An automatic update to version 6.2.21.155 fixes the issue.
" + } + ], + "value": "An automatic update to version 6.2.21.155 fixes the issue.\n\n" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + ] } } \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3671.json b/2021/3xxx/CVE-2021-3671.json index 8f1734c48af6..11d848841dd9 100644 --- a/2021/3xxx/CVE-2021-3671.json +++ b/2021/3xxx/CVE-2021-3671.json @@ -68,6 +68,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20221126 [SECURITY] [DLA 3206-1] heimdal security update", "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221215-0002/", + "url": "https://security.netapp.com/advisory/ntap-20221215-0002/" } ] }, diff --git a/2021/3xxx/CVE-2021-3759.json b/2021/3xxx/CVE-2021-3759.json index c4341143f770..5bfd89ce1bcc 100644 --- a/2021/3xxx/CVE-2021-3759.json +++ b/2021/3xxx/CVE-2021-3759.json @@ -58,6 +58,11 @@ "refsource": "MISC", "name": "https://lore.kernel.org/linux-mm/1626333284-1404-1-git-send-email-nglaive@gmail.com/", "url": "https://lore.kernel.org/linux-mm/1626333284-1404-1-git-send-email-nglaive@gmail.com/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html" } ] }, diff --git a/2021/3xxx/CVE-2021-3966.json b/2021/3xxx/CVE-2021-3966.json index c0125653cca9..081f6040059e 100644 --- a/2021/3xxx/CVE-2021-3966.json +++ b/2021/3xxx/CVE-2021-3966.json @@ -4,15 +4,82 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3966", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnerabilities@zephyrproject.org", + "DATE_PUBLIC": "2022-02-16T00:00:00.000Z", + "STATE": "PUBLIC", + "TITLE": "Usb bluetooth device ACL read cb buffer overflow" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "zephyrproject-rtos", + "product": { + "product_data": [ + { + "product_name": "zephyr", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "v3.0" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "usb device bluetooth class includes a buffer overflow related to implementation of net_buf_add_mem." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H", + "attackVector": "Adjacent", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseSeverity": "CRITICAL" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap-based Buffer Overflow (CWE-122)" + } + ] } ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hfxq-3w6x-fv2m", + "refsource": "MISC", + "name": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hfxq-3w6x-fv2m" + } + ] + }, + "source": { + "defect": [ + "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hfxq-3w6x-fv2m" + ] } -} \ No newline at end of file +} diff --git a/2021/40xxx/CVE-2021-40341.json b/2021/40xxx/CVE-2021-40341.json index 5bb426b5d098..64d8549d64b0 100644 --- a/2021/40xxx/CVE-2021-40341.json +++ b/2021/40xxx/CVE-2021-40341.json @@ -1,17 +1,186 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-40341", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@hitachienergy.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt user credentials used to access the Network Elements. Successful exploitation allows sensitive information to be decrypted easily. This issue affects * FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; * UNEM product: UNEM R16A, UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C. List of CPEs: * cpe:2.3:a:hitachienergy:foxman-un:R16A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R16A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-326 Inadequate Encryption Strength", + "cweId": "CWE-326" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hitachi Energy", + "product": { + "product_data": [ + { + "product_name": "FOXMAN-UN", + "version": { + "version_data": [ + { + "version_value": "FOXMAN-UN R16A", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R15B", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R15A", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R14B", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R14A", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R11B", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R11A", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R10C", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R9C", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "UNEM", + "version": { + "version_data": [ + { + "version_value": "UNEM R16A", + "version_affected": "=" + }, + { + "version_value": "UNEM R15B", + "version_affected": "=" + }, + { + "version_value": "UNEM R15A", + "version_affected": "=" + }, + { + "version_value": "UNEM R14B", + "version_affected": "=" + }, + { + "version_value": "UNEM R14A", + "version_affected": "=" + }, + { + "version_value": "UNEM R11B", + "version_affected": "=" + }, + { + "version_value": "UNEM R11A", + "version_affected": "=" + }, + { + "version_value": "UNEM R10C", + "version_affected": "=" + }, + { + "version_value": "UNEM R9C", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch", + "refsource": "MISC", + "name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch" + }, + { + "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084&LanguageCode=en&DocumentPartId=&Action=Launch", + "refsource": "MISC", + "name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084&LanguageCode=en&DocumentPartId=&Action=Launch" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\n\nThe vulnerabilities are partially remediated in FOXMAN-UN R16A or UNEM R16A, the full remediation will be done in the upcoming release (planned).\nDisable internet-facing NTLM endpoints, e.g. internal_windows_authentication, to avoid domain enumeration.
" + } + ] } ], "solution": [ { "lang": "en", - "value": "Update Qlik Sense Enterprise on Windows to version 14.44.0 or higher." + "value": "Update Qlik Sense Enterprise on Windows to version 14.44.0 or higher.\n\n", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "Update Qlik Sense Enterprise on Windows to version 14.44.0 or higher.
" + } + ] } ], "credits": [ @@ -99,18 +113,18 @@ "impact": { "cvss": [ { - "attackComplexity": "LOW", + "version": "3.1", "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 5.3, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "NONE", + "attackComplexity": "LOW", "privilegesRequired": "NONE", - "scope": "UNCHANGED", "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "version": "3.1" + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseSeverity": "MEDIUM", + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ] } diff --git a/2022/0xxx/CVE-2022-0566.json b/2022/0xxx/CVE-2022-0566.json index 5bb707791f91..ec9b3a5b09ee 100644 --- a/2022/0xxx/CVE-2022-0566.json +++ b/2022/0xxx/CVE-2022-0566.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-0566", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91.6.1", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Crafted email could trigger an out-of-bounds write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-07/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-07/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1753094", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1753094" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "It may be possible for an attacker to craft an email message that causes Thunderbird to perform an out-of-bounds write of one byte when processing the message. This vulnerability affects Thunderbird < 91.6.1." } ] } diff --git a/2022/0xxx/CVE-2022-0668.json b/2022/0xxx/CVE-2022-0668.json index c099d2b493e6..6f7f19e19c23 100644 --- a/2022/0xxx/CVE-2022-0668.json +++ b/2022/0xxx/CVE-2022-0668.json @@ -1,18 +1,87 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-0668", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-0668", + "ASSIGNER": "security@jfrog.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "JFrog", + "product": { + "product_data": [ + { + "product_name": "JFrog Artifactory", + "version": { + "version_data": [ + { + "version_name": "JFrog Artifactory versions before 7.x", + "version_affected": "<", + "version_value": "7.37.13", + "platform": "" + }, + { + "version_name": "JFrog Artifactory versions before 6.x", + "version_affected": "<", + "version_value": "6.23.41", + "platform": "" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-274 Improper Handling of Insufficient Privileges" + } ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially crafted request is sent by an unauthenticated user." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.jfrog.com/confluence/display/JFROG/CVE-2022-0668%3A+Artifactory+Authentication+Bypass", + "name": "https://www.jfrog.com/confluence/display/JFROG/CVE-2022-0668%3A+Artifactory+Authentication+Bypass" + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" } -} \ No newline at end of file + } +} diff --git a/2022/0xxx/CVE-2022-0730.json b/2022/0xxx/CVE-2022-0730.json index eb2a875a1ec4..9446f20ff7a6 100644 --- a/2022/0xxx/CVE-2022-0730.json +++ b/2022/0xxx/CVE-2022-0730.json @@ -73,6 +73,11 @@ "refsource": "DEBIAN", "name": "DSA-5298", "url": "https://www.debian.org/security/2022/dsa-5298" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221231 [SECURITY] [DLA 3252-1] cacti security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00039.html" } ] }, diff --git a/2022/0xxx/CVE-2022-0801.json b/2022/0xxx/CVE-2022-0801.json index b3a1482b35c5..a929307305fc 100644 --- a/2022/0xxx/CVE-2022-0801.json +++ b/2022/0xxx/CVE-2022-0801.json @@ -1,17 +1,67 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-0801", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass XSS preventions via a crafted HTML page. (Chrome security severity: Medium)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "99.0.4844.51", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html" + }, + { + "url": "https://crbug.com/1231037", + "refsource": "MISC", + "name": "https://crbug.com/1231037" } ] } diff --git a/2022/0xxx/CVE-2022-0843.json b/2022/0xxx/CVE-2022-0843.json index 0758a17d6302..4c9cd20b1338 100644 --- a/2022/0xxx/CVE-2022-0843.json +++ b/2022/0xxx/CVE-2022-0843.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-0843", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "98", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory safety bugs fixed in Firefox 98" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-10/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-10/" + }, + { + "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1746523%2C1749062%2C1749164%2C1749214%2C1749610%2C1750032%2C1752100%2C1752405%2C1753612%2C1754508", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1746523%2C1749062%2C1749164%2C1749214%2C1749610%2C1750032%2C1752100%2C1752405%2C1753612%2C1754508" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup reported memory safety bugs present in Firefox 97. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 98." } ] } diff --git a/2022/0xxx/CVE-2022-0865.json b/2022/0xxx/CVE-2022-0865.json index 9e2d8a0fe448..cc43baa46f8a 100644 --- a/2022/0xxx/CVE-2022-0865.json +++ b/2022/0xxx/CVE-2022-0865.json @@ -78,6 +78,11 @@ "refsource": "GENTOO", "name": "GLSA-202210-10", "url": "https://security.gentoo.org/glsa/202210-10" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221228-0008/", + "url": "https://security.netapp.com/advisory/ntap-20221228-0008/" } ] }, diff --git a/2022/0xxx/CVE-2022-0891.json b/2022/0xxx/CVE-2022-0891.json index ef8c5ea46fd9..b3e86ba9d824 100644 --- a/2022/0xxx/CVE-2022-0891.json +++ b/2022/0xxx/CVE-2022-0891.json @@ -83,6 +83,11 @@ "refsource": "GENTOO", "name": "GLSA-202210-10", "url": "https://security.gentoo.org/glsa/202210-10" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221228-0008/", + "url": "https://security.netapp.com/advisory/ntap-20221228-0008/" } ] }, diff --git a/2022/0xxx/CVE-2022-0918.json b/2022/0xxx/CVE-2022-0918.json index 928621b29282..8176d375b56c 100644 --- a/2022/0xxx/CVE-2022-0918.json +++ b/2022/0xxx/CVE-2022-0918.json @@ -1,12 +1,32 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-0918", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Uncontrolled Resource Consumption" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -19,7 +39,8 @@ "version": { "version_data": [ { - "version_value": "1.4" + "version_value": "1.4", + "version_affected": "=" } ] } @@ -30,38 +51,29 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Uncontrolled Resource Consumption" - } - ] - } - ] - }, "references": { "reference_data": [ { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055815", "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2055815", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055815" + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2055815" }, { + "url": "https://access.redhat.com/security/cve/CVE-2022-0918", "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2022-0918", - "url": "https://access.redhat.com/security/cve/CVE-2022-0918" - } - ] - }, - "description": { - "description_data": [ + "name": "https://access.redhat.com/security/cve/CVE-2022-0918" + }, { - "lang": "eng", - "value": "A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing." + "url": "https://github.com/389ds/389-ds-base/issues/5242", + "refsource": "MISC", + "name": "https://github.com/389ds/389-ds-base/issues/5242" } ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1056.json b/2022/1xxx/CVE-2022-1056.json index 4408b665efcc..3ec188cf3feb 100644 --- a/2022/1xxx/CVE-2022-1056.json +++ b/2022/1xxx/CVE-2022-1056.json @@ -63,6 +63,11 @@ "refsource": "GENTOO", "name": "GLSA-202210-10", "url": "https://security.gentoo.org/glsa/202210-10" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221228-0008/", + "url": "https://security.netapp.com/advisory/ntap-20221228-0008/" } ] }, diff --git a/2022/1xxx/CVE-2022-1097.json b/2022/1xxx/CVE-2022-1097.json index 235ec9f67a1f..6611d358a6dd 100644 --- a/2022/1xxx/CVE-2022-1097.json +++ b/2022/1xxx/CVE-2022-1097.json @@ -4,14 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-1097", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91.8", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "99", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "91.8", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free in NSSToken objects" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-13/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-13/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-14/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-14/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-15/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-15/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1745667", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1745667" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NSSToken
objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8."
}
]
}
diff --git a/2022/1xxx/CVE-2022-1101.json b/2022/1xxx/CVE-2022-1101.json
index 7409570f51a3..512b60ac9d53 100644
--- a/2022/1xxx/CVE-2022-1101.json
+++ b/2022/1xxx/CVE-2022-1101.json
@@ -1,17 +1,100 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1101",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@vuldb.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability was found in SourceCodester Royale Event Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /royal_event/userregister.php. The manipulation leads to improper authentication. The attack may be initiated remotely. The identifier VDB-195785 was assigned to this vulnerability."
