISC", "url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08", "name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08" + }, + { + "refsource": "MISC", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08" } ] }, diff --git a/2022/36xxx/CVE-2022-36840.json b/2022/36xxx/CVE-2022-36840.json index cb0ddb123c5..bf39ecd5ea8 100644 --- a/2022/36xxx/CVE-2022-36840.json +++ b/2022/36xxx/CVE-2022-36840.json @@ -74,6 +74,11 @@ "refsource": "MISC", "url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08", "name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08" + }, + { + "refsource": "MISC", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08" } ] }, diff --git a/2022/3xxx/CVE-2022-3212.json b/2022/3xxx/CVE-2022-3212.json index 5badce95e61..e582a6362cb 100644 --- a/2022/3xxx/CVE-2022-3212.json +++ b/2022/3xxx/CVE-2022-3212.json @@ -1,91 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-3212", - "ASSIGNER": "security@jfrog.com", - "TITLE": "DoS in axum-core due to missing request size limit", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "tokio-rs", - "product": { - "product_data": [ - { - "product_name": "axum-core", - "version": { - "version_data": [ - { - "version_name": "", - "version_affected": "<", - "version_value": "0.2.8", - "platform": "" - }, - { - "version_name": "", - "version_affected": "=", - "version_value": "0.3.0-rc.1", - "platform": "" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3212", + "ASSIGNER": "security@jfrog.com", + "TITLE": "DoS in axum-core due to missing request size limit", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "tokio-rs", + "product": { + "product_data": [ + { + "product_name": "axum-core", + "version": { + "version_data": [ + { + "version_name": "", + "version_affected": "<", + "version_value": "0.2.8", + "platform": "" + }, + { + "version_name": "", + "version_affected": "=", + "version_value": "0.3.0-rc.1", + "platform": "" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-770 Allocation of Resources Without Limits or Throttling" - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-770 Allocation of Resources Without Limits or Throttling" + } + ] + } ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "::from_request would not, by default, set a limit for the size of the request body. That meant if a malicious peer would send a very large (or infinite) body your server might run out of memory and crash.\nThis also applies to these extractors which used Bytes::from_request internally:\naxum::extract::Form\naxum::extract::Json\nString" - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://research.jfrog.com/vulnerabilities/axum-core-dos/" - }, - { - "refsource": "CONFIRM", - "url": "https://rustsec.org/advisories/RUSTSEC-2022-0055.html" - } - ] - }, - "impact": { - "cvss": { - "version": "3.1", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "availabilityImpact": "HIGH", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "baseScore": 7.5, - "baseSeverity": "HIGH" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "::from_request would not, by default, set a limit for the size of the request body. That meant if a malicious peer would send a very large (or infinite) body your server might run out of memory and crash. This also applies to these extractors which used Bytes::from_request internally: axum::extract::Form axum::extract::Json String" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://research.jfrog.com/vulnerabilities/axum-core-dos/", + "name": "https://research.jfrog.com/vulnerabilities/axum-core-dos/" + }, + { + "refsource": "MISC", + "url": "https://rustsec.org/advisories/RUSTSEC-2022-0055.html", + "name": "https://rustsec.org/advisories/RUSTSEC-2022-0055.html" + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH" + } } - } } \ No newline at end of file