+ },
+ {
+ "lang": "deu",
+ "value": "Eine Schwachstelle wurde in SourceCodester Royale Event Management System 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Davon betroffen ist unbekannter Code der Datei /royal_event/userregister.php. Durch das Manipulieren mit unbekannten Daten kann eine improper authentication-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-287 Improper Authentication",
+ "cweId": "CWE-287"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "SourceCodester",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Royale Event Management System",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "1.0",
+ "version_affected": "="
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://vuldb.com/?id.195785",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?id.195785"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.195785",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?ctiid.195785"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "mrempy (VulDB User)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "baseScore": 7.3,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "HIGH"
+ },
+ {
+ "version": "3.0",
+ "baseScore": 7.3,
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "HIGH"
+ },
+ {
+ "version": "2.0",
+ "baseScore": 7.5,
+ "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+ "baseSeverity": "HIGH"
}
]
}
diff --git a/2022/1xxx/CVE-2022-1102.json b/2022/1xxx/CVE-2022-1102.json
index 2acafbf92db4..3eaa5e21d966 100644
--- a/2022/1xxx/CVE-2022-1102.json
+++ b/2022/1xxx/CVE-2022-1102.json
@@ -1,17 +1,105 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1102",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@vuldb.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability classified as problematic has been found in SourceCodester Royale Event Management System 1.0. Affected is an unknown function of the file /royal_event/companyprofile.php. The manipulation of the argument companyname/regno/companyaddress/companyemail leads to cross site scripting. It is possible to launch the attack remotely. VDB-195786 is the identifier assigned to this vulnerability."
+ },
+ {
+ "lang": "deu",
+ "value": "Es wurde eine problematische Schwachstelle in SourceCodester Royale Event Management System 1.0 entdeckt. Hiervon betroffen ist ein unbekannter Codeblock der Datei /royal_event/companyprofile.php. Durch Manipulieren des Arguments companyname/regno/companyaddress/companyemail mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Cross Site Scripting",
+ "cweId": "CWE-79"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "SourceCodester",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Royale Event Management System",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "1.0",
+ "version_affected": "="
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://vuldb.com/?id.195786",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?id.195786"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.195786",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?ctiid.195786"
+ },
+ {
+ "url": "https://www.sourcecodester.com/php/15238/event-management-system-project-php-source-code.html?",
+ "refsource": "MISC",
+ "name": "https://www.sourcecodester.com/php/15238/event-management-system-project-php-source-code.html?"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "mrempy (VulDB User)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "baseScore": 4.3,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+ "baseSeverity": "MEDIUM"
+ },
+ {
+ "version": "3.0",
+ "baseScore": 4.3,
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+ "baseSeverity": "MEDIUM"
+ },
+ {
+ "version": "2.0",
+ "baseScore": 5,
+ "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
+ "baseSeverity": "MEDIUM"
}
]
}
diff --git a/2022/1xxx/CVE-2022-1196.json b/2022/1xxx/CVE-2022-1196.json
index 431b434fd2ce..215bfddee251 100644
--- a/2022/1xxx/CVE-2022-1196.json
+++ b/2022/1xxx/CVE-2022-1196.json
@@ -4,14 +4,80 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1196",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@mozilla.org",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Mozilla",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Thunderbird",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "91.8",
+ "version_affected": "<"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Firefox ESR",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "91.8",
+ "version_affected": "<"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Use-after-free after VR Process destruction"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.mozilla.org/security/advisories/mfsa2022-14/",
+ "refsource": "MISC",
+ "name": "https://www.mozilla.org/security/advisories/mfsa2022-14/"
+ },
+ {
+ "url": "https://www.mozilla.org/security/advisories/mfsa2022-15/",
+ "refsource": "MISC",
+ "name": "https://www.mozilla.org/security/advisories/mfsa2022-15/"
+ },
+ {
+ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1750679",
+ "refsource": "MISC",
+ "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1750679"
+ }
+ ]
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "After a VR Process is destroyed, a reference to it may have been retained and used, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8 and Firefox ESR < 91.8."
}
]
}
diff --git a/2022/1xxx/CVE-2022-1197.json b/2022/1xxx/CVE-2022-1197.json
index 7ea970a38f77..44ab4378e3a4 100644
--- a/2022/1xxx/CVE-2022-1197.json
+++ b/2022/1xxx/CVE-2022-1197.json
@@ -4,14 +4,64 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1197",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@mozilla.org",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Mozilla",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Thunderbird",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "91.8",
+ "version_affected": "<"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "OpenPGP revocation information was ignored"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.mozilla.org/security/advisories/mfsa2022-15/",
+ "refsource": "MISC",
+ "name": "https://www.mozilla.org/security/advisories/mfsa2022-15/"
+ },
+ {
+ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1754985",
+ "refsource": "MISC",
+ "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1754985"
+ }
+ ]
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "When importing a revoked key that specified key compromise as the revocation reason, Thunderbird did not update the existing copy of the key that was not yet revoked, and the existing key was kept as non-revoked. Revocation statements that used another revocation reason, or that didn't specify a revocation reason, were unaffected. This vulnerability affects Thunderbird < 91.8."
}
]
}
diff --git a/2022/1xxx/CVE-2022-1199.json b/2022/1xxx/CVE-2022-1199.json
index 381bad53d1c8..c69537152fd9 100644
--- a/2022/1xxx/CVE-2022-1199.json
+++ b/2022/1xxx/CVE-2022-1199.json
@@ -73,6 +73,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-1199",
"url": "https://access.redhat.com/security/cve/CVE-2022-1199"
+ },
+ {
+ "refsource": "CONFIRM",
+ "name": "https://security.netapp.com/advisory/ntap-20221228-0006/",
+ "url": "https://security.netapp.com/advisory/ntap-20221228-0006/"
}
]
},
diff --git a/2022/1xxx/CVE-2022-1401.json b/2022/1xxx/CVE-2022-1401.json
index 060381a0d62d..f669947e5a50 100644
--- a/2022/1xxx/CVE-2022-1401.json
+++ b/2022/1xxx/CVE-2022-1401.json
@@ -1,15 +1,38 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "cve-requests@bitdefender.com",
- "DATE_PUBLIC": "2022-08-16T19:00:00.000Z",
"ID": "CVE-2022-1401",
- "STATE": "PUBLIC",
- "TITLE": "Insufficient validation of provided paths in Exago WrImageResource.axd"
+ "ASSIGNER": "cve-requests@bitdefender.com",
+ "STATE": "PUBLIC"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Improper Access Control vulnerability in the /Exago/WrImageResource.adx route as used in Device42 Asset Management Appliance allows an unauthenticated attacker to read sensitive server files with root permissions. This issue affects: Device42 CMDB versions prior to 18.01.00."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-863 Incorrect Authorization",
+ "cweId": "CWE-863"
+ }
+ ]
+ }
+ ]
},
"affects": {
"vendor": {
"vendor_data": [
{
+ "vendor_name": "Device42",
"product": {
"product_data": [
{
@@ -17,95 +40,80 @@
"version": {
"version_data": [
{
- "version_affected": "<",
- "version_value": "18.01.00"
+ "version_value": "unspecified",
+ "version_affected": "="
}
]
}
}
]
- },
- "vendor_name": "Device42"
+ }
}
]
}
},
- "credit": [
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.bitdefender.com/blog/labs/a-red-team-perspective-on-the-device42-asset-management-appliance/",
+ "refsource": "MISC",
+ "name": "https://www.bitdefender.com/blog/labs/a-red-team-perspective-on-the-device42-asset-management-appliance/"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.0.9"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
{
- "lang": "eng",
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "An update to Device42 CMDB version 18.01.00 fixes the issue.
" + } + ], + "value": "An update to Device42 CMDB version 18.01.00 fixes the issue.\n\n" + } + ], + "credits": [ + { + "lang": "en", "value": "\u0218tefania POPESCU - Team Lead, Security @ Bitdefender" }, { - "lang": "eng", + "lang": "en", "value": "Ionu\u021b LALU - Security Engineer @ Bitdefender" }, { - "lang": "eng", + "lang": "en", "value": "Cristian BUZA - Security Engineer @ Bitdefender" }, { - "lang": "eng", + "lang": "en", "value": "Alexandru LAZ\u0102R - Security Researcher @ Bitdefender" } ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Improper Access Control vulnerability in the /Exago/WrImageResource.adx route as used in Device42 Asset Management Appliance allows an unauthenticated attacker to read sensitive server files with root permissions. This issue affects: Device42 CMDB versions prior to 18.01.00." - } - ] - }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, "impact": { - "cvss": { - "attackComplexity": "HIGH", - "attackVector": "ADJACENT_NETWORK", - "availabilityImpact": "NONE", - "baseScore": 6.9, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "HIGH", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ + "cvss": [ { - "description": [ - { - "lang": "eng", - "value": "CWE-284 Improper Access Control" - } - ] + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N", + "version": "3.1" } ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "url": "https://www.bitdefender.com/blog/labs/a-red-team-perspective-on-the-device42-asset-management-appliance/", - "name": "https://www.bitdefender.com/blog/labs/a-red-team-perspective-on-the-device42-asset-management-appliance/" - } - ] - }, - "solution": [ - { - "lang": "eng", - "value": "An update to Device42 CMDB version 18.01.00 fixes the issue." - } - ], - "source": { - "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1471.json b/2022/1xxx/CVE-2022-1471.json index ba06054f09e9..9a81fc1e3551 100644 --- a/2022/1xxx/CVE-2022-1471.json +++ b/2022/1xxx/CVE-2022-1471.json @@ -58,6 +58,21 @@ "url": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2", "refsource": "MISC", "name": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2" + }, + { + "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479", + "refsource": "MISC", + "name": "https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479" + }, + { + "url": "https://github.com/mbechler/marshalsec", + "refsource": "MISC", + "name": "https://github.com/mbechler/marshalsec" + }, + { + "url": "https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true", + "refsource": "MISC", + "name": "https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true" } ] }, diff --git a/2022/1xxx/CVE-2022-1520.json b/2022/1xxx/CVE-2022-1520.json index 0650238fe457..8ea9a999ad93 100644 --- a/2022/1xxx/CVE-2022-1520.json +++ b/2022/1xxx/CVE-2022-1520.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-1520", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91.9", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect security status shown after viewing an attached email" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-18/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-18/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1745019", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1745019" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When viewing an email message A, which contains an attached message B, where B is encrypted or digitally signed or both, Thunderbird may show an incorrect encryption or signature status. After opening and viewing the attached message B, when returning to the display of message A, the message A might be shown with the security status of message B. This vulnerability affects Thunderbird < 91.9." } ] } diff --git a/2022/1xxx/CVE-2022-1529.json b/2022/1xxx/CVE-2022-1529.json index 9ae7eecd80f7..a090076b2d58 100644 --- a/2022/1xxx/CVE-2022-1529.json +++ b/2022/1xxx/CVE-2022-1529.json @@ -4,14 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-1529", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "91.9.1", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "100.0.2", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox for Android", + "version": { + "version_data": [ + { + "version_value": "100.3.0", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91.9.1", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted input used in JavaScript object indexing, leading to prototype pollution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-19/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-19/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1770048", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1770048" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1." } ] } diff --git a/2022/1xxx/CVE-2022-1705.json b/2022/1xxx/CVE-2022-1705.json index defd46e2ac5c..de102ed0b5d1 100644 --- a/2022/1xxx/CVE-2022-1705.json +++ b/2022/1xxx/CVE-2022-1705.json @@ -1,16 +1,37 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@golang.org", "ID": "CVE-2022-1705", + "ASSIGNER": "security@golang.org", "STATE": "PUBLIC" }, - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "Go standard library", "product": { "product_data": [ { @@ -18,47 +39,22 @@ "version": { "version_data": [ { - "version_value": "1.17.12", - "version_affected": "<" + "version_value": "0", + "version_affected": "=" }, { "version_value": "1.18.0", - "version_affected": ">=" - }, - { - "version_value": "1.18.4", - "version_affected": "<" + "version_affected": "=" } ] } } ] - }, - "vendor_name": "Go" + } } ] } }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')" - } - ] - } - ] - }, "references": { "reference_data": [ { @@ -90,17 +86,12 @@ "url": "https://go.dev/cl/410714", "refsource": "MISC", "name": "https://go.dev/cl/410714" - }, - { - "refsource": "FEDORA", - "name": "FEDORA-2022-30c5ed5625", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/" } ] }, - "credit": [ + "credits": [ { - "lang": "eng", + "lang": "en", "value": "Zeyu Zhang (https://www.zeyu2001.com/)" } ] diff --git a/2022/1xxx/CVE-2022-1802.json b/2022/1xxx/CVE-2022-1802.json index d02eb7554be1..23e38705a680 100644 --- a/2022/1xxx/CVE-2022-1802.json +++ b/2022/1xxx/CVE-2022-1802.json @@ -4,14 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-1802", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "91.9.1", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "100.0.2", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox for Android", + "version": { + "version_data": [ + { + "version_value": "100.3.0", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91.9.1", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Prototype pollution in Top-Level Await implementation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-19/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-19/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1770137", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1770137" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1." } ] } diff --git a/2022/1xxx/CVE-2022-1834.json b/2022/1xxx/CVE-2022-1834.json index 223094ac3ab3..f2f57ad17145 100644 --- a/2022/1xxx/CVE-2022-1834.json +++ b/2022/1xxx/CVE-2022-1834.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-1834", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91.10", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Braille space character caused incorrect sender email to be shown for a digitally signed email" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-22/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-22/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1767816", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1767816" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird would have displayed all the spaces. This could have been used by an attacker to send an email message with the attacker's digital signature, that was shown with an arbitrary sender email address chosen by the attacker. If the sender name started with a false email address, followed by many Braille space characters, the attacker's email address was not visible. Because Thunderbird compared the invisible sender address with the signature's email address, if the signing key or certificate was accepted by Thunderbird, the email was shown as having a valid digital signature. This vulnerability affects Thunderbird < 91.10." } ] } diff --git a/2022/1xxx/CVE-2022-1887.json b/2022/1xxx/CVE-2022-1887.json index e7e808314394..35d8fee4cdd8 100644 --- a/2022/1xxx/CVE-2022-1887.json +++ b/2022/1xxx/CVE-2022-1887.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-1887", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox for iOS", + "version": { + "version_data": [ + { + "version_value": "101", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL injection in history tab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-23/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-23/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1767205", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1767205" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The search term could have been specified externally to trigger SQL injection. This vulnerability affects Firefox for iOS < 101." } ] } diff --git a/2022/1xxx/CVE-2022-1941.json b/2022/1xxx/CVE-2022-1941.json index b26a494b2a84..1127296f501d 100644 --- a/2022/1xxx/CVE-2022-1941.json +++ b/2022/1xxx/CVE-2022-1941.json @@ -150,6 +150,11 @@ "refsource": "MLIST", "name": "[oss-security] 20220927 CVE-2022-1941: Protobuf C++, Python DoS", "url": "http://www.openwall.com/lists/oss-security/2022/09/27/1" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-25f35ed634", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBAUKJQL6O4TIWYBENORSY5P43TVB4M3/" } ] }, diff --git a/2022/1xxx/CVE-2022-1958.json b/2022/1xxx/CVE-2022-1958.json index 1dde4ec53b57..6b2055c1fbb9 100644 --- a/2022/1xxx/CVE-2022-1958.json +++ b/2022/1xxx/CVE-2022-1958.json @@ -1,20 +1,42 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-1958", - "TITLE": "FileCloud NTFS access control", - "REQUESTER": "cna@vuldb.com", "ASSIGNER": "cna@vuldb.com", "STATE": "PUBLIC" }, - "generator": "vuldb.com", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as critical has been found in FileCloud. Affected is an unknown function of the component NTFS Handler. The manipulation leads to improper access controls. It is possible to launch the attack remotely. Upgrading to version 21.3.5.18513 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-201960." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in FileCloud entdeckt. Es betrifft eine unbekannte Funktion der Komponente NTFS Handler. Dank der Manipulation mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 21.3.5.18513 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Controls", + "cweId": "CWE-284" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ { - "vendor_name": "", + "vendor_name": "n/a", "product": { "product_data": [ { @@ -22,7 +44,8 @@ "version": { "version_data": [ { - "version_value": "n/a" + "version_value": "n/a", + "version_affected": "=" } ] } @@ -33,34 +56,6 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-284 Improper Access Controls" - } - ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability classified as critical has been found in FileCloud. Affected is the NTFS handler which leads to improper access controls. It is possible to launch the attack remotely but it demands some form of authentication. Upgrading to version 21.3.5.18513 is able to address this issue. It is recommended to upgrade the affected component." - } - ] - }, - "credit": "Andrea Hauser/Ralph Meier", - "impact": { - "cvss": { - "version": "3.1", - "baseScore": "6.3", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" - } - }, "references": { "reference_data": [ { @@ -77,6 +72,37 @@ "url": "https://www.scip.ch/?news.20220615", "refsource": "MISC", "name": "https://www.scip.ch/?news.20220615" + }, + { + "url": "https://vuldb.com/?ctiid.201960", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.201960" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Andrea Hauser" + }, + { + "lang": "en", + "value": "Ralph Meier" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" } ] } diff --git a/2022/1xxx/CVE-2022-1962.json b/2022/1xxx/CVE-2022-1962.json index 951f8693c9be..cbb760b751a3 100644 --- a/2022/1xxx/CVE-2022-1962.json +++ b/2022/1xxx/CVE-2022-1962.json @@ -1,16 +1,37 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@golang.org", "ID": "CVE-2022-1962", + "ASSIGNER": "security@golang.org", "STATE": "PUBLIC" }, - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-674: Uncontrolled Recursion" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "Go standard library", "product": { "product_data": [ { @@ -18,47 +39,22 @@ "version": { "version_data": [ { - "version_value": "1.17.12", - "version_affected": "<" + "version_value": "0", + "version_affected": "=" }, { "version_value": "1.18.0", - "version_affected": ">=" - }, - { - "version_value": "1.18.4", - "version_affected": "<" + "version_affected": "=" } ] } } ] - }, - "vendor_name": "Go" + } } ] } }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-674: Uncontrolled Recursion" - } - ] - } - ] - }, "references": { "reference_data": [ { @@ -85,17 +81,12 @@ "url": "https://go.dev/issue/53616", "refsource": "MISC", "name": "https://go.dev/issue/53616" - }, - { - "refsource": "FEDORA", - "name": "FEDORA-2022-30c5ed5625", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/" } ] }, - "credit": [ + "credits": [ { - "lang": "eng", + "lang": "en", "value": "Juho Nurminen of Mattermost" } ] diff --git a/2022/20xxx/CVE-2022-20199.json b/2022/20xxx/CVE-2022-20199.json index facf07ef098b..97f971a4669d 100644 --- a/2022/20xxx/CVE-2022-20199.json +++ b/2022/20xxx/CVE-2022-20199.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20199", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In multiple locations of NfcService.java, there is a possible disclosure of NFC tags due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-199291025" } ] } diff --git a/2022/20xxx/CVE-2022-20369.json b/2022/20xxx/CVE-2022-20369.json index e87ae4dfd31c..c20e50c5aa06 100644 --- a/2022/20xxx/CVE-2022-20369.json +++ b/2022/20xxx/CVE-2022-20369.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://source.android.com/security/bulletin/pixel/2022-08-01", "url": "https://source.android.com/security/bulletin/pixel/2022-08-01" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" } ] }, diff --git a/2022/20xxx/CVE-2022-20463.json b/2022/20xxx/CVE-2022-20463.json index b309baad48bc..049e0b892e88 100644 --- a/2022/20xxx/CVE-2022-20463.json +++ b/2022/20xxx/CVE-2022-20463.json @@ -4,58 +4,14 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20463", - "ASSIGNER": "security@android.com", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "n/a", - "product": { - "product_data": [ - { - "product_name": "Android", - "version": { - "version_data": [ - { - "version_value": "Android-10 Android-11 Android-12 Android-12L Android-13" - } - ] - } - } - ] - } - } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of privilege" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "name": "https://source.android.com/security/bulletin/2022-11-01", - "url": "https://source.android.com/security/bulletin/2022-11-01" - } - ] + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "In factoryReset of WifiServiceImpl, there is a possible way to preserve WiFi settings due to a logic error in the code. This could lead to a local non-security issue across network factory resets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-231985227" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2022/20xxx/CVE-2022-20503.json b/2022/20xxx/CVE-2022-20503.json index b221d4409614..1c246ffb80f5 100644 --- a/2022/20xxx/CVE-2022-20503.json +++ b/2022/20xxx/CVE-2022-20503.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20503", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In onCreate of WifiDppConfiguratorActivity.java, there is a possible way for a guest user to add a WiFi configuration due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224772890" } ] } diff --git a/2022/20xxx/CVE-2022-20504.json b/2022/20xxx/CVE-2022-20504.json index c2b0b83b8579..300ed1991dc7 100644 --- a/2022/20xxx/CVE-2022-20504.json +++ b/2022/20xxx/CVE-2022-20504.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20504", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In multiple locations of DreamManagerService.java, there is a missing permission check. This could lead to local escalation of privilege and dismissal of system dialogs with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-225878553" } ] } diff --git a/2022/20xxx/CVE-2022-20505.json b/2022/20xxx/CVE-2022-20505.json index 6a780c789678..ef7be7120ff6 100644 --- a/2022/20xxx/CVE-2022-20505.json +++ b/2022/20xxx/CVE-2022-20505.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20505", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitationProduct: AndroidVersions: Android-13Android ID: A-225981754" } ] } diff --git a/2022/20xxx/CVE-2022-20506.json b/2022/20xxx/CVE-2022-20506.json index 065c2310ee24..bf3002b5e30d 100644 --- a/2022/20xxx/CVE-2022-20506.json +++ b/2022/20xxx/CVE-2022-20506.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20506", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In onCreate of WifiDialogActivity.java, there is a missing permission check. This could lead to local escalation of privilege from a guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-226133034" } ] } diff --git a/2022/20xxx/CVE-2022-20507.json b/2022/20xxx/CVE-2022-20507.json index 6719daa83ec0..2bfce179c199 100644 --- a/2022/20xxx/CVE-2022-20507.json +++ b/2022/20xxx/CVE-2022-20507.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20507", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In onMulticastListUpdateNotificationReceived of UwbEventManager.java, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246649179" } ] } diff --git a/2022/20xxx/CVE-2022-20508.json b/2022/20xxx/CVE-2022-20508.json index 35e02dabb1f1..bec355aea8e7 100644 --- a/2022/20xxx/CVE-2022-20508.json +++ b/2022/20xxx/CVE-2022-20508.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20508", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In onAttach of ConfigureWifiSettings.java, there is a possible way for a guest user to change WiFi settings due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-218679614" } ] } diff --git a/2022/20xxx/CVE-2022-20509.json b/2022/20xxx/CVE-2022-20509.json index 05595a90abf7..8247a7229d9b 100644 --- a/2022/20xxx/CVE-2022-20509.json +++ b/2022/20xxx/CVE-2022-20509.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20509", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In mapGrantorDescr of MessageQueueBase.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244713317" } ] } diff --git a/2022/20xxx/CVE-2022-20510.json b/2022/20xxx/CVE-2022-20510.json index 14983dfe6d1f..23f0649dd5ba 100644 --- a/2022/20xxx/CVE-2022-20510.json +++ b/2022/20xxx/CVE-2022-20510.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20510", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In getNearbyNotificationStreamingPolicy of DevicePolicyManagerService.java, there is a possible way to learn about the notification streaming policy of other users due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235822336" } ] } diff --git a/2022/20xxx/CVE-2022-20511.json b/2022/20xxx/CVE-2022-20511.json index 10496a5a628b..ad4ea3811336 100644 --- a/2022/20xxx/CVE-2022-20511.json +++ b/2022/20xxx/CVE-2022-20511.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20511", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In getNearbyAppStreamingPolicy of DevicePolicyManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235821829" } ] } diff --git a/2022/20xxx/CVE-2022-20512.json b/2022/20xxx/CVE-2022-20512.json index 0e8d058fcdbc..66973468dcf5 100644 --- a/2022/20xxx/CVE-2022-20512.json +++ b/2022/20xxx/CVE-2022-20512.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20512", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In navigateUpTo of Task.java, there is a possible way to launch an intent handler with a mismatched intent due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238602879" } ] } diff --git a/2022/20xxx/CVE-2022-20513.json b/2022/20xxx/CVE-2022-20513.json index c3551997d0eb..1f205cb3520c 100644 --- a/2022/20xxx/CVE-2022-20513.json +++ b/2022/20xxx/CVE-2022-20513.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20513", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244569759" } ] } diff --git a/2022/20xxx/CVE-2022-20514.json b/2022/20xxx/CVE-2022-20514.json index db12d8dd8b7c..d8e5e0c588df 100644 --- a/2022/20xxx/CVE-2022-20514.json +++ b/2022/20xxx/CVE-2022-20514.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20514", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In acquireFabricatedOverlayIterator, nextFabricatedOverlayInfos, and releaseFabricatedOverlayIterator of Idmap2Service.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-245727875" } ] } diff --git a/2022/20xxx/CVE-2022-20515.json b/2022/20xxx/CVE-2022-20515.json index d0da9f618207..380fb84957f4 100644 --- a/2022/20xxx/CVE-2022-20515.json +++ b/2022/20xxx/CVE-2022-20515.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20515", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In onPreferenceClick of AccountTypePreferenceLoader.java, there is a possible way to retrieve protected files from the Settings app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-220733496" } ] } diff --git a/2022/20xxx/CVE-2022-20516.json b/2022/20xxx/CVE-2022-20516.json index 44a51c0936b4..82dfe0488160 100644 --- a/2022/20xxx/CVE-2022-20516.json +++ b/2022/20xxx/CVE-2022-20516.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20516", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In rw_t3t_act_handle_check_ndef_rsp of rw_t3t.cc, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224002331" } ] } diff --git a/2022/20xxx/CVE-2022-20517.json b/2022/20xxx/CVE-2022-20517.json index 106a32fe02b0..11c864e20917 100644 --- a/2022/20xxx/CVE-2022-20517.json +++ b/2022/20xxx/CVE-2022-20517.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20517", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In getMessagesByPhoneNumber of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224769956" } ] } diff --git a/2022/20xxx/CVE-2022-20518.json b/2022/20xxx/CVE-2022-20518.json index bfad0933f75a..34ab2512b2e2 100644 --- a/2022/20xxx/CVE-2022-20518.json +++ b/2022/20xxx/CVE-2022-20518.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20518", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In query of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224770203" } ] } diff --git a/2022/20xxx/CVE-2022-20519.json b/2022/20xxx/CVE-2022-20519.json index ee91f8bf8d8b..40ec019b503b 100644 --- a/2022/20xxx/CVE-2022-20519.json +++ b/2022/20xxx/CVE-2022-20519.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20519", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In onCreate of AddAppNetworksActivity.java, there is a possible way for a guest user to configure WiFi networks due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224772678" } ] } diff --git a/2022/20xxx/CVE-2022-20520.json b/2022/20xxx/CVE-2022-20520.json index f3c1abc8af6a..80e1ec7ee9e0 100644 --- a/2022/20xxx/CVE-2022-20520.json +++ b/2022/20xxx/CVE-2022-20520.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20520", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In onCreate of various files, there is a possible tapjacking/overlay attack. This could lead to local escalation of privilege or denial of server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227203202" } ] } diff --git a/2022/20xxx/CVE-2022-20521.json b/2022/20xxx/CVE-2022-20521.json index e95913eacdde..77211619f1b7 100644 --- a/2022/20xxx/CVE-2022-20521.json +++ b/2022/20xxx/CVE-2022-20521.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20521", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In sdpu_find_most_specific_service_uuid of sdp_utils.cc, there is a possible way to crash Bluetooth due to a missing null check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227203684" } ] } diff --git a/2022/20xxx/CVE-2022-20522.json b/2022/20xxx/CVE-2022-20522.json index 2800d1110feb..cec72bc3fdd7 100644 --- a/2022/20xxx/CVE-2022-20522.json +++ b/2022/20xxx/CVE-2022-20522.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20522", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In getSlice of ProviderModelSlice.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227470877" } ] } diff --git a/2022/20xxx/CVE-2022-20523.json b/2022/20xxx/CVE-2022-20523.json index d4109e0668de..ed11268d35c5 100644 --- a/2022/20xxx/CVE-2022-20523.json +++ b/2022/20xxx/CVE-2022-20523.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20523", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In IncFs_GetFilledRangesStartingFrom of incfs.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-228222508" } ] } diff --git a/2022/20xxx/CVE-2022-20524.json b/2022/20xxx/CVE-2022-20524.json index e757068f9142..969a75786e5c 100644 --- a/2022/20xxx/CVE-2022-20524.json +++ b/2022/20xxx/CVE-2022-20524.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20524", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In compose of Vibrator.cpp, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-228523213" } ] } diff --git a/2022/20xxx/CVE-2022-20525.json b/2022/20xxx/CVE-2022-20525.json index d1826c72df62..edd9422ee07d 100644 --- a/2022/20xxx/CVE-2022-20525.json +++ b/2022/20xxx/CVE-2022-20525.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20525", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In enforceVisualVoicemailPackage of PhoneInterfaceManager.java, there is a possible leak of visual voicemail package name due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229742768" } ] } diff --git a/2022/20xxx/CVE-2022-20526.json b/2022/20xxx/CVE-2022-20526.json index 0a2412848c0f..379d18c46e56 100644 --- a/2022/20xxx/CVE-2022-20526.json +++ b/2022/20xxx/CVE-2022-20526.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20526", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In CanvasContext::draw of CanvasContext.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229742774" } ] } diff --git a/2022/20xxx/CVE-2022-20527.json b/2022/20xxx/CVE-2022-20527.json index 8dd3a3a527c1..3ceece1e250f 100644 --- a/2022/20xxx/CVE-2022-20527.json +++ b/2022/20xxx/CVE-2022-20527.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20527", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In HalCoreCallback of halcore.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure from the NFC firmware with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229994861" } ] } diff --git a/2022/20xxx/CVE-2022-20528.json b/2022/20xxx/CVE-2022-20528.json index dd9f629e43ae..308655e6bfae 100644 --- a/2022/20xxx/CVE-2022-20528.json +++ b/2022/20xxx/CVE-2022-20528.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20528", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In findParam of HevcUtils.cpp there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-230172711" } ] } diff --git a/2022/20xxx/CVE-2022-20529.json b/2022/20xxx/CVE-2022-20529.json index 278e1473658c..1c5a9ff4e35a 100644 --- a/2022/20xxx/CVE-2022-20529.json +++ b/2022/20xxx/CVE-2022-20529.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20529", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In multiple locations of WifiDialogActivity.java, there is a possible limited lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege in wifi settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231583603" } ] } diff --git a/2022/20xxx/CVE-2022-20530.json b/2022/20xxx/CVE-2022-20530.json index 88981f10d01e..8c3d63f0eb44 100644 --- a/2022/20xxx/CVE-2022-20530.json +++ b/2022/20xxx/CVE-2022-20530.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20530", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In strings.xml, there is a possible permission bypass due to a misleading string. This could lead to remote information disclosure of call logs with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231585645" } ] } diff --git a/2022/20xxx/CVE-2022-20531.json b/2022/20xxx/CVE-2022-20531.json index 648245cc6656..d16f65abed15 100644 --- a/2022/20xxx/CVE-2022-20531.json +++ b/2022/20xxx/CVE-2022-20531.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-20531", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2022/20xxx/CVE-2022-20533.json b/2022/20xxx/CVE-2022-20533.json index 63c0e0d242ea..6d3b01db2b26 100644 --- a/2022/20xxx/CVE-2022-20533.json +++ b/2022/20xxx/CVE-2022-20533.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20533", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In getSlice of WifiSlice.java, there is a possible way to connect a new WiFi network from the guest mode due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-232798363" } ] } diff --git a/2022/20xxx/CVE-2022-20535.json b/2022/20xxx/CVE-2022-20535.json index 766ef50a295f..ae2e13007d3d 100644 --- a/2022/20xxx/CVE-2022-20535.json +++ b/2022/20xxx/CVE-2022-20535.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20535", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In registerLocalOnlyHotspotSoftApCallback of WifiManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-233605242" } ] } diff --git a/2022/20xxx/CVE-2022-20536.json b/2022/20xxx/CVE-2022-20536.json index ff16d33a1659..7c791fe65a4e 100644 --- a/2022/20xxx/CVE-2022-20536.json +++ b/2022/20xxx/CVE-2022-20536.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20536", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In registerBroadcastReceiver of RcsService.java, there is a possible way to change preferred TTY mode due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235100180" } ] } diff --git a/2022/20xxx/CVE-2022-20537.json b/2022/20xxx/CVE-2022-20537.json index ef2bdd57f494..4e282d7602d6 100644 --- a/2022/20xxx/CVE-2022-20537.json +++ b/2022/20xxx/CVE-2022-20537.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20537", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In createDialog of WifiScanModeActivity.java, there is a possible way for a Guest user to enable location-sensitive settings due to a missing permission check. This could lead to local escalation of privilege from the Guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235601169" } ] } diff --git a/2022/20xxx/CVE-2022-20538.json b/2022/20xxx/CVE-2022-20538.json index d95630f06755..e6f591196102 100644 --- a/2022/20xxx/CVE-2022-20538.json +++ b/2022/20xxx/CVE-2022-20538.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20538", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In getSmsRoleHolder of RoleService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235601770" } ] } diff --git a/2022/20xxx/CVE-2022-20539.json b/2022/20xxx/CVE-2022-20539.json index 09d1cfbf1676..57c9e651ab4e 100644 --- a/2022/20xxx/CVE-2022-20539.json +++ b/2022/20xxx/CVE-2022-20539.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20539", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In parameterToHal of Effect.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the audio server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-237291425" } ] } diff --git a/2022/20xxx/CVE-2022-20540.json b/2022/20xxx/CVE-2022-20540.json index 3402ef73d8a6..a731d1c013e3 100644 --- a/2022/20xxx/CVE-2022-20540.json +++ b/2022/20xxx/CVE-2022-20540.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20540", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In SurfaceFlinger::doDump of SurfaceFlinger.cpp, there is possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-237291506" } ] } diff --git a/2022/20xxx/CVE-2022-20541.json b/2022/20xxx/CVE-2022-20541.json index 533892bd39c7..4071edbaa543 100644 --- a/2022/20xxx/CVE-2022-20541.json +++ b/2022/20xxx/CVE-2022-20541.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20541", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In phNxpNciHal_ioctl of phNxpNciHal.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238083126" } ] } diff --git a/2022/20xxx/CVE-2022-20543.json b/2022/20xxx/CVE-2022-20543.json index c9939fc22b6b..0b4e987d7c5d 100644 --- a/2022/20xxx/CVE-2022-20543.json +++ b/2022/20xxx/CVE-2022-20543.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20543", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In multiple locations, there is a possible display crash loop due to improper input validation. This could lead to local denial of service with system execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238178261" } ] } diff --git a/2022/20xxx/CVE-2022-20544.json b/2022/20xxx/CVE-2022-20544.json index 01046048c8c3..469970bda5ad 100644 --- a/2022/20xxx/CVE-2022-20544.json +++ b/2022/20xxx/CVE-2022-20544.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20544", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In onOptionsItemSelected of ManageApplications.java, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238745070" } ] } diff --git a/2022/20xxx/CVE-2022-20545.json b/2022/20xxx/CVE-2022-20545.json index 799934207314..10fbc9aee85f 100644 --- a/2022/20xxx/CVE-2022-20545.json +++ b/2022/20xxx/CVE-2022-20545.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20545", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In bindArtworkAndColors of MediaControlPanel.java, there is a possible way to crash the phone due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-239368697" } ] } diff --git a/2022/20xxx/CVE-2022-20546.json b/2022/20xxx/CVE-2022-20546.json index 4f9c304d3386..850c267a23c4 100644 --- a/2022/20xxx/CVE-2022-20546.json +++ b/2022/20xxx/CVE-2022-20546.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20546", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In getCurrentConfigImpl of Effect.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240266798" } ] } diff --git a/2022/20xxx/CVE-2022-20547.json b/2022/20xxx/CVE-2022-20547.json index f0c7714222a9..aaab0475ac44 100644 --- a/2022/20xxx/CVE-2022-20547.json +++ b/2022/20xxx/CVE-2022-20547.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20547", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In multiple functions of AdapterService.java, there is a possible way to manipulate Bluetooth state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240301753" } ] } diff --git a/2022/20xxx/CVE-2022-20548.json b/2022/20xxx/CVE-2022-20548.json index d920a4bdc078..c6538d696a99 100644 --- a/2022/20xxx/CVE-2022-20548.json +++ b/2022/20xxx/CVE-2022-20548.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20548", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In setParameter of EqualizerEffect.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240919398" } ] } diff --git a/2022/20xxx/CVE-2022-20549.json b/2022/20xxx/CVE-2022-20549.json index f91516993cb8..f04ebd2967a5 100644 --- a/2022/20xxx/CVE-2022-20549.json +++ b/2022/20xxx/CVE-2022-20549.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20549", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In authToken2AidlVec of KeyMintUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242702451" } ] } diff --git a/2022/20xxx/CVE-2022-20550.json b/2022/20xxx/CVE-2022-20550.json index 89d2a96e8b2a..2874953be807 100644 --- a/2022/20xxx/CVE-2022-20550.json +++ b/2022/20xxx/CVE-2022-20550.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20550", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Multiple Locations, there is a possibility to launch arbitrary protected activities due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242845514" } ] } diff --git a/2022/20xxx/CVE-2022-20552.json b/2022/20xxx/CVE-2022-20552.json index 828e0efc85d8..76e1b469b2c5 100644 --- a/2022/20xxx/CVE-2022-20552.json +++ b/2022/20xxx/CVE-2022-20552.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20552", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In btif_a2dp_sink_command_ready of btif_a2dp_sink.cc, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-243922806" } ] } diff --git a/2022/20xxx/CVE-2022-20553.json b/2022/20xxx/CVE-2022-20553.json index d517a661985a..8aea6a1feed7 100644 --- a/2022/20xxx/CVE-2022-20553.json +++ b/2022/20xxx/CVE-2022-20553.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20553", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In onCreate of LogAccessDialogActivity.java, there is a possible way to bypass a permission check due to a tapjacking/overlay attack. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244155265" } ] } diff --git a/2022/20xxx/CVE-2022-20554.json b/2022/20xxx/CVE-2022-20554.json index c55257780bc2..d9b266d05988 100644 --- a/2022/20xxx/CVE-2022-20554.json +++ b/2022/20xxx/CVE-2022-20554.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20554", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In removeEventHubDevice of InputDevice.cpp, there is a possible OOB read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-245770596" } ] } diff --git a/2022/20xxx/CVE-2022-20555.json b/2022/20xxx/CVE-2022-20555.json index 699481646a52..d3d84bb03b9a 100644 --- a/2022/20xxx/CVE-2022-20555.json +++ b/2022/20xxx/CVE-2022-20555.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20555", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ufdt_get_node_by_path_len of ufdt_convert.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246194233" } ] } diff --git a/2022/20xxx/CVE-2022-20556.json b/2022/20xxx/CVE-2022-20556.json index ce351507ca3e..52f32c5181ec 100644 --- a/2022/20xxx/CVE-2022-20556.json +++ b/2022/20xxx/CVE-2022-20556.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20556", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In launchConfigNewNetworkFragment of NetworkProviderSettings.java, there is a possible way for the guest user to add a new WiFi network due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246301667" } ] } diff --git a/2022/20xxx/CVE-2022-20557.json b/2022/20xxx/CVE-2022-20557.json index ceba525347f5..53583fe7ebb5 100644 --- a/2022/20xxx/CVE-2022-20557.json +++ b/2022/20xxx/CVE-2022-20557.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20557", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In MessageQueueBase of MessageQueueBase.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-247092734" } ] } diff --git a/2022/20xxx/CVE-2022-20558.json b/2022/20xxx/CVE-2022-20558.json index 69faf4e6fc52..a3d5b67c1bf2 100644 --- a/2022/20xxx/CVE-2022-20558.json +++ b/2022/20xxx/CVE-2022-20558.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20558", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In registerReceivers of DeviceCapabilityListener.java, there is a possible way to change preferred TTY mode due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-236264289" } ] } diff --git a/2022/20xxx/CVE-2022-20559.json b/2022/20xxx/CVE-2022-20559.json index 89850280fdf3..80c5bfba62ce 100644 --- a/2022/20xxx/CVE-2022-20559.json +++ b/2022/20xxx/CVE-2022-20559.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20559", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In revokeOwnPermissionsOnKill of PermissionManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-219739967" } ] } diff --git a/2022/20xxx/CVE-2022-20560.json b/2022/20xxx/CVE-2022-20560.json index ede84ad64db1..655990471742 100644 --- a/2022/20xxx/CVE-2022-20560.json +++ b/2022/20xxx/CVE-2022-20560.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20560", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Product: AndroidVersions: Android kernelAndroid ID: A-212623833References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20561.json b/2022/20xxx/CVE-2022-20561.json index 2a4d9a7edbe9..87664ef9fde9 100644 --- a/2022/20xxx/CVE-2022-20561.json +++ b/2022/20xxx/CVE-2022-20561.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20561", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In TBD of aud_hal_tunnel.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222162870References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20562.json b/2022/20xxx/CVE-2022-20562.json index 66b0ff1754bd..55b507c035f3 100644 --- a/2022/20xxx/CVE-2022-20562.json +++ b/2022/20xxx/CVE-2022-20562.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20562", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In various functions of ap_input_processor.c, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-231630423References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20563.json b/2022/20xxx/CVE-2022-20563.json index b06a1d9a6e78..9c1dd85057fa 100644 --- a/2022/20xxx/CVE-2022-20563.json +++ b/2022/20xxx/CVE-2022-20563.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20563", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In TBD of ufdt_convert, there is a possible out of bounds read due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242067561References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20564.json b/2022/20xxx/CVE-2022-20564.json index c367225ca1cc..a67dd8b84cb3 100644 --- a/2022/20xxx/CVE-2022-20564.json +++ b/2022/20xxx/CVE-2022-20564.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20564", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In _ufdt_output_strtab_to_fdt of ufdt_convert.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243798789References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20566.json b/2022/20xxx/CVE-2022-20566.json index f4d9dcd5ee44..02066f425567 100644 --- a/2022/20xxx/CVE-2022-20566.json +++ b/2022/20xxx/CVE-2022-20566.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20566", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In l2cap_chan_put of l2cap_core, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-165329981References: Upstream kernel" } ] } diff --git a/2022/20xxx/CVE-2022-20567.json b/2022/20xxx/CVE-2022-20567.json index 07cc70b9458e..1643a184e1cc 100644 --- a/2022/20xxx/CVE-2022-20567.json +++ b/2022/20xxx/CVE-2022-20567.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20567", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In pppol2tp_create of l2tp_ppp.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-186777253References: Upstream kernel" } ] } diff --git a/2022/20xxx/CVE-2022-20568.json b/2022/20xxx/CVE-2022-20568.json index d3f42e35d747..749aacb521fd 100644 --- a/2022/20xxx/CVE-2022-20568.json +++ b/2022/20xxx/CVE-2022-20568.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20568", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In (TBD) of (TBD), there is a possible way to corrupt kernel memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-220738351References: Upstream kernel" } ] } diff --git a/2022/20xxx/CVE-2022-20569.json b/2022/20xxx/CVE-2022-20569.json index f45b488d2520..74e522a8fc5a 100644 --- a/2022/20xxx/CVE-2022-20569.json +++ b/2022/20xxx/CVE-2022-20569.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20569", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In thermal_cooling_device_stats_update of thermal_sysfs.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-229258234References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20570.json b/2022/20xxx/CVE-2022-20570.json index a515ccc0d5ef..8a626da06815 100644 --- a/2022/20xxx/CVE-2022-20570.json +++ b/2022/20xxx/CVE-2022-20570.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20570", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Product: AndroidVersions: Android kernelAndroid ID: A-230660904References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20571.json b/2022/20xxx/CVE-2022-20571.json index 56c47c7c1597..9a74483354db 100644 --- a/2022/20xxx/CVE-2022-20571.json +++ b/2022/20xxx/CVE-2022-20571.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20571", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In extract_metadata of dm-android-verity.c, there is a possible way to corrupt kernel memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234030265References: Upstream kernel" } ] } diff --git a/2022/20xxx/CVE-2022-20572.json b/2022/20xxx/CVE-2022-20572.json index aa6217307a57..b68131a9d84f 100644 --- a/2022/20xxx/CVE-2022-20572.json +++ b/2022/20xxx/CVE-2022-20572.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20572", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234475629References: Upstream kernel" } ] } diff --git a/2022/20xxx/CVE-2022-20574.json b/2022/20xxx/CVE-2022-20574.json index bb28fe065794..fb9757db29eb 100644 --- a/2022/20xxx/CVE-2022-20574.json +++ b/2022/20xxx/CVE-2022-20574.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20574", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In sec_sysmmu_info of drm_fw.c, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237582191References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20575.json b/2022/20xxx/CVE-2022-20575.json index 0168e263c5bc..2f115c1830b3 100644 --- a/2022/20xxx/CVE-2022-20575.json +++ b/2022/20xxx/CVE-2022-20575.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20575", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In read_ppmpu_info of drm_fw.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237585040References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20576.json b/2022/20xxx/CVE-2022-20576.json index 7b98fbbe64ff..5648effb8d0c 100644 --- a/2022/20xxx/CVE-2022-20576.json +++ b/2022/20xxx/CVE-2022-20576.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20576", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In externalOnRequest of rilapplication.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239701761References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20577.json b/2022/20xxx/CVE-2022-20577.json index 591ae942687f..0c2b2269cd7a 100644 --- a/2022/20xxx/CVE-2022-20577.json +++ b/2022/20xxx/CVE-2022-20577.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20577", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In OemSimAuthRequest::encode of wlandata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241762281References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20578.json b/2022/20xxx/CVE-2022-20578.json index 51e32a22b4b4..f8b4f3f67de0 100644 --- a/2022/20xxx/CVE-2022-20578.json +++ b/2022/20xxx/CVE-2022-20578.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20578", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In RadioImpl::setGsmBroadcastConfig of ril_service_legacy.cpp, there is a possible stack clash leading to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243509749References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20579.json b/2022/20xxx/CVE-2022-20579.json index 8ad2c3f657b7..6a9beda40510 100644 --- a/2022/20xxx/CVE-2022-20579.json +++ b/2022/20xxx/CVE-2022-20579.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20579", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In RadioImpl::setCdmaBroadcastConfig of ril_service_legacy.cpp, there is a possible stack clash leading to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243510139References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20580.json b/2022/20xxx/CVE-2022-20580.json index cab9782135bd..fa1b3e932dd0 100644 --- a/2022/20xxx/CVE-2022-20580.json +++ b/2022/20xxx/CVE-2022-20580.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20580", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ufdt_do_one_fixup of ufdt_overlay.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243629453References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20581.json b/2022/20xxx/CVE-2022-20581.json index d7db286a42c5..4b50632abe0f 100644 --- a/2022/20xxx/CVE-2022-20581.json +++ b/2022/20xxx/CVE-2022-20581.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20581", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Pixel camera driver, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-245916120References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20582.json b/2022/20xxx/CVE-2022-20582.json index 23af71b4b80c..c8c94c6178bc 100644 --- a/2022/20xxx/CVE-2022-20582.json +++ b/2022/20xxx/CVE-2022-20582.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20582", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ppmp_unprotect_mfcfw_buf of drm_fw.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-233645166References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20583.json b/2022/20xxx/CVE-2022-20583.json index 091d6f2de479..d1e096335293 100644 --- a/2022/20xxx/CVE-2022-20583.json +++ b/2022/20xxx/CVE-2022-20583.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20583", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ppmp_unprotect_mfcfw_buf of drm_fw.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege in S-EL1 with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234859169References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20584.json b/2022/20xxx/CVE-2022-20584.json index bdf733b249e2..7f8709e7988d 100644 --- a/2022/20xxx/CVE-2022-20584.json +++ b/2022/20xxx/CVE-2022-20584.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20584", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In page_number of shared_mem.c, there is a possible code execution in secure world due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238366009References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20585.json b/2022/20xxx/CVE-2022-20585.json index 778f9a145c50..52c282bfde85 100644 --- a/2022/20xxx/CVE-2022-20585.json +++ b/2022/20xxx/CVE-2022-20585.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20585", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In valid_out_of_special_sec_dram_addr of drm_access_control.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238716781References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20586.json b/2022/20xxx/CVE-2022-20586.json index 0e0e9b8c68f9..2e0ec4a31d9c 100644 --- a/2022/20xxx/CVE-2022-20586.json +++ b/2022/20xxx/CVE-2022-20586.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20586", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In valid_out_of_special_sec_dram_addr of drm_access_control.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238718854References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20587.json b/2022/20xxx/CVE-2022-20587.json index 8352fcd06402..e6c517cc0cc6 100644 --- a/2022/20xxx/CVE-2022-20587.json +++ b/2022/20xxx/CVE-2022-20587.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20587", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ppmp_validate_wsm of drm_fw.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238720411References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20588.json b/2022/20xxx/CVE-2022-20588.json index 809ac326dcaf..75f1577817b4 100644 --- a/2022/20xxx/CVE-2022-20588.json +++ b/2022/20xxx/CVE-2022-20588.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20588", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In sysmmu_map of sysmmu.c, there is a possible EoP due to a precondition check failure. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238785915References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20589.json b/2022/20xxx/CVE-2022-20589.json index d3436c32eba6..2665bc3cc23a 100644 --- a/2022/20xxx/CVE-2022-20589.json +++ b/2022/20xxx/CVE-2022-20589.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20589", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In valid_va_secbuf_check of drm_access_control.c, there is a possible ID due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238841928References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20590.json b/2022/20xxx/CVE-2022-20590.json index 83bdfb4f57c0..44960824924f 100644 --- a/2022/20xxx/CVE-2022-20590.json +++ b/2022/20xxx/CVE-2022-20590.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20590", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In valid_va_sec_mfc_check of drm_access_control.c, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238932493References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20591.json b/2022/20xxx/CVE-2022-20591.json index 610e7c367e69..33dc861d6a47 100644 --- a/2022/20xxx/CVE-2022-20591.json +++ b/2022/20xxx/CVE-2022-20591.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20591", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ppmpu_set of ppmpu.c, there is a possible information disclosure due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238939706References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20592.json b/2022/20xxx/CVE-2022-20592.json index 705f667842e3..f9d122beee0c 100644 --- a/2022/20xxx/CVE-2022-20592.json +++ b/2022/20xxx/CVE-2022-20592.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20592", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ppmp_validate_secbuf of drm_fw.c, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238976908References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20593.json b/2022/20xxx/CVE-2022-20593.json index dd7d18c2f152..ed77c14bcbfc 100644 --- a/2022/20xxx/CVE-2022-20593.json +++ b/2022/20xxx/CVE-2022-20593.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20593", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In pop_descriptor_string of BufferDescriptor.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239415809References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20594.json b/2022/20xxx/CVE-2022-20594.json index 40ed80b08240..448f76dfbf16 100644 --- a/2022/20xxx/CVE-2022-20594.json +++ b/2022/20xxx/CVE-2022-20594.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20594", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In updateStart of WirelessCharger.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239567689References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20595.json b/2022/20xxx/CVE-2022-20595.json index 1bb27f6481c9..a9a07bf24ed6 100644 --- a/2022/20xxx/CVE-2022-20595.json +++ b/2022/20xxx/CVE-2022-20595.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20595", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In getWpcAuthChallengeResponse of WirelessCharger.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239700137References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20596.json b/2022/20xxx/CVE-2022-20596.json index e859f47e9763..fc4dc4c8ae98 100644 --- a/2022/20xxx/CVE-2022-20596.json +++ b/2022/20xxx/CVE-2022-20596.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20596", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In sendChunk of WirelessCharger.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239700400References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20597.json b/2022/20xxx/CVE-2022-20597.json index 2c15b2e1ce32..3496e661881e 100644 --- a/2022/20xxx/CVE-2022-20597.json +++ b/2022/20xxx/CVE-2022-20597.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20597", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ppmpu_set of ppmpu.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243480506References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20598.json b/2022/20xxx/CVE-2022-20598.json index 89bb859a843d..0fae34f7de72 100644 --- a/2022/20xxx/CVE-2022-20598.json +++ b/2022/20xxx/CVE-2022-20598.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20598", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In sec_media_protect of media.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege of secure mode MFC Core with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242357514References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20599.json b/2022/20xxx/CVE-2022-20599.json index 7d58cccd8a97..aea479238d84 100644 --- a/2022/20xxx/CVE-2022-20599.json +++ b/2022/20xxx/CVE-2022-20599.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20599", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Pixel firmware, there is a possible exposure of sensitive memory due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242332706References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20600.json b/2022/20xxx/CVE-2022-20600.json index 95d7cf5b14cd..ee6268d86b35 100644 --- a/2022/20xxx/CVE-2022-20600.json +++ b/2022/20xxx/CVE-2022-20600.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20600", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In TBD of TBD, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239847859References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20601.json b/2022/20xxx/CVE-2022-20601.json index 2f45f24726ad..aaac3fa47829 100644 --- a/2022/20xxx/CVE-2022-20601.json +++ b/2022/20xxx/CVE-2022-20601.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20601", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Product: AndroidVersions: Android kernelAndroid ID: A-204541506References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20602.json b/2022/20xxx/CVE-2022-20602.json index 3801696ce301..7bf7e8025182 100644 --- a/2022/20xxx/CVE-2022-20602.json +++ b/2022/20xxx/CVE-2022-20602.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20602", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Product: AndroidVersions: Android kernelAndroid ID: A-211081867References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20603.json b/2022/20xxx/CVE-2022-20603.json index 8d0a9a7bd3ac..604c16bfb0e3 100644 --- a/2022/20xxx/CVE-2022-20603.json +++ b/2022/20xxx/CVE-2022-20603.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20603", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In SetDecompContextDb of RohcDeCompContextOfRbId.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-219265339References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20604.json b/2022/20xxx/CVE-2022-20604.json index e7f1b638ccda..70f3b1b70913 100644 --- a/2022/20xxx/CVE-2022-20604.json +++ b/2022/20xxx/CVE-2022-20604.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20604", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In SAECOMM_SetDcnIdForPlmn of SAECOMM_DbManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure from a single device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-230463606References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20605.json b/2022/20xxx/CVE-2022-20605.json index 778ef3fc53a2..19486453bbec 100644 --- a/2022/20xxx/CVE-2022-20605.json +++ b/2022/20xxx/CVE-2022-20605.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20605", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In SAECOMM_CopyBufferBytes of SAECOMM_Utility.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-231722405References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20606.json b/2022/20xxx/CVE-2022-20606.json index f14681471238..61832dfd1016 100644 --- a/2022/20xxx/CVE-2022-20606.json +++ b/2022/20xxx/CVE-2022-20606.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20606", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In SAEMM_MiningCodecTableWithMsgIE of SAEMM_RadioMessageCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-233230674References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20607.json b/2022/20xxx/CVE-2022-20607.json index 550afa9c7dc8..b49df5ff5c30 100644 --- a/2022/20xxx/CVE-2022-20607.json +++ b/2022/20xxx/CVE-2022-20607.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20607", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Pixel cellular firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with LTE authentication needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238914868References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20608.json b/2022/20xxx/CVE-2022-20608.json index 473596cf3778..3e176670f02a 100644 --- a/2022/20xxx/CVE-2022-20608.json +++ b/2022/20xxx/CVE-2022-20608.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20608", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Pixel cellular firmware, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239239246References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20609.json b/2022/20xxx/CVE-2022-20609.json index 0009a1ba965a..ceaf43f0bda9 100644 --- a/2022/20xxx/CVE-2022-20609.json +++ b/2022/20xxx/CVE-2022-20609.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20609", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Pixel cellular firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239240808References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20610.json b/2022/20xxx/CVE-2022-20610.json index 89715c784b05..44bc7097e74c 100644 --- a/2022/20xxx/CVE-2022-20610.json +++ b/2022/20xxx/CVE-2022-20610.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20610", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In cellular modem firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to remote code execution with LTE authentication needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-240462530References: N/A" } ] } diff --git a/2022/21xxx/CVE-2022-21620.json b/2022/21xxx/CVE-2022-21620.json index 64eb43b5f2cd..5107dbfa362d 100644 --- a/2022/21xxx/CVE-2022-21620.json +++ b/2022/21xxx/CVE-2022-21620.json @@ -64,6 +64,11 @@ "url": "https://www.oracle.com/security-alerts/cpuoct2022.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuoct2022.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-03", + "url": "https://security.gentoo.org/glsa/202212-03" } ] } diff --git a/2022/21xxx/CVE-2022-21621.json b/2022/21xxx/CVE-2022-21621.json index 66e54816e11f..c784faafada6 100644 --- a/2022/21xxx/CVE-2022-21621.json +++ b/2022/21xxx/CVE-2022-21621.json @@ -64,6 +64,11 @@ "url": "https://www.oracle.com/security-alerts/cpuoct2022.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuoct2022.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-03", + "url": "https://security.gentoo.org/glsa/202212-03" } ] } diff --git a/2022/21xxx/CVE-2022-21627.json b/2022/21xxx/CVE-2022-21627.json index aecaf8ea7f35..e05fc624c0fe 100644 --- a/2022/21xxx/CVE-2022-21627.json +++ b/2022/21xxx/CVE-2022-21627.json @@ -64,6 +64,11 @@ "url": "https://www.oracle.com/security-alerts/cpuoct2022.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuoct2022.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-03", + "url": "https://security.gentoo.org/glsa/202212-03" } ] } diff --git a/2022/21xxx/CVE-2022-21712.json b/2022/21xxx/CVE-2022-21712.json index 6bcb6e043045..06e89495d864 100644 --- a/2022/21xxx/CVE-2022-21712.json +++ b/2022/21xxx/CVE-2022-21712.json @@ -98,6 +98,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-9a489fa494", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202301-02", + "url": "https://security.gentoo.org/glsa/202301-02" } ] }, diff --git a/2022/21xxx/CVE-2022-21716.json b/2022/21xxx/CVE-2022-21716.json index ab0a115f7ad4..5ccbbb3363d0 100644 --- a/2022/21xxx/CVE-2022-21716.json +++ b/2022/21xxx/CVE-2022-21716.json @@ -108,6 +108,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-9a489fa494", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202301-02", + "url": "https://security.gentoo.org/glsa/202301-02" } ] }, diff --git a/2022/22xxx/CVE-2022-22063.json b/2022/22xxx/CVE-2022-22063.json index 3533062333a4..45258a83d4cb 100644 --- a/2022/22xxx/CVE-2022-22063.json +++ b/2022/22xxx/CVE-2022-22063.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22063", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@qualcomm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Memory corruption in Core due to improper configuration in boot remapper." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Qualcomm, Inc.", + "product": { + "product_data": [ + { + "product_name": "Snapdragon", + "version": { + "version_data": [ + { + "version_value": "APQ8096AU", + "version_affected": "=" + }, + { + "version_value": "MDM9640", + "version_affected": "=" + }, + { + "version_value": "MDM9645", + "version_affected": "=" + }, + { + "version_value": "QCA6174", + "version_affected": "=" + }, + { + "version_value": "QCA6174A", + "version_affected": "=" + }, + { + "version_value": "QCA6574A", + "version_affected": "=" + }, + { + "version_value": "QCA6574AU", + "version_affected": "=" + }, + { + "version_value": "WCN3990", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin", + "refsource": "MISC", + "name": "https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2022/22xxx/CVE-2022-22079.json b/2022/22xxx/CVE-2022-22079.json index 2d941cf1bb13..77a5b98bcf3c 100644 --- a/2022/22xxx/CVE-2022-22079.json +++ b/2022/22xxx/CVE-2022-22079.json @@ -1,17 +1,260 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22079", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@qualcomm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Denial of service while processing fastboot flash command on mmc due to buffer over read" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Qualcomm, Inc.", + "product": { + "product_data": [ + { + "product_name": "Snapdragon", + "version": { + "version_data": [ + { + "version_value": "APQ8009", + "version_affected": "=" + }, + { + "version_value": "APQ8009W", + "version_affected": "=" + }, + { + "version_value": "APQ8064AU", + "version_affected": "=" + }, + { + "version_value": "APQ8096AU", + "version_affected": "=" + }, + { + "version_value": "MDM9150", + "version_affected": "=" + }, + { + "version_value": "MDM9250", + "version_affected": "=" + }, + { + "version_value": "MDM9628", + "version_affected": "=" + }, + { + "version_value": "MDM9650", + "version_affected": "=" + }, + { + "version_value": "MSM8108", + "version_affected": "=" + }, + { + "version_value": "MSM8208", + "version_affected": "=" + }, + { + "version_value": "MSM8209", + "version_affected": "=" + }, + { + "version_value": "MSM8608", + "version_affected": "=" + }, + { + "version_value": "MSM8909W", + "version_affected": "=" + }, + { + "version_value": "MSM8996AU", + "version_affected": "=" + }, + { + "version_value": "QCA4020", + "version_affected": "=" + }, + { + "version_value": "QCA6174A", + "version_affected": "=" + }, + { + "version_value": "QCA6564A", + "version_affected": "=" + }, + { + "version_value": "QCA6564AU", + "version_affected": "=" + }, + { + "version_value": "QCA6574", + "version_affected": "=" + }, + { + "version_value": "QCA6574A", + "version_affected": "=" + }, + { + "version_value": "QCA6574AU", + "version_affected": "=" + }, + { + "version_value": "QCA6584AU", + "version_affected": "=" + }, + { + "version_value": "QCA9377", + "version_affected": "=" + }, + { + "version_value": "QCA9379", + "version_affected": "=" + }, + { + "version_value": "Qualcomm215", + "version_affected": "=" + }, + { + "version_value": "SD210", + "version_affected": "=" + }, + { + "version_value": "SD429", + "version_affected": "=" + }, + { + "version_value": "SD625", + "version_affected": "=" + }, + { + "version_value": "SD626", + "version_affected": "=" + }, + { + "version_value": "SD835", + "version_affected": "=" + }, + { + "version_value": "SDA429W", + "version_affected": "=" + }, + { + "version_value": "SDM429W", + "version_affected": "=" + }, + { + "version_value": "SDW2500", + "version_affected": "=" + }, + { + "version_value": "SDX20", + "version_affected": "=" + }, + { + "version_value": "SDX20M", + "version_affected": "=" + }, + { + "version_value": "WCD9326", + "version_affected": "=" + }, + { + "version_value": "WCD9335", + "version_affected": "=" + }, + { + "version_value": "WCN3610", + "version_affected": "=" + }, + { + "version_value": "WCN3615", + "version_affected": "=" + }, + { + "version_value": "WCN3620", + "version_affected": "=" + }, + { + "version_value": "WCN3660B", + "version_affected": "=" + }, + { + "version_value": "WCN3680", + "version_affected": "=" + }, + { + "version_value": "WCN3680B", + "version_affected": "=" + }, + { + "version_value": "WCN3980", + "version_affected": "=" + }, + { + "version_value": "WCN3990", + "version_affected": "=" + }, + { + "version_value": "WSA8815", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin", + "refsource": "MISC", + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "PHYSICAL", + "availabilityImpact": "HIGH", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2022/22xxx/CVE-2022-22088.json b/2022/22xxx/CVE-2022-22088.json index 65c2c2dcfcee..4739b5fad0f2 100644 --- a/2022/22xxx/CVE-2022-22088.json +++ b/2022/22xxx/CVE-2022-22088.json @@ -1,17 +1,676 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22088", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@qualcomm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Memory corruption in Bluetooth HOST due to buffer overflow while parsing the command response received from remote" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Qualcomm, Inc.", + "product": { + "product_data": [ + { + "product_name": "Snapdragon", + "version": { + "version_data": [ + { + "version_value": "APQ8009", + "version_affected": "=" + }, + { + "version_value": "APQ8009W", + "version_affected": "=" + }, + { + "version_value": "APQ8052", + "version_affected": "=" + }, + { + "version_value": "APQ8056", + "version_affected": "=" + }, + { + "version_value": "APQ8076", + "version_affected": "=" + }, + { + "version_value": "APQ8096AU", + "version_affected": "=" + }, + { + "version_value": "AQT1000", + "version_affected": "=" + }, + { + "version_value": "AR8031", + "version_affected": "=" + }, + { + "version_value": "CSRA6620", + "version_affected": "=" + }, + { + "version_value": "CSRA6640", + "version_affected": "=" + }, + { + "version_value": "MSM8108", + "version_affected": "=" + }, + { + "version_value": "MSM8208", + "version_affected": "=" + }, + { + "version_value": "MSM8209", + "version_affected": "=" + }, + { + "version_value": "MSM8608", + "version_affected": "=" + }, + { + "version_value": "MSM8909W", + "version_affected": "=" + }, + { + "version_value": "MSM8952", + "version_affected": "=" + }, + { + "version_value": "MSM8956", + "version_affected": "=" + }, + { + "version_value": "MSM8976", + "version_affected": "=" + }, + { + "version_value": "MSM8976SG", + "version_affected": "=" + }, + { + "version_value": "MSM8996AU", + "version_affected": "=" + }, + { + "version_value": "QCA6310", + "version_affected": "=" + }, + { + "version_value": "QCA6320", + "version_affected": "=" + }, + { + "version_value": "QCA6335", + "version_affected": "=" + }, + { + "version_value": "QCA6390", + "version_affected": "=" + }, + { + "version_value": "QCA6391", + "version_affected": "=" + }, + { + "version_value": "QCA6420", + "version_affected": "=" + }, + { + "version_value": "QCA6421", + "version_affected": "=" + }, + { + "version_value": "QCA6426", + "version_affected": "=" + }, + { + "version_value": "QCA6430", + "version_affected": "=" + }, + { + "version_value": "QCA6431", + "version_affected": "=" + }, + { + "version_value": "QCA6436", + "version_affected": "=" + }, + { + "version_value": "QCA6564A", + "version_affected": "=" + }, + { + "version_value": "QCA6564AU", + "version_affected": "=" + }, + { + "version_value": "QCA6574", + "version_affected": "=" + }, + { + "version_value": "QCA6574A", + "version_affected": "=" + }, + { + "version_value": "QCA6574AU", + "version_affected": "=" + }, + { + "version_value": "QCA6584AU", + "version_affected": "=" + }, + { + "version_value": "QCA6595AU", + "version_affected": "=" + }, + { + "version_value": "QCA6696", + "version_affected": "=" + }, + { + "version_value": "QCC5100", + "version_affected": "=" + }, + { + "version_value": "QCM2290", + "version_affected": "=" + }, + { + "version_value": "QCM4290", + "version_affected": "=" + }, + { + "version_value": "QCM6125", + "version_affected": "=" + }, + { + "version_value": "QCM6490", + "version_affected": "=" + }, + { + "version_value": "QCN7606", + "version_affected": "=" + }, + { + "version_value": "QCN9011", + "version_affected": "=" + }, + { + "version_value": "QCN9012", + "version_affected": "=" + }, + { + "version_value": "QCN9074", + "version_affected": "=" + }, + { + "version_value": "QCS2290", + "version_affected": "=" + }, + { + "version_value": "QCS405", + "version_affected": "=" + }, + { + "version_value": "QCS410", + "version_affected": "=" + }, + { + "version_value": "QCS4290", + "version_affected": "=" + }, + { + "version_value": "QCS610", + "version_affected": "=" + }, + { + "version_value": "QCS6125", + "version_affected": "=" + }, + { + "version_value": "QCS6490", + "version_affected": "=" + }, + { + "version_value": "QRB5165", + "version_affected": "=" + }, + { + "version_value": "QRB5165M", + "version_affected": "=" + }, + { + "version_value": "QRB5165N", + "version_affected": "=" + }, + { + "version_value": "Qualcomm215", + "version_affected": "=" + }, + { + "version_value": "SA6145P", + "version_affected": "=" + }, + { + "version_value": "SA6150P", + "version_affected": "=" + }, + { + "version_value": "SA6155", + "version_affected": "=" + }, + { + "version_value": "SA6155P", + "version_affected": "=" + }, + { + "version_value": "SA8145P", + "version_affected": "=" + }, + { + "version_value": "SA8150P", + "version_affected": "=" + }, + { + "version_value": "SA8155", + "version_affected": "=" + }, + { + "version_value": "SA8155P", + "version_affected": "=" + }, + { + "version_value": "SA8195P", + "version_affected": "=" + }, + { + "version_value": "SD 675", + "version_affected": "=" + }, + { + "version_value": "SD 8 Gen1 5G", + "version_affected": "=" + }, + { + "version_value": "SD205", + "version_affected": "=" + }, + { + "version_value": "SD210", + "version_affected": "=" + }, + { + "version_value": "SD429", + "version_affected": "=" + }, + { + "version_value": "SD460", + "version_affected": "=" + }, + { + "version_value": "SD480", + "version_affected": "=" + }, + { + "version_value": "SD625", + "version_affected": "=" + }, + { + "version_value": "SD626", + "version_affected": "=" + }, + { + "version_value": "SD660", + "version_affected": "=" + }, + { + "version_value": "SD662", + "version_affected": "=" + }, + { + "version_value": "SD665", + "version_affected": "=" + }, + { + "version_value": "SD675", + "version_affected": "=" + }, + { + "version_value": "SD678", + "version_affected": "=" + }, + { + "version_value": "SD680", + "version_affected": "=" + }, + { + "version_value": "SD690 5G", + "version_affected": "=" + }, + { + "version_value": "SD695", + "version_affected": "=" + }, + { + "version_value": "SD720G", + "version_affected": "=" + }, + { + "version_value": "SD730", + "version_affected": "=" + }, + { + "version_value": "SD750G", + "version_affected": "=" + }, + { + "version_value": "SD765", + "version_affected": "=" + }, + { + "version_value": "SD765G", + "version_affected": "=" + }, + { + "version_value": "SD768G", + "version_affected": "=" + }, + { + "version_value": "SD778G", + "version_affected": "=" + }, + { + "version_value": "SD780G", + "version_affected": "=" + }, + { + "version_value": "SD835", + "version_affected": "=" + }, + { + "version_value": "SD845", + "version_affected": "=" + }, + { + "version_value": "SD855", + "version_affected": "=" + }, + { + "version_value": "SD865 5G", + "version_affected": "=" + }, + { + "version_value": "SD870", + "version_affected": "=" + }, + { + "version_value": "SD888", + "version_affected": "=" + }, + { + "version_value": "SD888 5G", + "version_affected": "=" + }, + { + "version_value": "SDM429W", + "version_affected": "=" + }, + { + "version_value": "SDW2500", + "version_affected": "=" + }, + { + "version_value": "SDX50M", + "version_affected": "=" + }, + { + "version_value": "SDX55", + "version_affected": "=" + }, + { + "version_value": "SDX55M", + "version_affected": "=" + }, + { + "version_value": "SDXR1", + "version_affected": "=" + }, + { + "version_value": "SDXR2 5G", + "version_affected": "=" + }, + { + "version_value": "SM4125", + "version_affected": "=" + }, + { + "version_value": "SM4375", + "version_affected": "=" + }, + { + "version_value": "SM6250", + "version_affected": "=" + }, + { + "version_value": "SM6250P", + "version_affected": "=" + }, + { + "version_value": "SM7250P", + "version_affected": "=" + }, + { + "version_value": "SM7315", + "version_affected": "=" + }, + { + "version_value": "SM7325P", + "version_affected": "=" + }, + { + "version_value": "SW5100", + "version_affected": "=" + }, + { + "version_value": "SW5100P", + "version_affected": "=" + }, + { + "version_value": "SXR2150P", + "version_affected": "=" + }, + { + "version_value": "WCD9326", + "version_affected": "=" + }, + { + "version_value": "WCD9335", + "version_affected": "=" + }, + { + "version_value": "WCD9340", + "version_affected": "=" + }, + { + "version_value": "WCD9341", + "version_affected": "=" + }, + { + "version_value": "WCD9370", + "version_affected": "=" + }, + { + "version_value": "WCD9375", + "version_affected": "=" + }, + { + "version_value": "WCD9380", + "version_affected": "=" + }, + { + "version_value": "WCD9385", + "version_affected": "=" + }, + { + "version_value": "WCN3610", + "version_affected": "=" + }, + { + "version_value": "WCN3615", + "version_affected": "=" + }, + { + "version_value": "WCN3620", + "version_affected": "=" + }, + { + "version_value": "WCN3660B", + "version_affected": "=" + }, + { + "version_value": "WCN3680", + "version_affected": "=" + }, + { + "version_value": "WCN3680B", + "version_affected": "=" + }, + { + "version_value": "WCN3910", + "version_affected": "=" + }, + { + "version_value": "WCN3950", + "version_affected": "=" + }, + { + "version_value": "WCN3980", + "version_affected": "=" + }, + { + "version_value": "WCN3988", + "version_affected": "=" + }, + { + "version_value": "WCN3990", + "version_affected": "=" + }, + { + "version_value": "WCN3991", + "version_affected": "=" + }, + { + "version_value": "WCN3998", + "version_affected": "=" + }, + { + "version_value": "WCN6740", + "version_affected": "=" + }, + { + "version_value": "WCN6750", + "version_affected": "=" + }, + { + "version_value": "WCN6850", + "version_affected": "=" + }, + { + "version_value": "WCN6851", + "version_affected": "=" + }, + { + "version_value": "WCN6855", + "version_affected": "=" + }, + { + "version_value": "WCN6856", + "version_affected": "=" + }, + { + "version_value": "WCN7850", + "version_affected": "=" + }, + { + "version_value": "WCN7851", + "version_affected": "=" + }, + { + "version_value": "WSA8810", + "version_affected": "=" + }, + { + "version_value": "WSA8815", + "version_affected": "=" + }, + { + "version_value": "WSA8830", + "version_affected": "=" + }, + { + "version_value": "WSA8835", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin", + "refsource": "MISC", + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2022/22xxx/CVE-2022-22158.json b/2022/22xxx/CVE-2022-22158.json index 62c54b52f1ed..f2e4521d82d2 100644 --- a/2022/22xxx/CVE-2022-22158.json +++ b/2022/22xxx/CVE-2022-22158.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-22158", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2022/22xxx/CVE-2022-22165.json b/2022/22xxx/CVE-2022-22165.json index 65a68fcf607b..e61dba1cbd2b 100644 --- a/2022/22xxx/CVE-2022-22165.json +++ b/2022/22xxx/CVE-2022-22165.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-22165", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2022/22xxx/CVE-2022-22184.json b/2022/22xxx/CVE-2022-22184.json index 6176f2644e5d..e6ff01bd6abb 100644 --- a/2022/22xxx/CVE-2022-22184.json +++ b/2022/22xxx/CVE-2022-22184.json @@ -1,18 +1,138 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2022-12-22T20:00:00.000Z", "ID": "CVE-2022-22184", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Junos OS and Junos OS Evolved: A BGP session will flap upon receipt of a specific, optional transitive attribute in version 22.3R1" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "22.3", + "version_value": "22.3R1-S1" + }, + { + "version_affected": "!<", + "version_value": "22.3R1" + } + ] + } + }, + { + "product_name": "Junos OS Evolved", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "22.3-EVO", + "version_value": "22.3R1-S1-EVO" + }, + { + "version_affected": "!<", + "version_value": "22.3R1-EVO" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). If a BGP update message is received over an established BGP session, and that message contains a specific, optional transitive attribute, this session will be torn down with an update message error. This issue cannot propagate beyond an affected system as the processing error occurs as soon as the update is received. This issue is exploitable remotely as the respective attribute will propagate through unaffected systems and intermediate AS (if any). Continuous receipt of a BGP update containing this attribute will create a sustained Denial of Service (DoS) condition. Since this issue only affects 22.3R1, Juniper strongly encourages customers to move to 22.3R1-S1. Juniper SIRT felt that the need to promptly warn customers about this issue affecting the 22.3R1 versions of Junos OS and Junos OS Evolved warranted an Out of Cycle JSA. This issue affects: Juniper Networks Junos OS version 22.3R1. Juniper Networks Junos OS Evolved version 22.3R1-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 22.3R1. Juniper Networks Junos OS Evolved versions prior to 22.3R1-EVO." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (DoS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA70175", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA70175" } ] - } + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 22.3R1-S1, 22.3R2, 22.4R1, and all subsequent releases;\nJunos OS Evolved: 22.3R1-S1-EVO, 22.3R2-EVO, 22.4R1-EVO, and all subsequent releases." + } + ], + "source": { + "advisory": "JSA70175", + "defect": [ + "1698446" + ], + "discovery": "USER" + }, + "work_around": [ + { + "lang": "eng", + "value": "There are no known workarounds for this issue." + } + ] } \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22199.json b/2022/22xxx/CVE-2022-22199.json index 1cd1fe8987c2..0ca19a8f8e06 100644 --- a/2022/22xxx/CVE-2022-22199.json +++ b/2022/22xxx/CVE-2022-22199.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-22199", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2022/22xxx/CVE-2022-22200.json b/2022/22xxx/CVE-2022-22200.json index 785e820a15ff..b577f99b1c8b 100644 --- a/2022/22xxx/CVE-2022-22200.json +++ b/2022/22xxx/CVE-2022-22200.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-22200", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2022/22xxx/CVE-2022-22337.json b/2022/22xxx/CVE-2022-22337.json index c0267a488210..561ac2cecb9a 100644 --- a/2022/22xxx/CVE-2022-22337.json +++ b/2022/22xxx/CVE-2022-22337.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22337", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could disclose sensitive information to an authenticated user. IBM X-Force ID: 219507." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Sterling B2B Integrator Standard Edition", + "version": { + "version_data": [ + { + "version_value": "6.0.0.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6852459", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/6852459" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/219507", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/219507" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2022/22xxx/CVE-2022-22338.json b/2022/22xxx/CVE-2022-22338.json index 176d21f1c8c7..55cf2a29d7b7 100644 --- a/2022/22xxx/CVE-2022-22338.json +++ b/2022/22xxx/CVE-2022-22338.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22338", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 219510." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Sterling B2B Integrator Standard Edition", + "version": { + "version_data": [ + { + "version_value": "6.0.0.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6852453", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/6852453" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/219510", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/219510" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2022/22xxx/CVE-2022-22352.json b/2022/22xxx/CVE-2022-22352.json index dac2583ca1ca..8f9da383cd37 100644 --- a/2022/22xxx/CVE-2022-22352.json +++ b/2022/22xxx/CVE-2022-22352.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22352", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 220398." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Sterling B2B Integrator Standard Edition", + "version": { + "version_data": [ + { + "version_value": "6.0.0.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6852443", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/6852443" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220398", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220398" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2022/22xxx/CVE-2022-22371.json b/2022/22xxx/CVE-2022-22371.json index 5dd30b384575..ada3f7cc9b68 100644 --- a/2022/22xxx/CVE-2022-22371.json +++ b/2022/22xxx/CVE-2022-22371.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22371", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 221195." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-613 Insufficient Session Expiration", + "cweId": "CWE-613" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Sterling B2B Integrator Standard Edition", + "version": { + "version_data": [ + { + "version_value": "6.0.0.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6852461", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/6852461" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221195", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221195" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2022/22xxx/CVE-2022-22449.json b/2022/22xxx/CVE-2022-22449.json index 471d033fcb1f..eeeafe22a0a7 100644 --- a/2022/22xxx/CVE-2022-22449.json +++ b/2022/22xxx/CVE-2022-22449.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22449", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Security Verify Governance, Identity Manager 10.01 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 224915." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-209 Generation of Error Message Containing Sensitive Information", + "cweId": "CWE-209" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Security Verify Governance, Identity Manager", + "version": { + "version_data": [ + { + "version_value": "10.0.1", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6849247", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/6849247" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/224915", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/224915" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2022/22xxx/CVE-2022-22456.json b/2022/22xxx/CVE-2022-22456.json index 7e041ba9b552..13a495dcfabe 100644 --- a/2022/22xxx/CVE-2022-22456.json +++ b/2022/22xxx/CVE-2022-22456.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22456", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Security Verify Governance, Identity Manager 10.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 225004." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Security Verify Governance, Identity Manager", + "version": { + "version_data": [ + { + "version_value": "10.0.1", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6849247", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/6849247" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225004", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225004" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2022/22xxx/CVE-2022-22457.json b/2022/22xxx/CVE-2022-22457.json index c422b549d80f..5bf78cb99802 100644 --- a/2022/22xxx/CVE-2022-22457.json +++ b/2022/22xxx/CVE-2022-22457.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22457", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Security Verify Governance, Identity Manager 10.0.1 stores sensitive information including user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 225007." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-319 Cleartext Transmission of Sensitive Information", + "cweId": "CWE-319" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Security Verify Governance, Identity Manager", + "version": { + "version_data": [ + { + "version_value": "10.0.1", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6849247", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/6849247" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225007", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225007" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2022/22xxx/CVE-2022-22458.json b/2022/22xxx/CVE-2022-22458.json index bf233083ce12..ae992ed1f183 100644 --- a/2022/22xxx/CVE-2022-22458.json +++ b/2022/22xxx/CVE-2022-22458.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22458", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Security Verify Governance, Identity Manager 10.0.1 stores user credentials in plain clear text which can be read by a remote authenticated user. IBM X-Force ID: 225009." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256 Plaintext Storage of a Password", + "cweId": "CWE-256" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Security Verify Governance, Identity Manager", + "version": { + "version_data": [ + { + "version_value": "10.0.1", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6849247", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/6849247" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225009", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225009" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2022/22xxx/CVE-2022-22461.json b/2022/22xxx/CVE-2022-22461.json index b632f2d07f41..ebe048474c36 100644 --- a/2022/22xxx/CVE-2022-22461.json +++ b/2022/22xxx/CVE-2022-22461.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22461", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Security Verify Governance, Identity Manager 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225007." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm", + "cweId": "CWE-327" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Security Verify Governance, Identity Manager", + "version": { + "version_data": [ + { + "version_value": "10.0.1", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6850845", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/6850845" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225077", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225077" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2022/22xxx/CVE-2022-22470.json b/2022/22xxx/CVE-2022-22470.json index 1aad348541ad..87c7ba224fda 100644 --- a/2022/22xxx/CVE-2022-22470.json +++ b/2022/22xxx/CVE-2022-22470.json @@ -1,17 +1,91 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22470", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Security Verify Governance 10.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225232." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "256 Plaintext Storage of a Password" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Security Verify Governance", + "version": { + "version_data": [ + { + "version_value": "10.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6852697", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/6852697" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225232", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225232" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2022/22xxx/CVE-2022-22576.json b/2022/22xxx/CVE-2022-22576.json index 930b7c664782..a5c1076a6662 100644 --- a/2022/22xxx/CVE-2022-22576.json +++ b/2022/22xxx/CVE-2022-22576.json @@ -63,6 +63,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update", "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-01", + "url": "https://security.gentoo.org/glsa/202212-01" } ] }, diff --git a/2022/22xxx/CVE-2022-22728.json b/2022/22xxx/CVE-2022-22728.json index a6be39fb720e..4f440362e664 100644 --- a/2022/22xxx/CVE-2022-22728.json +++ b/2022/22xxx/CVE-2022-22728.json @@ -96,6 +96,41 @@ "refsource": "FEDORA", "name": "FEDORA-2022-61f5b492b7", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HZZKVHYYWACPWONPEFRNPIRE3HYLV4T/" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221229 Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption", + "url": "http://www.openwall.com/lists/oss-security/2022/12/29/1" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221230 Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption", + "url": "http://www.openwall.com/lists/oss-security/2022/12/30/4" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221231 Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption", + "url": "http://www.openwall.com/lists/oss-security/2022/12/31/1" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221231 Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption", + "url": "http://www.openwall.com/lists/oss-security/2022/12/31/5" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20230102 Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption", + "url": "http://www.openwall.com/lists/oss-security/2023/01/02/1" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20230102 Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption", + "url": "http://www.openwall.com/lists/oss-security/2023/01/02/2" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20230103 Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption", + "url": "http://www.openwall.com/lists/oss-security/2023/01/03/2" } ] }, diff --git a/2022/22xxx/CVE-2022-22736.json b/2022/22xxx/CVE-2022-22736.json index d554623e757f..f9fd3f8848a4 100644 --- a/2022/22xxx/CVE-2022-22736.json +++ b/2022/22xxx/CVE-2022-22736.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22736", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "96", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Potential local privilege escalation when loading modules from the install directory." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-01/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-01/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1742692", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1742692" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "If Firefox was installed to a world-writable directory, a local privilege escalation could occur when Firefox searched the current directory for system libraries. However the install directory is not world-writable by default.\\*
character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this could perform actions on a user's account, similar to a cross-site request forgery attack.allow-scripts
, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6."
}
]
}
diff --git a/2022/22xxx/CVE-2022-22760.json b/2022/22xxx/CVE-2022-22760.json
index 11557a0643aa..74bfc9f43f5b 100644
--- a/2022/22xxx/CVE-2022-22760.json
+++ b/2022/22xxx/CVE-2022-22760.json
@@ -4,14 +4,101 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-22760",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@mozilla.org",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Mozilla",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Firefox",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "97",
+ "version_affected": "<"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Thunderbird",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "91.6",
+ "version_affected": "<"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Firefox ESR",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "91.6",
+ "version_affected": "<"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Cross-Origin responses could be distinguished between script and non-script content-types"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.mozilla.org/security/advisories/mfsa2022-05/",
+ "refsource": "MISC",
+ "name": "https://www.mozilla.org/security/advisories/mfsa2022-05/"
+ },
+ {
+ "url": "https://www.mozilla.org/security/advisories/mfsa2022-04/",
+ "refsource": "MISC",
+ "name": "https://www.mozilla.org/security/advisories/mfsa2022-04/"
+ },
+ {
+ "url": "https://www.mozilla.org/security/advisories/mfsa2022-06/",
+ "refsource": "MISC",
+ "name": "https://www.mozilla.org/security/advisories/mfsa2022-06/"
+ },
+ {
+ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1740985",
+ "refsource": "MISC",
+ "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1740985"
+ },
+ {
+ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1748503",
+ "refsource": "MISC",
+ "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1748503"
+ }
+ ]
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "When importing resources using Web Workers, error messages would distinguish the difference between application/javascript
responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6."
}
]
}
diff --git a/2022/22xxx/CVE-2022-22761.json b/2022/22xxx/CVE-2022-22761.json
index e2395966fd6c..af7044657b52 100644
--- a/2022/22xxx/CVE-2022-22761.json
+++ b/2022/22xxx/CVE-2022-22761.json
@@ -4,14 +4,96 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-22761",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@mozilla.org",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Mozilla",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Firefox",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "97",
+ "version_affected": "<"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Thunderbird",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "91.6",
+ "version_affected": "<"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Firefox ESR",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "91.6",
+ "version_affected": "<"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "frame-ancestors Content Security Policy directive was not enforced for framed extension pages"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.mozilla.org/security/advisories/mfsa2022-05/",
+ "refsource": "MISC",
+ "name": "https://www.mozilla.org/security/advisories/mfsa2022-05/"
+ },
+ {
+ "url": "https://www.mozilla.org/security/advisories/mfsa2022-04/",
+ "refsource": "MISC",
+ "name": "https://www.mozilla.org/security/advisories/mfsa2022-04/"
+ },
+ {
+ "url": "https://www.mozilla.org/security/advisories/mfsa2022-06/",
+ "refsource": "MISC",
+ "name": "https://www.mozilla.org/security/advisories/mfsa2022-06/"
+ },
+ {
+ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1745566",
+ "refsource": "MISC",
+ "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1745566"
+ }
+ ]
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Web-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing the frame-ancestors directive when it was used in the Web Extension's Content Security Policy. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6."
}
]
}
diff --git a/2022/22xxx/CVE-2022-22762.json b/2022/22xxx/CVE-2022-22762.json
index a25d87b1f8ce..f3db98b03c38 100644
--- a/2022/22xxx/CVE-2022-22762.json
+++ b/2022/22xxx/CVE-2022-22762.json
@@ -4,14 +4,64 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-22762",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@mozilla.org",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Mozilla",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Firefox",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "97",
+ "version_affected": "<"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "JavaScript Dialogs could have been displayed over other domains on Firefox for Android"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.mozilla.org/security/advisories/mfsa2022-04/",
+ "refsource": "MISC",
+ "name": "https://www.mozilla.org/security/advisories/mfsa2022-04/"
+ },
+ {
+ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1743931",
+ "refsource": "MISC",
+ "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1743931"
+ }
+ ]
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Under certain circumstances, a JavaScript alert (or prompt) could have been shown while another website was displayed underneath it. This could have been abused to trick the user.